Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

Tom Eastep Wed, 27 Dec 2017 15:53:33 -0800

On 12/27/2017 03:46 PM, Colony.three via Shorewall-users wrote:
>
>
>
>
>> -------- Original Message --------
>> Subject: Re: [Shorewall-users] UDP Getting Blocked When Unblocked
>> (StrongSwan)
>> Local Time: December 27, 2017 3:31 PM
>> UTC Time: December 27, 2017 11:31 PM
>> From: teas...@shorewall.net
>> To: shorewall-users@lists.sourceforge.net
>>
>> On 12/27/2017 03:27 PM, Colony.three via Shorewall-users wrote:
>>
>>     Dec 27 15:20:49 zeta charon: 00[CFG] loading secrets from
>>     '/etc/strongswan/ipsec.secrets'
>>     Dec 27 15:20:49 zeta charon: 00[LIB]   opening
>>     '/etc/strongswan/ipsec.d/private/quantumKey.pem' failed: No such file
>>     or directory
>>     Dec 27 15:20:49 zeta charon: 00[LIB] building CRED_PRIVATE_KEY - RSA
>>     failed, tried 4 builders
>>     Dec 27 15:20:49 zeta charon: 00[CFG]   loading private key from
>>     '/etc/strongswan/ipsec.d/private/quantumKey.pem' failed
>>
>>
>>      
>>     The above messages certainly aren't good!
>>      
>>     -Tom
>>      
>>
> Understand.  I was in the middle of something as noted in my prior
> ().  Here it is again stabilized but still the same problem as all along:
>
> Dec 27 15:38:59 zeta strongswan: ipsec starter stopped
> Dec 27 15:39:02 zeta systemd: Started strongSwan IPsec IKEv1/IKEv2
> daemon using ipsec.conf.
> Dec 27 15:39:02 zeta systemd: Starting strongSwan IPsec IKEv1/IKEv2
> daemon using ipsec.conf...
> Dec 27 15:39:02 zeta strongswan: Starting strongSwan 5.5.3 IPsec
> [starter]...
> Dec 27 15:39:02 zeta strongswan: !! Your strongswan.conf contains
> manual plugin load options for charon.
> Dec 27 15:39:02 zeta strongswan: !! This is recommended for experts
> only, see
> Dec 27 15:39:02 zeta strongswan: !!
> http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
> Dec 27 15:39:02 zeta charon: 00[DMN] Starting IKE charon daemon
> (strongSwan 5.5.3, Linux 4.13.0-1.el7.elrepo.x86_64, x86_64)
> Dec 27 15:39:02 zeta charon: 00[CFG] loading ca certificates from
> '/etc/strongswan/ipsec.d/cacerts'
> Dec 27 15:39:02 zeta charon: 00[CFG]   loaded ca certificate "C=US,
> O=QuantumEquities, CN=QuantumCA" from
> '/etc/strongswan/ipsec.d/cacerts/cacert.pem'
> Dec 27 15:39:02 zeta charon: 00[CFG] loading aa certificates from
> '/etc/strongswan/ipsec.d/aacerts'
> Dec 27 15:39:02 zeta charon: 00[CFG] loading ocsp signer certificates
> from '/etc/strongswan/ipsec.d/ocspcerts'
> Dec 27 15:39:02 zeta charon: 00[CFG] loading attribute certificates
> from '/etc/strongswan/ipsec.d/acerts'
> Dec 27 15:39:02 zeta charon: 00[CFG] loading crls from
> '/etc/strongswan/ipsec.d/crls'
> Dec 27 15:39:02 zeta charon: 00[CFG] loading secrets from
> '/etc/strongswan/ipsec.secrets'
> Dec 27 15:39:02 zeta charon: 00[CFG]   loaded RSA private key from
> '/etc/strongswan/ipsec.d/private/carlsKey.pem'
> Dec 27 15:39:02 zeta charon: 00[LIB] loaded plugins: charon random
> nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac stroke
> kernel-netlink socket-default updown
> Dec 27 15:39:02 zeta charon: 00[JOB] spawning 16 worker threads
> Dec 27 15:39:02 zeta strongswan: charon (32155) started after 20 ms
>
>
In by case, it goes on...


loaded plugins: charon aesni aes rc2 sha2 sha1 md5 random nonce x509
revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey
pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve
socket-default connmark stroke updown
Dec 27 15:04:56 irssi charon: 00[LIB] dropped capabilities, running as
uid 0, gid 0
Dec 27 15:04:56 irssi charon: 00[JOB] spawning 16 worker threads
Dec 27 15:04:56 irssi charon: 05[CFG] received stroke: add connection 'ipv4'
Dec 27 15:04:56 irssi charon: 05[CFG] adding virtual IP address pool
172.20.3.0/24
Dec 27 15:04:56 irssi charon: 05[CFG]   loaded certificate "C=US,
O=Shorewall, CN=irssi" from 'irssiCert.der'
Dec 27 15:04:56 irssi charon: 05[CFG] added configuration 'ipv4'
Dec 27 15:04:56 irssi charon: 07[CFG] received stroke: add connection 'ipv6'
Dec 27 15:04:56 irssi charon: 07[CFG] virtual IP pool too large,
limiting to 2601:601:a000:16f7::/97
Dec 27 15:04:56 irssi charon: 07[CFG] adding virtual IP address pool
2601:601:a000:16f7::/64
Dec 27 15:04:56 irssi charon: 07[CFG]   loaded certificate "C=US,
O=Shorewall, CN=irssi" from 'irssiCert.der'
Dec 27 15:04:56 irssi charon: 07[CFG] added configuration 'ipv6'

This was on my DNATed endpoint.

-Tom

-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't 
http://shorewall.org \   understand
                      \_______________________________________________

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] UDP Getting Blocked When Unblocked (StrongSwan)

Reply via email to