On Mon, Apr 6, 2020 at 1:22 PM Majcher Wojciech (STUD)
<[email protected]> wrote:
>
> Hi,
>
> I've tried to establish ipsec tunnel according to OvS IPsec tutorial. On one
> side of the tunnel i use Fedora 31 OS and StrongSwan IKE daemon.
>
> I am getting strongswan service error:
>
> strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf
> Loaded: loaded (/usr/lib/systemd/system/strongswan.service; disabled;
> vendor preset: disabled)
> Active: inactive (dead)
>
> Apr 06 20:19:49 fedora.wojtek strongswan[3177]: 00[CFG]
> /etc/strongswan/strongswan.d/charon.conf:4: syntax error, unexpected .,
> expecting : or '{' or '=' [.]
> Apr 06 20:19:49 fedora.wojtek strongswan[3177]: 00[CFG] invalid config file
> '/etc/strongswan/strongswan.conf'
> Apr 06 20:19:49 fedora.wojtek strongswan[3177]: 00[LIB] abort initialization
> due to invalid configuration
> Apr 06 20:19:49 fedora.wojtek strongswan[3177]: charon has quit: integrity
> test of libstrongswan failed
> Apr 06 20:19:49 fedora.wojtek ipsec_starter[3177]: charon has quit: integrity
> test of libstrongswan failed
> Apr 06 20:19:49 fedora.wojtek strongswan[3177]: charon refused to be started
> Apr 06 20:19:49 fedora.wojtek ipsec_starter[3177]: charon refused to be
> started
> Apr 06 20:19:49 fedora.wojtek strongswan[3177]: ipsec starter stopped
> Apr 06 20:19:49 fedora.wojtek ipsec_starter[3177]: ipsec starter stopped
> Apr 06 20:19:49 fedora.wojtek systemd[1]: strongswan.service: Succeeded.
>
>
> charon.conf:
>
> # Generated by ovs-monitor-ipsec...do not modify by hand!
>
>
> charon.plugins.kernel-netlink.set_proto_port_transport_sa = yes
Is the line line #4 that is causing the issue the one above?
If yes, then I am wondering if that option has been removed
set_proto_port_transport_sa option in later versions. Can you simply
remove it and reload strongswan with "ipsec restart" to see if the
issue went away?
> charon.plugins.kernel-netlink.xfrm_ack_expires = 10
> charon.load_modular = yes
> charon.plugins.gcm.load = yes
>
> strongswan.conf:
>
> # strongswan.conf - strongSwan configuration file
> #
> # Refer to the strongswan.conf(5) manpage for details
> #
> # Configuration changes should be made in the included files
>
> charon {
> load_modular = yes
> plugins {
> include strongswan.d/charon/*.conf
> }
> }
>
> include strongswan.d/*.conf
>
>
> OvS:
>
> openvswitch-ipsec.x86_64
> 2.12.0-1.fc31
> openvswitch.x86_64
> 2.12.0-1.fc31
>
> StrongSwan:
>
> strongswan.x86_64
> 5.7.2-3.fc31
>
> Is it the StrongSwan service issue ? The tutorial is for fedora 27 and
> StrongSwan (>= v5.3.5).
>
> Best Regards,
> Wojtek
>
>
> _______________________________________________
> discuss mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
