Hi, I am having a hard time to get an IpSec VPN working in my machine... it works fine in other OS, and I am sure I am doing something stupid here, hope some guru can give me guidance!
I am running Ubuntu 12.10, and installed strongswan (4.5.2), added the key secret in /etc/ipsec.secrets file, and setup the VPN through network manager. Without tempering with the strongswan.conf file, I have this output (noted a similar output is : --- /var/log/syslog --- Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> Starting VPN service 'strongswan'... Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> VPN service 'strongswan' started (org.freedesktop.NetworkManager.strongswan), PID 840 Jan 7 22:00:06 mac17 charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.2) Jan 7 22:00:06 mac17 charon: 00[KNL] listening on interfaces: Jan 7 22:00:06 mac17 charon: 00[KNL] eth0 Jan 7 22:00:06 mac17 charon: 00[KNL] wlan0 Jan 7 22:00:06 mac17 charon: 00[KNL] 192.168.1.1 Jan 7 22:00:06 mac17 charon: 00[KNL] fe80::129a:ddff:feae:e16a Jan 7 22:00:06 mac17 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Jan 7 22:00:06 mac17 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Jan 7 22:00:06 mac17 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Jan 7 22:00:06 mac17 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Jan 7 22:00:06 mac17 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Jan 7 22:00:06 mac17 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Jan 7 22:00:06 mac17 charon: 00[CFG] loaded IKE secret for x.x.x.x %any Jan 7 22:00:06 mac17 charon: 00[CFG] sql plugin: database URI not set Jan 7 22:00:06 mac17 charon: 00[LIB] plugin 'sql': failed to load - sql_plugin_create returned NULL Jan 7 22:00:06 mac17 charon: 00[CFG] loaded 0 RADIUS server configurations Jan 7 22:00:06 mac17 charon: 00[LIB] plugin 'medsrv' failed to load: /usr/lib/ipsec/plugins/libstrongswan-medsrv.so: cannot open shared object file: No such file or directory Jan 7 22:00:06 mac17 charon: 00[CFG] mediation client database URI not defined, skipped Jan 7 22:00:06 mac17 charon: 00[LIB] plugin 'medcli': failed to load - medcli_plugin_create returned NULL Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> VPN service 'strongswan' appeared; activating connections Jan 7 22:00:06 mac17 charon: 00[CFG] HA config misses local/remote address Jan 7 22:00:06 mac17 charon: 00[LIB] plugin 'ha': failed to load - ha_plugin_create returned NULL Jan 7 22:00:06 mac17 charon: 00[DMN] loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc nm dhcp led addrblock Jan 7 22:00:06 mac17 charon: 00[JOB] spawning 16 worker threads Jan 7 22:00:06 mac17 charon: 06[CFG] received initiate for NetworkManager connection TestVPN Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> VPN plugin state changed: starting (3) Jan 7 22:00:06 mac17 charon: 06[CFG] using CA certificate, gateway identity x.x.x.x' Jan 7 22:00:06 mac17 charon: 06[IKE] initiating IKE_SA TestVPN[1] to x.x.x.x Jan 7 22:00:06 mac17 charon: 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Jan 7 22:00:06 mac17 charon: 06[NET] sending packet: from 192.168.1.1[500] to x.x.x.x[500] Jan 7 22:00:06 mac17 NetworkManager[1092]: <info> VPN connection 'TestVPN' (Connect) reply received. Jan 7 22:00:10 mac17 charon: 11[IKE] retransmit 1 of request with message ID 0 Jan 7 22:00:10 mac17 charon: 11[NET] sending packet: from 192.168.1.1[500] to x.x.x.x[500] Jan 7 22:00:17 mac17 charon: 12[IKE] retransmit 2 of request with message ID 0 Jan 7 22:00:17 mac17 charon: 12[NET] sending packet: from 192.168.1.1[500] to x.x.x.x[500] Jan 7 22:00:30 mac17 wpa_supplicant[1361]: wlan0: WPA: Group rekeying completed with 00:24:a5:ea:a5:a2 [GTK=CCMP] Jan 7 22:00:30 mac17 charon: 13[IKE] retransmit 3 of request with message ID 0 Jan 7 22:00:30 mac17 charon: 13[NET] sending packet: from 192.168.1.1[500] to x.x.x.x[500] Jan 7 22:00:46 mac17 NetworkManager[1092]: <warn> VPN connection 'TestVPN' (IP Config Get) timeout exceeded. Jan 7 22:00:46 mac17 NetworkManager[1092]: <info> Policy set 'Braga' (wlan0) as default for IPv4 routing and DNS. Jan 7 22:00:46 mac17 charon: 01[IKE] destroying IKE_SA in state CONNECTING without notification Jan 7 22:00:51 mac17 charon: 00[DMN] signal of type SIGTERM received. Shutting down Jan 7 22:00:51 mac17 NetworkManager[1092]: <info> VPN service 'strongswan' disappeared My initial configuration file was: --- /etc/strongswan.conf --- # strongswan.conf - strongSwan configuration file charon { threads = 16 plugins { sql { loglevel = -1 } } } pluto { } libstrongswan { } ---------------- And here is the Network Manager configuration: --- /etc/NetworkManager/system-connections/TestVPN --- [connection] id=TestVPN uuid=07ac4ce3-c6c3-4d42-8bb6-29e56a8751db type=vpn autoconnect=false [vpn] service-type=org.freedesktop.NetworkManager.strongswan virtual=no encap=no address=x.x.x.x user=?????? method=eap ipcomp=yes password-flags=1 [ipv4] method=auto ---------------- Besides the timeout issue, I noted the plugin loading issues in the charon logs. Looking at what I got in the system by default: $ ls /usr/lib/ipsec/plugins/ libstrongswan-addrblock.so libstrongswan-eap-tls.so libstrongswan-pkcs11.so libstrongswan-aes.so libstrongswan-eap-tnc.so libstrongswan-pkcs1.so libstrongswan-agent.so libstrongswan-eap-ttls.so libstrongswan-pubkey.so libstrongswan-attr.so libstrongswan-farp.so libstrongswan-random.so libstrongswan-attr-sql.so libstrongswan-fips-prf.so libstrongswan-resolve.so libstrongswan-ccm.so libstrongswan-gcm.so libstrongswan-revocation.so libstrongswan-constraints.so libstrongswan-gmp.so libstrongswan-sha1.so libstrongswan-ctr.so libstrongswan-ha.so libstrongswan-sha2.so libstrongswan-curl.so libstrongswan-hmac.so libstrongswan-socket-raw.so libstrongswan-des.so libstrongswan-kernel-netlink.so libstrongswan-sql.so libstrongswan-dhcp.so libstrongswan-ldap.so libstrongswan-stroke.so libstrongswan-dnskey.so libstrongswan-led.so libstrongswan-test-vectors.so libstrongswan-eap-aka.so libstrongswan-md5.so libstrongswan-updown.so libstrongswan-eap-gtc.so libstrongswan-medcli.so libstrongswan-x509.so libstrongswan-eap-identity.so libstrongswan-nm.so libstrongswan-xauth.so libstrongswan-eap-md5.so libstrongswan-openssl.so libstrongswan-xcbc.so libstrongswan-eap-mschapv2.so libstrongswan-pem.so libstrongswan-eap-radius.so libstrongswan-pgp.so By adding the load into the strongswan.conf file at least clears the warnings, but I am not sure on if these modules should be here, and loaded... Any help really appreciated! Thanks, -- *Braga, Bruno* www.brunobraga.net bruno.br...@gmail.com
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users