Re: [strongSwan] plugins load warnings

[Noel Kuntze]

Hi,

Disable kernel-libipsec and the first warning should be gone. Then warnings 
about DSA aren't relevant, because you don't
use DSA certificates, do you? Btw, you don't need about 75% of the plugins you 
have loaded right now.

Kind regards

Noel

On 02.03.2018 14:51, Volodymyr Litovka wrote:
> Hi colleagues,
>
> I'm installing and configuring Strongswan inside VM (KVM on Intel Xeon CPU 
> D-1521) with Ubuntu 17.10.
>
> With all plugins enabled, when I start strongswan service, I see the 
> following messages in the log:
>
> 1) The first question is how this impact performace, whether it need to be 
> loaded and how? -
> Mar  2 15:32:44 vpn strongswan: 00[LIB] feature CUSTOM:kernel-ipsec in plugin 
> 'kernel-netlink' failed to load
>
> 2) plugin "pem" has unmet dependencies - not sure it's important, just ask in 
> case - should it be?
>
> Mar  2 15:32:44 vpn strongswan: 00[LIB] feature PUBKEY:DSA in plugin 'pem' 
> has unmet dependency: PUBKEY:DSA
> Mar  2 15:32:44 vpn strongswan: 00[LIB] feature PRIVKEY:DSA in plugin 'pem' 
> has unmet dependency: PRIVKEY:DSA
> Mar  2 15:32:44 vpn strongswan: 00[LIB] feature CERT_DECODE:OCSP_REQUEST in 
> plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST
>
> Loaded modules list -
>
> Mar  2 15:32:44 vpn strongswan: 00[LIB] loaded plugins: charon test-vectors 
> unbound ldap pkcs11 aesni aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce 
> x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey 
> sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp agent chapoly 
> xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr 
> kernel-libipsec kernel-netlink resolve socket-default connmark farp stroke 
> vici updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 
> eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 
> eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic 
> xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic 
> dhcp whitelist lookip error-notify certexpire led radattr addrblock unity
>
> Thank you.
>



signature.asc
Description: OpenPGP digital signature

[strongSwan] plugins load warnings

[Volodymyr Litovka]

Hi colleagues,

I'm installing and configuring Strongswan inside VM (KVM on Intel Xeon 
CPU D-1521) with Ubuntu 17.10.


With all plugins enabled, when I start strongswan service, I see the 
following messages in the log:


1) The first question is how this impact performace, whether it need to 
be loaded and how? -
Mar  2 15:32:44 vpn strongswan: 00[LIB] feature CUSTOM:kernel-ipsec in 
plugin 'kernel-netlink' failed to load


2) plugin "pem" has unmet dependencies - not sure it's important, just 
ask in case - should it be?


Mar  2 15:32:44 vpn strongswan: 00[LIB] feature PUBKEY:DSA in plugin 
'pem' has unmet dependency: PUBKEY:DSA
Mar  2 15:32:44 vpn strongswan: 00[LIB] feature PRIVKEY:DSA in plugin 
'pem' has unmet dependency: PRIVKEY:DSA
Mar  2 15:32:44 vpn strongswan: 00[LIB] feature CERT_DECODE:OCSP_REQUEST 
in plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST


Loaded modules list -

Mar  2 15:32:44 vpn strongswan: 00[LIB] loaded plugins: charon 
test-vectors unbound ldap pkcs11 aesni aes rc2 sha2 sha1 md4 md5 mgf1 
rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 
pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt 
af-alg fips-prf gmp agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss 
curl soup mysql sqlite attr kernel-libipsec kernel-netlink resolve 
socket-default connmark farp stroke vici updown eap-identity eap-sim 
eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym 
eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius 
eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam 
xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist 
lookip error-notify certexpire led radattr addrblock unity


Thank you.

--
Volodymyr Litovka
  "Vision without Execution is Hallucination." -- Thomas Edison