[Bug 1309594] Re: kernel-libipsec not loading
Hello Simon, Yes I know the policy module. However I think on OpenVZ, strongswan is unable to forward ipsec traffic to proper interface, which I believe it is an upstream problem: https://wiki.strongswan.org/issues/592 Thanks, TZ -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1309594 Title: kernel-libipsec not loading To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1309594/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1309594] Re: kernel-libipsec not loading
Hello Simon, Yes I know the policy module. However I think on OpenVZ, strongswan is unable to forward ipsec traffic to proper interface, which I believe it is an upstream problem: https://wiki.strongswan.org/issues/592 Thanks, TZ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309594 Title: kernel-libipsec not loading To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1309594/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309594] Re: kernel-libipsec not loading
Hi Martin, strongswan-plugin-kernel-libipsec does provide the plugin (or supposedly) in Ubuntu 14.04. There are two reasons (or at least mine) to use kernel-libipsec, one is that kernel-libipsec provides a separate interface so that filtering/inspecting the packets would be easier with iptables, and second is that for OpenVZ-based platforms, kernel-libipsec is necessary to make both L2TP/IPSec and IKEv1 to work properly simultaneously (although for L2TP case tunnel mode must be used). I have tested that kernel-netlink alone will fail to forward the packets between the gateway and IKEv1 clients. Best, TZ -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1309594 Title: kernel-libipsec not loading To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1309594/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1309594] Re: kernel-libipsec not loading
Hi Martin, strongswan-plugin-kernel-libipsec does provide the plugin (or supposedly) in Ubuntu 14.04. There are two reasons (or at least mine) to use kernel-libipsec, one is that kernel-libipsec provides a separate interface so that filtering/inspecting the packets would be easier with iptables, and second is that for OpenVZ-based platforms, kernel-libipsec is necessary to make both L2TP/IPSec and IKEv1 to work properly simultaneously (although for L2TP case tunnel mode must be used). I have tested that kernel-netlink alone will fail to forward the packets between the gateway and IKEv1 clients. Best, TZ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309594 Title: kernel-libipsec not loading To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1309594/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309594] Re: kernel-libipsec not loading
Personally, I doubt if it is an upstream problem, since I previously compiled the source code from strongswan.org and that can load kernel- libipsec properly... -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to strongswan in Ubuntu. https://bugs.launchpad.net/bugs/1309594 Title: kernel-libipsec not loading To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1309594/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1309594] Re: kernel-libipsec not loading
Personally, I doubt if it is an upstream problem, since I previously compiled the source code from strongswan.org and that can load kernel- libipsec properly... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1309594 Title: kernel-libipsec not loading To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1309594/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1309594] [NEW] kernel-libipsec not loading
Public bug reported: Hi, I'm running Ubuntu 14.04 and installed Strongswan 5.1.2 with strongswan- plugin-kernel-libipsec. The problem is that the plugin kernel-libipsec is not loading even if /etc/strongswan.d/charon/kernel-libipsec.conf has the option load = yes been set. Also in syslog it seems that strongswan is not even looking for that plugin. Here's the log: Apr 18 11:20:54 vpn charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-24-generic, i686) Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'test-vectors': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'aes': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'rc2': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'sha1': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'sha2': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'md4': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'md5': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'random': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'nonce': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'x509': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'revocation': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'constraints': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'pkcs1': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'pkcs7': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'pkcs8': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'pkcs12': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'pem': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] Padlock not found, CPU is GenuineIntel Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'padlock': failed to load - padlock_plugin_create returned NULL Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'openssl': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'xcbc': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'cmac': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'hmac': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'ctr': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'ccm': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'gcm': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'attr': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'kernel-netlink': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'resolve': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'socket-default': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'stroke': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'updown': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'eap-identity': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'eap-radius': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'eap-ttls': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'xauth-eap': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'addrblock': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA