Hello,
Ipsec.secrets file stores the information about the subscribers that you will use in you tunnel, that’s why it is not included in the installation. You can find lots of examples of ipsec.secrets files (and the rest of the required files to configure server and client side) in the tests section: https://wiki.strongswan.org/projects/strongswan/wiki/ConfigurationExamples BR From: Users [mailto:[email protected]] On Behalf Of Kapil Athi Sent: Monday, June 6, 2016 3:55 PM To: [email protected] Subject: [strongSwan] ipsec.secrets file is missing Hi Folks, Thanks for adding me into Strongswan User Community! I need some info on how "/etc/ipsec.secrets" file is installed/generated. In my current development environment with strongswan 5.3.2, i see /etc/ipsec.secrets file is missing after installation, so need some info to understand how "ipsec.secrets" is created, so i can debug this. i am using yocto based enviroment with linux 3.12 yocto ver : 1.6 Strongswan version used: 5.3.2 Linux kernel : 3.12 (Mentor embedded linux - MEL) strongswan recipe : http://git.openembedded.org/meta-openembedded/tree/meta-networking/recipes-support/strongswan/strongswan_5.3.2.bb With the above Strongswan recipe, i have compiled and installed the strongswan 5.3.2. After bootup, i see that "/etc/ipsec.secrets" file is not created. Even, in the MEL built rootfs, i don't see the file /etc/ipsec.secrets. Now, i can manually create this file and start using it, but i wanted to learn why this file is missing in the first place. Can somebody tell me, if /etc/ipsec.secrets file will created at compile time or during run time ? if so, can you give me some suggestion on where to look, if the ipsec.secrets file is missing. FYI. Earlier i was using strongswan 5.1.1 and 5.2.1, and ipsec.secrets always used to be there. Error Log: ======= daemon.info charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' daemon.info charon: 00[CFG] opening secrets file '/etc/ipsec.secrets' failed: No such file or directory Logs: ==== authpriv.info ipsec_starter[590]: Starting strongSwan 5.3.2 IPsec [starter]... daemon.info charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.2, Linux 3.12.19-rt30, ppc) daemon.info ipsec[590]: Starting strongSwan 5.3.2 IPsec [starter]... daemon.info charon: 00[KNL] received netlink error: Operation not supported (95) daemon.info charon: 00[KNL] unable to create IPv6 routing table rule daemon.info charon: 00[KNL] unable to create IPv4 routing table rule daemon.info charon: 00[KNL] received netlink error: Operation not supported (95) daemon.info charon: 00[KNL] unable to create IPv6 routing table rule daemon.info charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' daemon.info charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' daemon.info charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' daemon.info charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' daemon.info charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' daemon.info charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' daemon.info charon: 00[CFG] opening secrets file '/etc/ipsec.secrets' failed: No such file or directory daemon.info charon: 00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubke daemon.info charon: 00[JOB] spawning 16 worker threads Thanks Kapil.
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
