[ovs-discuss] IPsec tunnel - swordfish issue

Mon, 06 Apr 2020 13:22:25 -0700 

Hi,

I've tried to establish ipsec tunnel according to OvS IPsec tutorial. On one 
side of the tunnel i use Fedora 31 OS and StrongSwan IKE daemon.

I am getting strongswan service error:

strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf
   Loaded: loaded (/usr/lib/systemd/system/strongswan.service; disabled; vendor 
preset: disabled)
   Active: inactive (dead)

Apr 06 20:19:49 fedora.wojtek strongswan[3177]: 00[CFG] 
/etc/strongswan/strongswan.d/charon.conf:4: syntax error, unexpected ., 
expecting : or '{' or '=' [.]
Apr 06 20:19:49 fedora.wojtek strongswan[3177]: 00[CFG] invalid config file 
'/etc/strongswan/strongswan.conf'
Apr 06 20:19:49 fedora.wojtek strongswan[3177]: 00[LIB] abort initialization 
due to invalid configuration
Apr 06 20:19:49 fedora.wojtek strongswan[3177]: charon has quit: integrity test 
of libstrongswan failed
Apr 06 20:19:49 fedora.wojtek ipsec_starter[3177]: charon has quit: integrity 
test of libstrongswan failed
Apr 06 20:19:49 fedora.wojtek strongswan[3177]: charon refused to be started
Apr 06 20:19:49 fedora.wojtek ipsec_starter[3177]: charon refused to be started
Apr 06 20:19:49 fedora.wojtek strongswan[3177]: ipsec starter stopped
Apr 06 20:19:49 fedora.wojtek ipsec_starter[3177]: ipsec starter stopped
Apr 06 20:19:49 fedora.wojtek systemd[1]: strongswan.service: Succeeded.


charon.conf:

# Generated by ovs-monitor-ipsec...do not modify by hand!


charon.plugins.kernel-netlink.set_proto_port_transport_sa = yes
charon.plugins.kernel-netlink.xfrm_ack_expires = 10
charon.load_modular = yes
charon.plugins.gcm.load = yes

strongswan.conf:

# strongswan.conf - strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should be made in the included files

charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
    }
}

include strongswan.d/*.conf


OvS:

openvswitch-ipsec.x86_64                                                        
                                         2.12.0-1.fc31
openvswitch.x86_64                                                              
                                            2.12.0-1.fc31

StrongSwan:

strongswan.x86_64                                                               
                                             5.7.2-3.fc31

Is it the StrongSwan service issue ? The tutorial is for fedora 27 and 
StrongSwan (>= v5.3.5).

Best Regards,
Wojtek



_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Reply via email to