7.7.1 and strongSwan

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
hb
Reply | Threaded
Open this post in threaded view
|

7.7.1 and strongSwan

hb
Some plugins are missing and then there is an 524 error.

# ipsec --version
Linux strongSwan U5.5.0/K4.7.9-64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
#
# ipsec start
Starting strongSwan 5.5.0 IPsec [starter]...
# ipsec up not-shown
...
no XAuth method found
...
establishing connection 'not-shown' failed
#

No surprise, the xauth plugin is missing.

# aptitude update
...
# aptitude install libcharon-extra-plugins
The following NEW packages will be installed:
  libcharon-extra-plugins{b} libfcgi0ldbl{a}
0 packages upgraded, 2 newly installed, 0 to remove and 2583 not upgraded.
Need to get 485 kB of archives. After unpacking 1,508 kB will be used.
The following packages have unmet dependencies:
  libcharon-extra-plugins : Depends: libstrongswan (= 5.2.1-6+deb8u2) but
5.5.0-2 is installed and it is kept back
...
#

Hmm, no 5.5.0-2 extra plugins?

OK, I can get them from
http://snapshot.debian.org/archive/debian/20160918T165732Z/pool/main/s/strongswan/libcharon-extra-plugins_5.5.0-2_i386.deb

Yes, i386!

# dpkg -i Downloads/libcharon-extra-plugins_5.5.0-2_i386.deb
Selecting previously unselected package libcharon-extra-plugins.
(Reading database ... 458785 files and directories currently installed.)
Preparing to unpack .../libcharon-extra-plugins_5.5.0-2_i386.deb ...
Unpacking libcharon-extra-plugins (5.5.0-2) ...
Setting up libcharon-extra-plugins (5.5.0-2) ...
#
# ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.5.0 IPsec [starter]...
# ipsec up not-shown
...
installing DNS server x.x.x.x to /etc/resolv.conf
installing DNS server y.y.y.y to /etc/resolv.conf
installing new virtual IP z.z.z.z
allocating SPI failed: Unknown error (524)
unable to get SPI
allocating SPI from kernel failed
establishing connection 'not-shown' failed
#

Almost there? 524 looks like ENOTSUPP. So what needs to be
enabled/supported?

No, installing version 5.2.1-6+deb8u2 of strongSwan doesn't change the
524 error.

No, in the strongSwan Mailing list nobody really answered this question.

Yes, the configured vpn client works as expected on Ubuntu 16.10.