Apr 18 11:20:54 vpn charon: 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA Apr 18 11:20:54 vpn charon: 00[LIB] feature CERT_DECODE:PGP in plugin 'pem' has unmet dependency: CERT_DECODE:PGP Apr 18 11:20:54 vpn charon: 00[LIB] feature CERT_DECODE:X509_OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:X509_OCSP_REQUEST Apr 18 11:20:54 vpn charon: 00[LIB] feature CERT_DECODE:TRUSTED_PUBKEY in plugin 'pem' has unmet dependency: CERT_DECODE:TRUSTED_PUBKEY Apr 18 11:20:54 vpn charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Apr 18 11:20:54 vpn charon: 00[CFG] loaded ca certificate C=, O=, CN= from '/etc/ipsec.d/cacerts/caCert.pem' Apr 18 11:20:54 vpn charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Apr 18 11:20:54 vpn charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Apr 18 11:20:54 vpn charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Apr 18 11:20:54 vpn charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Apr 18 11:20:54 vpn charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Apr 18 11:20:54 vpn charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/serverKey.pem' Apr 18 11:20:54 vpn charon: 00[CFG] loaded IKE secret for %any Apr 18 11:20:54 vpn charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity eap-radius eap-ttls xauth-eap addrblock Apr 18 11:20:54 vpn charon: 00[LIB]
[Bug 1309594] [NEW] kernel-libipsec not loading
Public bug reported: Hi, I'm running Ubuntu 14.04 and installed Strongswan 5.1.2 with strongswan- plugin-kernel-libipsec. The problem is that the plugin kernel-libipsec is not loading even if /etc/strongswan.d/charon/kernel-libipsec.conf has the option load = yes been set. Also in syslog it seems that strongswan is not even looking for that plugin. Here's the log: Apr 18 11:20:54 vpn charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.2, Linux 3.13.0-24-generic, i686) Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'test-vectors': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'aes': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'rc2': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'sha1': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'sha2': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'md4': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'md5': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'random': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'nonce': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'x509': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'revocation': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'constraints': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'pkcs1': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'pkcs7': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'pkcs8': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'pkcs12': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'pem': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] Padlock not found, CPU is GenuineIntel Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'padlock': failed to load - padlock_plugin_create returned NULL Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'openssl': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'xcbc': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'cmac': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'hmac': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'ctr': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'ccm': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'gcm': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'attr': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'kernel-netlink': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'resolve': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'socket-default': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'stroke': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'updown': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'eap-identity': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'eap-radius': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'eap-ttls': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'xauth-eap': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] plugin 'addrblock': loaded successfully Apr 18 11:20:54 vpn charon: 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA Apr 18 11:20:54 vpn charon: 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA Apr 18 11:20:54 vpn charon: 00[LIB] feature CERT_DECODE:PGP in plugin 'pem' has unmet dependency: CERT_DECODE:PGP Apr 18 11:20:54 vpn charon: 00[LIB] feature CERT_DECODE:X509_OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:X509_OCSP_REQUEST Apr 18 11:20:54 vpn charon: 00[LIB] feature CERT_DECODE:TRUSTED_PUBKEY in plugin 'pem' has unmet dependency: CERT_DECODE:TRUSTED_PUBKEY Apr 18 11:20:54 vpn charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Apr 18 11:20:54 vpn charon: 00[CFG] loaded ca certificate C=, O=, CN= from '/etc/ipsec.d/cacerts/caCert.pem' Apr 18 11:20:54 vpn charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Apr 18 11:20:54 vpn charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Apr 18 11:20:54 vpn charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Apr 18 11:20:54 vpn charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Apr 18 11:20:54 vpn charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Apr 18 11:20:54 vpn charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/serverKey.pem' Apr 18 11:20:54 vpn charon: 00[CFG] loaded IKE secret for %any Apr 18 11:20:54 vpn charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity eap-radius eap-ttls xauth-eap addrblock Apr 18 11:20:54 vpn charon: 00[LIB]
