below is the strongswan log: 00[DMN] signal of type SIGINT received. Shutting down Aug 19 08:41:39 PCSWAN3 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.0.2, Linux 2.6.18-348.1.1.el5, i686) Aug 19 08:41:39 PCSWAN3 charon: 00[KNL] unable to set UDP_ENCAP: Protocol not available Aug 19 08:41:39 PCSWAN3 charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loaded 0 RADIUS server configurations Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' Aug 19 08:41:39 PCSWAN3 charon: 00[LIB] opening '/usr/local/etc/ipsec.d/private/myKey.der' failed: No such file or directory Aug 19 08:41:39 PCSWAN3 charon: 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 6 builders Aug 19 08:41:39 PCSWAN3 charon: 00[CFG] loading private key from '/usr/local/etc/ipsec.d/private/myKey.der' failed Aug 19 08:41:39 PCSWAN3 charon: 00[DMN] loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-md5 eap-radius xauth-generic Aug 19 08:41:39 PCSWAN3 charon: 00[JOB] spawning 16 worker threads Aug 19 08:41:43 PCSWAN3 charon: 05[CFG] received stroke: initiate 'client' Aug 19 08:41:43 PCSWAN3 charon: 05[CFG] no config named 'client'
2014-08-19 11:18 GMT+08:00 <[email protected]>: > Hi Noel, > > I have checked the strongswan logs at /var/log/messages, and I found that > it load the conf directory /usr/loca/etc, while I put all my conf files at > /etc, which I think cause my problem. > Is there any way that I can change the conf directory to /etc. > > Thanks, > > > 2014-08-18 21:16 GMT+08:00 Noel Kuntze <[email protected]>: > > -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hello Amysue >> >> Please refer to [2] for a how-to for installing strongSwan. >> Please note that some modules that could be necessary for your setup >> need to be compiled by giving the corresponding parameters to ./configure. >> >> Regards, >> Noel Kuntze >> >> GPG Key id: 0x63EC6658 >> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 >> >> Am 18.08.2014 um 15:12 schrieb [email protected]: >> > I also want to know are there any special configurations to install >> strongswan for ikev2 mobike? >> > >> > For install strongswan to my pc, I just >> > /./configure/ >> > /make/ >> > /make install/ >> > / >> > / >> > Thanks, >> > >> > >> > 2014-08-18 21:08 GMT+08:00 <[email protected] <mailto: >> [email protected]>>: >> > >> > Hi Noel, >> > The output of "ipsec statusall" is >> > /Status of IKE charon daemon (strongSwan 5.0.2, Linux >> 2.6.18-348.1.1.el5, i686):/ >> > / uptime: 14 minutes, since Aug 18 18:21:46 2014/ >> > / malloc: sbrk 135168, mmap 0, used 86616, free 48552/ >> > / worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: >> 0/0/0/0, scheduled: 0/ >> > / loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 >> revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem fips-prf gmp xcbc >> cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-md5 >> eap-radius xauth-generic/ >> > /Listening IP addresses:/ >> > / 192.168.2.6/ >> > / 12.12.1.203/ >> > /Connections:/ >> > /Security Associations (0 up, 0 connecting):/ >> > / none/ >> > >> > And, how do I enable logging[1] ? I don't use strongswan much, So >> it feel difficult for me. >> > Thank you again for your help >> > >> > >> > >> > 2014-08-18 21:02 GMT+08:00 Noel Kuntze <[email protected] >> <mailto:[email protected]>>: >> > >> > Hello, >> > >> > Check