Hello Amit,
your log says:
00[CFG] no script for ext-auth script defined, disabled
The ex-auth plugin description
https://wiki.strongswan.org/projects/strongswan/wiki/Ext-auth
or man strongswan.conf
charon.plugins.ext-auth.script []
Command to pass to the system shell for peer authorization.
Authorization is considered successful if the command executes
normally with an exit code of zero. For all other exit codes
IKE_SA authorization is rejected.
The following environment variables get passed to the script:
IKE_UNIQUE_ID: The IKE_SA numerical unique identifier.
IKE_NAME: The peer configuration connection name.
IKE_LOCAL_HOST: Local IKE IP address.
IKE_REMOTE_HOST: Remote IKE IP address.
IKE_LOCAL_ID: Local IKE identity.
IKE_REMOTE_ID: Remote IKE identity.
IKE_REMOTE_EAP_ID: Remote EAP or XAuth identity, if used.
Thus you have to define an authentication script in strongswan.conf:
charon {
plugins {
ext-auth {
script =
}
}
}
Regards
Andreas
On 02.08.2018 18:55, Amit Priyadarshi wrote:
>
> Hello Strongswan experts,
>
> I am a strongswan-rookie and need some experts advice here.
> I am trying to configure strongswan to use external auth script.
> i followed below steps.
>
> root@ampriyad-Inspiron-3558:/home/ampriyad/strongswan/strongswan-5.6.3#
> ./configure --enable-ext-auth
>
> then i went ahead and did a
> make followed by
> make install.
> When i lauched ipsec i got below run logs
> Note that the plug in "ext-auth" did not gt loaded.
>
> root@ampriyad-Inspiron-3558:/home/ampriyad/strongswan/strongswan-5.6.3#
> ipsec start --debug-all --nofork
> Starting strongSwan 5.6.3 IPsec [starter]...
> Loading config setup
> found netkey IPsec stack
> Attempting to start charon...
> 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux
> 4.15.0-29-generic, x86_64)
> 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
> 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
> 00[CFG] loading ocsp signer certificates from
> '/usr/local/etc/ipsec.d/ocspcerts'
> 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
> 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
> 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
> 00[CFG] no script for ext-auth script defined, disabled
> 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 mgf1 random
> nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp
> dnskey sshkey pem fips-prf gmp curve25519 xcbc cmac hmac attr
> kernel-netlink resolve socket-default stroke vici updown xauth-generic
> counters
> 00[JOB] spawning 16 worker threads
>
> Please guide me on what did i miss?
>
> --
> Regards,
> Amit Priyadarshi
>
>
>
>
--
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[INS-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature