Hi Andreas, We are planning to use davici library for the establishment of dynamic IKEv2 connection using Strongswan’s IKE client. Are there any licensing implications of using davici library? Please confirm/clarify.
Thanks, Rajeev On Wed, May 11, 2016 at 9:18 AM, Andreas Steffen < [email protected]> wrote: > Hi Rajeev, > > there seems something wrong with your user certificate. > > You can configure the charon daemon dynamically using the > VICI interface. There are VICI bindings for the Perl, Ruby > and Python script languages which can be used by your > IPsec management application to communicate with the > charon daemon. For details have a look at > > > https://github.com/strongswan/strongswan/blob/master/src/libcharon/plugins/vici/README.md > > If you intend to write your management application in C or C++ > then consider the DAVICI library: > > https://github.com/strongswan/davici/blob/master/README.md > > Regards > > Andreas > > On 11.05.2016 13:50, rajeev nohria wrote: > > Andreas, > > > > I appreciate helping me out. Now I am making progress with Charon > > running, Not sure why it was stopping before. I am getting following > > error now, I am going over my config files. Hopefully I will find the > > issue. > > > > rnohria@ubuntu:~$ sudo swanctl --load-conns > > 06[LIB] OpenSSL X.509 parsing failed > > 06[LIB] building CRED_CERTIFICATE - X509 failed, tried 4 builders > > loading connection 'rw' failed: invalid value for: certs, config > discarded > > loaded 0 of 1 connections, 1 failed to load, 0 unloaded > > > > > > Question: > > > > Can I use Strongswan to make connections dynamically, not via config > > file. For config file we need to know information beforehand. If I don't > > know all the information beforehand like local and remote IP address. Is > > there any interface exist in Strongswan to support dynamic connection. > > > > Thanks, > > Rajeev > > > > > > > > > > > > On Wed, May 11, 2016 at 4:41 AM, Andreas Steffen > > <[email protected] <mailto:[email protected]>> > > wrote: > > > > Hi Rajeev, > > > > try running charon in the foreground: > > > > sudo /usr/local/libexec/ipsec/charon > > > > and check for error messages in the console window. > > > > Cheers Andreas > > > > On 11.05.2016 11:53, rajeev nohria wrote: > > > > Andreas, > > > > It seems like Charon daemon is not running, When I run the charon > > command, it immediately stops it. Where can I find the charon > > log to see > > if there is any issue? > > > > rnohria@ubuntu:~$ sudo /usr/local/libexec/ipsec/charon& > > [1] 7272 > > rnohria@ubuntu:~$ > > > > [1]+ Stopped sudo > /usr/local/libexec/ipsec/charon > > > > Thanks, > > Rajeev > > > > > > On Wed, May 11, 2016 at 2:55 AM, Andreas Steffen > > <[email protected] > > <mailto:[email protected]> > > <mailto:[email protected] > > <mailto:[email protected]>>> > > wrote: > > > > Hi Rajeev, > > > > can you check in the charon log if the vici plugin has been > > loaded? > > And do you see the charon daemon running in the process > status > > (ps aux | grep charon)? > > > > Regards > > > > Andreas > > > > On 05/11/2016 04:04 AM, rajeev nohria wrote: > > > Thanks Andreas, > > > > > > I ran the charon and also copied the charon script file to > > /etc/init.d. > > > Now when I run sudo swanctl --load-conn, I still get the > > same issue. > > > connecting to 'unix:///var/run/charon.vici' failed: No > > such file or > > > directory > > > Error: connecting to 'default' URI failed: No such file or > > directory > > > strongSwan 5.4.0 swanctl > > > usage: > > > swanctl --load-conns [--raw|--pretty] > > > --help (-h) show usage information > > > --raw (-r) dump raw response > message > > > --pretty (-P) dump raw response > > message in pretty print > > > --debug (-v) set debug level, > default: 1 > > > --options (-+) read command line > > options from file > > > --uri (-u) service URI to connect > to > > > > > > > > > Am I missing any other step? > > > > > > Thanks, > > > Rajeev > > > > > > On Tue, May 10, 2016 at 3:59 AM, Andreas Steffen > > > <[email protected] > > <mailto:[email protected]> > > <mailto:[email protected] > > <mailto:[email