I suppose then the daemon isn't running or you fucked up something big time.
Am 10.08.18 um 21:21 schrieb Roee Agami: > Thanks Noel, > > Since I haven't specified anything in strongswan.conf, I assume that all of > the plugins I built will be loaded. > "ipsec listalgs" prints nothing (similar to ipsec statusall). > > Also, any swanctl command I run simply hangs and doesn't finish or print > anything. > > Any idea why? > > Roee. > > On 8/10/18, 2:43 PM, "Noel Kuntze" <noel.kuntze@thermi.consulting> wrote: > > Hello, > > The output of "./configure" only tells you what is built at build time, > not what is loaded at run time. > They're complementary. You can't load a plugin that wasn't build. To be > able to load a plugin, it has to be built and you need to have it. > > Yes, af-alg does what you want. Your expectation to get stuff in the logs > when it works is wrong. No crypto plugin ever prints anything regarding the > usage, as long as nothing bad/critical happens. > You need to check the output of `ipsec listalgs` to see which plugin > provides which algorithms. > > Algorithms are provided by the plugin which provides them first relative > to when the plugins are loaded when the daemon starts. > > Kind regards > > Noel > > > Am 10.08.18 um 14:43 schrieb Roee Agami: > > > > > > > > Hi, > > > > > > > > I wish to have IKE use the crypto services of the kernel rather than > the default user space ones. It was brought to my attention that af-alg > plugin allows such behavior. > > > > > > > > Now I am trying to build strongSwan with that plugin. I know of this > example config: > > > > https://www.strongswan.org/testing/testresults/af-alg/rw-cert/ > > > > > > > > And was trying to follow it, loading the same plugins listed in Carol’s > strongswan.conf (except that I was loading them using the configure script > instead of strongswan.conf). > > > > > > > > Here is the output of the configure script command: > > > > > > > > strongSwan will be built with the following plugins > > > > libstrongswan: test-vectors mgf1 random nonce x509 revocation > constraints pubkey pkcs1 pem openssl af-alg gmp ctr ccm gcm curl > > > > libcharon: kernel-netlink socket-default stroke vici updown > counters > > > > libtnccs: > > > > libtpmtss: > > > > > > > > Then I make and make install it, and restart ipsec. > > > > Looking at the logs, I see messages indicating the various plugins are > loaded successfully, and the last message I see is that ‘af-alg’ plugin is > loaded successfully. I don’t see any other messages after that. > > > > > > > > Running ‘ipsec statusall’ doesn’t show any output at all. > > > > > > > > So my conclusion is that strongSwan is not running the way I wanted it > to. > > > > Can you help me figure out what am I missing? > > > > > > > > Thanks, > > > > Roee. > > > > > > > > > > > > -- > Noel Kuntze > IT security consultant > > GPG Key ID: 0x0739AD6C > Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C > > > > -- Noel Kuntze IT security consultant GPG Key ID: 0x0739AD6C Fingerprint: 3524 93BE B5F7 8E63 1372 AF2D F54E E40B 0739 AD6C
signature.asc
Description: OpenPGP digital signature
