7.7.1 and strongSwan

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
hb
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

7.7.1 and strongSwan

hb
Some plugins are missing and then there is an 524 error.

# ipsec --version
Linux strongSwan U5.5.0/K4.7.9-64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
#
# ipsec start
Starting strongSwan 5.5.0 IPsec [starter]...
# ipsec up not-shown
...
no XAuth method found
...
establishing connection 'not-shown' failed
#

No surprise, the xauth plugin is missing.

# aptitude update
...
# aptitude install libcharon-extra-plugins
The following NEW packages will be installed:
  libcharon-extra-plugins{b} libfcgi0ldbl{a}
0 packages upgraded, 2 newly installed, 0 to remove and 2583 not upgraded.
Need to get 485 kB of archives. After unpacking 1,508 kB will be used.
The following packages have unmet dependencies:
  libcharon-extra-plugins : Depends: libstrongswan (= 5.2.1-6+deb8u2) but
5.5.0-2 is installed and it is kept back
...
#

Hmm, no 5.5.0-2 extra plugins?

OK, I can get them from
http://snapshot.debian.org/archive/debian/20160918T165732Z/pool/main/s/strongswan/libcharon-extra-plugins_5.5.0-2_i386.deb

Yes, i386!

# dpkg -i Downloads/libcharon-extra-plugins_5.5.0-2_i386.deb
Selecting previously unselected package libcharon-extra-plugins.
(Reading database ... 458785 files and directories currently installed.)
Preparing to unpack .../libcharon-extra-plugins_5.5.0-2_i386.deb ...
Unpacking libcharon-extra-plugins (5.5.0-2) ...
Setting up libcharon-extra-plugins (5.5.0-2) ...
#
# ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.5.0 IPsec [starter]...
# ipsec up not-shown
...
installing DNS server x.x.x.x to /etc/resolv.conf
installing DNS server y.y.y.y to /etc/resolv.conf
installing new virtual IP z.z.z.z
allocating SPI failed: Unknown error (524)
unable to get SPI
allocating SPI from kernel failed
establishing connection 'not-shown' failed
#

Almost there? 524 looks like ENOTSUPP. So what needs to be
enabled/supported?

No, installing version 5.2.1-6+deb8u2 of strongSwan doesn't change the
524 error.

No, in the strongSwan Mailing list nobody really answered this question.

Yes, the configured vpn client works as expected on Ubuntu 16.10.

Loading...