Hi,
Disable kernel-libipsec and the first warning should be gone. Then warnings
about DSA aren't relevant, because you don't
use DSA certificates, do you? Btw, you don't need about 75% of the plugins you
have loaded right now.
Kind regards
Noel
On 02.03.2018 14:51, Volodymyr Litovka wrote:
> Hi colleagues,
>
> I'm installing and configuring Strongswan inside VM (KVM on Intel Xeon CPU
> D-1521) with Ubuntu 17.10.
>
> With all plugins enabled, when I start strongswan service, I see the
> following messages in the log:
>
> 1) The first question is how this impact performace, whether it need to be
> loaded and how? -
> Mar 2 15:32:44 vpn strongswan: 00[LIB] feature CUSTOM:kernel-ipsec in plugin
> 'kernel-netlink' failed to load
>
> 2) plugin "pem" has unmet dependencies - not sure it's important, just ask in
> case - should it be?
>
> Mar 2 15:32:44 vpn strongswan: 00[LIB] feature PUBKEY:DSA in plugin 'pem'
> has unmet dependency: PUBKEY:DSA
> Mar 2 15:32:44 vpn strongswan: 00[LIB] feature PRIVKEY:DSA in plugin 'pem'
> has unmet dependency: PRIVKEY:DSA
> Mar 2 15:32:44 vpn strongswan: 00[LIB] feature CERT_DECODE:OCSP_REQUEST in
> plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST
>
> Loaded modules list -
>
> Mar 2 15:32:44 vpn strongswan: 00[LIB] loaded plugins: charon test-vectors
> unbound ldap pkcs11 aesni aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce
> x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey
> sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp agent chapoly
> xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr
> kernel-libipsec kernel-netlink resolve socket-default connmark farp stroke
> vici updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2
> eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2
> eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic
> xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic
> dhcp whitelist lookip error-notify certexpire led radattr addrblock unity
>
> Thank you.
>
signature.asc
Description: OpenPGP digital signature