I'm sorry, I'm at mit wit's end. Try restarting the daemon. Maybe that helps.
Am 12.05.21 um 02:33 schrieb Karuna Sagar Krishna:
Not sure if I fully understand. Did you mean to say - remove `auto=route` from
default connection and add `auto=add` to each connection section? If yes, I
made this
Okay, now we at least know the config line is at actually read.
What happens when you change the order of the config lines or assign them
shorter names?
Am 12.05.21 um 01:41 schrieb Karuna Sagar Krishna:
Yes, I tried that i.e. added some garbage line to ipsec.conf and issued `sudo
ipsec
Hi, please verify that the config file is actually used. For example add a
deliberate syntax error. Like just garbage on a line. Check if the daemon
and/or ipsec complains about that.
Am 12.05.21 um 01:15 schrieb Karuna Sagar Krishna:
Thanks for the quick replies!
Running `sudo ipsec update`
Alright, found it.
Please verify that it's the actual ipsec.conf that is loaded because there also
aren't any errors regarding config files logged.
What happens when you run "ipsec update" or "ipsec reload" from the terminal?
Kind regards
Noel
Am 12.05.21 um 01:09 schrieb Noel Kuntze:
Okay,
Okay, what's your complete ipsec.conf? Can you send it?
Kind regards
Noel
Am 12.05.21 um 00:54 schrieb Karuna Sagar Krishna:
Attaching full charon logs.
Can you help with the ipsec.conf interface. I'll plan to switch to swanctl
going forward, but currently this is blocking our releases.
Hi,
Full logs please, as shown on the HelpRequests[1] page on the wiki.
Also, it's strongly recommended to use swanctl instead if possible. That's the
better configuration backend.
Kind regards
Noel
[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
Am 11.05.21 um 23:50
Ah ofcourse `sudo ipsec restart` helps. But I'm hesitant to use it since it
breaks existing connections.
Would strace help, pasted it below:
sudo strace ipsec update
execve("/usr/sbin/ipsec", ["ipsec", "update"], 0x7ffebdb60588 /* 20 vars
*/) = 0
brk(NULL) =
Thanks for the quick replies!
Running `sudo ipsec update` or `sudo ipsec reload` is effectively a no-op.
Captured the terminal output below:
karkrish@hn1-kkafka:~$ sudo ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.2, Linux 5.4.0-1046-azure,
x86_64):
uptime: 2 hours, since May
Oh I thought I had attached it earlier. Sorry about that. Attached here.
--karuna
On Tue, May 11, 2021 at 4:09 PM Noel Kuntze
wrote:
> Okay, what's your complete ipsec.conf? Can you send it?
>
> Kind regards
> Noel
>
> Am 12.05.21 um 00:54 schrieb Karuna Sagar Krishna:
> > Attaching full
Hi,
I'm setting up a IPSec connection between a bunch of Ubuntu 18.04 LTS
nodes. I'm using Strongswan (Linux strongSwan U5.6.2/K5.4.0-1046-azure) on
the Ubuntu nodes. The number of nodes is dynamic i.e. there are frequent
scale out/ins. So the ipsec.conf file (see attached) is updated with
10 matches
Mail list logo
