Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

Colony.three via Shorewall-users Wed, 27 Dec 2017 15:29:29 -0800

> The Cert isn't involved in the IKE_SA_INIT request. Verification of the
> cert occurs in the IKE_AUTH request. What are the messages generated
> when you start your local StrongSwan config?
>
> -Tom


I don't see anything abnormal...  although I do not see it calling 
strongswan.d/bills-strongswan.conf  nor  ipsec.d/bills-ipsec.conf.

/etc/strongswan/strongswan.conf has:
include strongswan.d/*.conf
... but /etc/strongswan/ipsec.conf doesn't have any such thing.

(The missing key is because I was experimenting at that moment)

Dec 27 15:20:43 zeta systemd: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using 
ipsec.conf.
Dec 27 15:20:49 zeta systemd: Started strongSwan IPsec IKEv1/IKEv2 daemon using 
ipsec.conf.
Dec 27 15:20:49 zeta systemd: Starting strongSwan IPsec IKEv1/IKEv2 daemon 
using ipsec.conf...
Dec 27 15:20:49 zeta strongswan: Starting strongSwan 5.5.3 IPsec [starter]...
Dec 27 15:20:49 zeta strongswan: !! Your strongswan.conf contains manual plugin 
load options for charon.
Dec 27 15:20:49 zeta strongswan: !! This is recommended for experts only, see
Dec 27 15:20:49 zeta strongswan: !! 
http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
Dec 27 15:20:49 zeta charon: 00[DMN] Starting IKE charon daemon (strongSwan 
5.5.3, Linux 4.13.0-1.el7.elrepo.x86_64, x86_64)
Dec 27 15:20:49 zeta charon: 00[CFG] loading ca certificates from 
'/etc/strongswan/ipsec.d/cacerts'
Dec 27 15:20:49 zeta charon: 00[CFG]   loaded ca certificate "C=US, 
O=QuantumEquities, CN=QuantumCA" from 
'/etc/strongswan/ipsec.d/cacerts/cacert.pem'
Dec 27 15:20:49 zeta charon: 00[CFG] loading aa certificates from 
'/etc/strongswan/ipsec.d/aacerts'
Dec 27 15:20:49 zeta charon: 00[CFG] loading ocsp signer certificates from 
'/etc/strongswan/ipsec.d/ocspcerts'
Dec 27 15:20:49 zeta charon: 00[CFG] loading attribute certificates from 
'/etc/strongswan/ipsec.d/acerts'
Dec 27 15:20:49 zeta charon: 00[CFG] loading crls from 
'/etc/strongswan/ipsec.d/crls'
Dec 27 15:20:49 zeta charon: 00[CFG] loading secrets from 
'/etc/strongswan/ipsec.secrets'
Dec 27 15:20:49 zeta charon: 00[LIB]   opening 
'/etc/strongswan/ipsec.d/private/quantumKey.pem' failed: No such file or 
directory
Dec 27 15:20:49 zeta charon: 00[LIB] building CRED_PRIVATE_KEY - RSA failed, 
tried 4 builders
Dec 27 15:20:49 zeta charon: 00[CFG]   loading private key from 
'/etc/strongswan/ipsec.d/private/quantumKey.pem' failed
Dec 27 15:20:49 zeta charon: 00[LIB] loaded plugins: charon random nonce aes 
sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke kernel-netlink 
socket-default updown
Dec 27 15:20:49 zeta charon: 00[JOB] spawning 16 worker threads
Dec 27 15:20:49 zeta strongswan: charon (32057) started after 20 ms

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

Reply via email to