Hi Tobias, I came across the same issue that someone else had raised with you 10 months ago. Unfortunately it seems he was right about the bug. https://wiki.strongswan.org/issues/3290
This is what I'm getting: Oct 16 07:36:48 de-fsn-x charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.0, Linux 5.4.0-1028-aws, x86_64) Oct 16 07:36:48 de-fsn-x charon: 00[KNL] unable to create IPv4 routing table rule Oct 16 07:36:48 de-fsn-x charon: 00[KNL] unable to create IPv6 routing table rule Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loaded ca certificate "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3" from '/etc/ipsec.d/cacerts/chain.pem' Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Oct 16 07:36:48 de-fsn-x ipsec[1855]: /usr/libexec/ipsec/charon: symbol lookup error: /usr/lib/ipsec/plugins/libstrongswan-wolfssl.so: undefined symbol: mp_read_unsigned_bin Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Oct 16 07:36:48 de-fsn-x ipsec[506]: charon has died -- restart scheduled (5sec) Oct 16 07:36:48 de-fsn-x ipsec[506]: charon refused to be started Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Oct 16 07:36:48 de-fsn-x charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' This is how I compiled everything: git clone https://github.com/wolfSSL/wolfssl.git cd wolfssl/ ./autogen.sh ./configure --disable-crypttests --disable-examples --enable-keygen --enable-rsapss --enable-aesccm --enable-aesctr --enable-des3 --enable-camellia --enable-curve25519 --enable-ed25519 --enable-curve448 --enable-ed448 --enable-sha3 --enable-shake256 make make check make install mv /usr/local/lib/libwolfssl.* /usr/lib/ cd .. wget https://download.strongswan.org/strongswan-5.9.0.tar.bz2 tar xjvf strongswan-5.9.0.tar.bz2 cd strongswan-5.9.0 ./configure --prefix=/usr --sysconfdir=/etc --enable-eap-radius --enable-eap-identity --enable-systemd --enable-swanctl --enable-gcm --enable-aesni --enable-wolfssl make install Thank you, Houman On Thu, 15 Oct 2020 at 19:31, Houman <hou...@gmail.com> wrote: > Hello Tobias, > > Thank you for your reply. Excellent, now I understand. > > If I compile WolfSSL into /usr/local/lib and then compile StrongSwan > with --enable-wolfssl. Will StrongSwan automatically pick up the latest > WolfSSL lib like that? > Or do I need to set a path as well? > > Many Thanks, > Houman > > On Thu, 15 Oct 2020 at 16:53, Tobias Brunner <tob...@strongswan.org> > wrote: > >> Hi, >> >> > Is that another plugin that I need to compile? >> >> Yes, you need one of the third-party crypto plugins (openssl, wolfssl, >> botan). See [1] for the list of all algorithms and the plugins that >> provide them. >> >> Regards, >> Tobias >> >> [1] >> https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites >> >