your system log for errors and show us the output of "ipsec >> statusall". >> > Sometimes, it takes a couple of seconds for the daemon to load the >> configuration. Waiting a bit can help in this case. >> > The reason for this is, that all the ipsec commands are asynchronous. >> > If the configuration isn't loaded for a couple of seconds, please >> enable logging[1]. >> > StrongSwan can handle Mobike. It's a daemon thing, not a kernel thing. >> > >> > [1] >> https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration >> > >> > Regards, >> > Noel Kuntze >> > >> > GPG Key id: 0x63EC6658 >> > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 >> > >> > Am 18.08.2014 um 14:56 schrieb [email protected] <mailto: >> [email protected]>: >> >> Hello, >> > >> >> My OS is centos 5.9 and i have installed Linux strongSwan >> U5.0.2/K2.6.18-348.1.1.el5. >> >> After installation,i start strongswan: >> >> ipsec start >> >> then i up an connection: >> >> ipsec up client >> >> then I get an error:*no config named 'client'* >> >> Actually, I define an connection in /etc/ipsec.conf. >> > >> >> Below is my /etc/ipsec.conf >> > >> >> /config setup/ >> >> / strictcrlpolicy=no/ >> >> / charonstart=yes/ >> >> / >> >> / >> >> /conn %default/ >> >> / ikelifetime=28800s/ >> >> / keylife=28800s/ >> >> / rekeymargin=3m/ >> >> / keyingtries=3/ >> >> / keyexchange=ikev2/ >> >> / ike=3des-sha1-modp1024/ >> >> / esp=3des-sha1/ >> >> / >> >> / >> >> /conn client/ >> >> / left=12.12.1.203/ <http://12.12.1.203/> >> >> / leftsourceip=%config/ >> >> / leftcert=client1_cert.pem/ >> >> / leftid="/C=CN/ST=SH/O=CS/CN=IKEv2_Client1"/ >> >> / right=11.11.11.200/ <http://11.11.11.200/> >> >> / rightid="/C=CN/ST=SH/O=CS/CN=11.11.11.200"/ >> >> / rightsubnet=192.168.168.0/24 <http://192.168.168.0/24> < >> http://192.168.168.0/24>/ >> >> / auto=add/ >> >> / >> >> / >> >> I have no idea what to do now, I really need your help, any one could >> help me? >> >> Thank you very much >> > >> > >> > >> >> _______________________________________________ >> >> Users mailing list >> >> [email protected] <mailto:[email protected]> >> >> https://lists.strongswan.org/mailman/listinfo/users >> > >> > _______________________________________________ >> > Users mailing list >> > [email protected] <mailto:[email protected]> >> > https://lists.strongswan.org/mailman/listinfo/users >> > >> > >> > >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2 >> >> iQIcBAEBAgAGBQJT8fycAAoJEDg5KY9j7GZYpTcP/iukAF34z42AVNwxbTo3Ow8t >> +aNESIoYH+8VLpQM2ZKLt3GNd9Ni4TqQkn3pz2+R21jx+2x1vSqhtfUa8UjxsXsl >> UNfmOzAjw9eNFiR8XvtmD/oMJecitea++l0zQKKwoUEWujvrk+ADf48/ixMEVkxN >> h99mC5qkvo878regENvBwn6nRgnT13n2wlIDE/WHyLCCcQWol3DJifYU/acUYWIj >> ixn+LLeIOz6xJdCWMj914KeRo/P+cmhoUx/su4+DRtIE3oIO0scYVsjkewIBBBy/ >> l8TZ3+jn+CeQ/OvmiJHVhoMhUTN2cjUw/CKOQsiD1Mzke3S/ZgE0VghKQEKYFJnF >> r09O2D7ML0gf8p5F0psXYf7Z3Md8Hyma9X8CJleZ+UZbciVPshW2eniDUGOTX9F1 >> dalsDT9IuIAeeTYFqXG1Hpu70adbBdOtMStNiFms4qp09YU5lya1PDHiW6OJQJzk >> qLd/4p0XU11M7FIlX77EY+erzqa0ocTX/anhU4d8kaHj/yscjs+jCut3h3yMh1Wr >> jZMmSd2Sya+y7mVWGJZM6J881oKmWBOZnxAbUz8GWVqS0YrL5xONZflCXcJ7AlM6 >> rsdomGi69E7uOUeoS2Ophik+KPFU3z1YXPekwoZ1G5lpGO3AcPR1k6JlG0kc5kPU >> LeKodA7uufdB3uaXDmo/ >> =v2BP >> -----END PGP SIGNATURE----- >> > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