protected]>> > > <mailto:[email protected] > > <mailto:[email protected]> > > > > <mailto:[email protected] > > <mailto:[email protected]>>>> > > > wrote: > > > > > > Hi Rajeev, > > > > > > is the charon daemon running? If not, either start > charon > > manually: > > > > > > sudo /usr/local/libexec/ipsec/charon & > > > > > > or if your Linux distribution still uses upstart, > > copy the > > > following script to /etc/init.d/ > > > > > > > > > > > > > > https://wiki.strongswan.org/projects/strongswan/repository/revisions/master/entry/testing/hosts/default/etc/init.d/charon > > > > > > and start the charon daemon in the appropriate > runlevels. > > > > > > If your Linux distribution uses systemd instead, > > compile and > > > install strongSwan with > > > > > > ./config --enable-systemd > > > > > > and enable and start the strongswan-swanctl service. > > > > > > BTW - in order to use the vici socket you must be > > root. Thus > > > > > > sudo swanctl --load-conn > > > > > > Best regards > > > > > > Andreas > > > > > > > > > On 09.05.2016 16:34, rajeev nohria wrote: > > > > > > I am new user of Strongswan and running 5.4.0. > > After creating > > > certificates and configuring two Ubuntu m/c with > > Strongswan > > > 5.4.0. I try > > > to create connection as following and get error. > > Please > > advise, > > > how to > > > resolve following issue? > > > > > > $swanctl --load-conn > > > connecting to 'unix:///var/run/charon.vici' > > failed: No > > such file or > > > directory > > > Error: connecting to 'default' URI failed: No > > such file > > or directory > > > strongSwan 5.4.0 swanctl > > > usage: > > > > > > > > > Thanks, > > > Rajeev > > > > > > > > > _______________________________________________ > > > Users mailing list > > > [email protected] > > <mailto:[email protected]> > > <mailto:[email protected] > > <mailto:[email protected]>> > > <mailto:[email protected] > > <mailto:[email protected]> > > <mailto:[email protected] > > <mailto:[email protected]>>> > > >https://lists.strongswan.org/mailman/listinfo/users > > > > > > > > > -- > > > > > > ====================================================================== > > > Andreas Steffen > > > [email protected] > > <mailto:[email protected]> > > <mailto:[email protected] > > <mailto:[email protected]>> > > <mailto:[email protected] > > <mailto:[email protected]> > > > > <mailto:[email protected] > > <mailto:[email protected]>>> > > > strongSwan - the Open Source VPN Solution! > > > www.strongswan.org <http://www.strongswan.org> > > <http://www.strongswan.org> > > <http://www.strongswan.org> > > > Institute for Internet Technologies and Applications > > > University of Applied Sciences Rapperswil > > > CH-8640 Rapperswil (Switzerland) > > > > > > > > ===========================================================[ITA-HSR]== > > > > > > > > > > > > -- > > > > > ====================================================================== > > Andreas Steffen [email protected] > > <mailto:[email protected]> > > <mailto:[email protected] > > <mailto:[email protected]>> > > strongSwan - the Open Source VPN Solution! > > www.strongswan.org <http://www.strongswan.org> > > <http://www.strongswan.org> > > Institute for Internet Technologies and Applications > > University of Applied Sciences Rapperswil > > CH-8640 Rapperswil (Switzerland) > > > > > ===========================================================[ITA-HSR]== > > > > > > > > -- > > > ====================================================================== > > Andreas Steffen > > [email protected] <mailto: > [email protected]> > > strongSwan - the Open Source VPN Solution! > > www.strongswan.org <http://www.strongswan.org> > > Institute for Internet Technologies and Applications > > University of Applied Sciences Rapperswil > > CH-8640 Rapperswil (Switzerland) > > > ===========================================================[ITA-HSR]== > > > > > > -- > ====================================================================== > Andreas Steffen [email protected] > strongSwan - the Open Source VPN Solution! www.strongswan.org > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
