Comments (3)
All right, I manage to make ppk work but service still restarts,
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: received packet: from 10.2.4.100[500] to 10.2.4.5[500] (280 bytes)
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) N(USE_PPK) ]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: 10.2.4.100 is initiating an IKE_SA
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: selected proposal: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_256
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: sending cert request for "C=US, ST=California, redacted"
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: sending cert request for "C=US, ST=California, redacted "
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(USE_PPK) N(CHDLESS_SUP) N(MULT_AUTH) ]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: sending packet: from 10.2.4.5[500] to 10.2.4.100[500] (333 bytes)
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: received packet: from 10.2.4.100[4500] to 10.2.4.5[4500] (1244 bytes)
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: parsed IKE_AUTH request 1 [ EF(1/2) ]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: installing new virtual IP 10.2.4.5
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: thread 13 received 11
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: dumping 11 stack frame addresses:
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f49c3d7a000 [0x7f49c3d8e420]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> ??:?
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/plugins/libstrongswan-connmark.so @ 0x7f49c386b000 [0x7f49c386cfae]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> ??:0
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libcharon.so.0 @ 0x7f49c3e56000 [0x7f49c3e6581a]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libcharon/bus/bus.c:888
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libcharon.so.0 @ 0x7f49c3e56000 [0x7f49c3e8aa0e]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libcharon/sa/ike_sa.c:1189
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libcharon.so.0 @ 0x7f49c3e56000 [0x7f49c3e9b779]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libcharon/sa/ikev2/task_manager_v2.c:1911
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libcharon.so.0 @ 0x7f49c3e56000 [0x7f49c3e89aa0]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libcharon/sa/ike_sa.c:1637
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libcharon.so.0 @ 0x7f49c3e56000 [0x7f49c3e82797]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libcharon/processing/jobs/process_message_job.c:75
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f49c3ed7000 [0x7f49c3f174d8]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libstrongswan/processing/processor.c:262
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f49c3ed7000 [0x7f49c3f2ad8a]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libstrongswan/threading/thread.c:337 (discriminator 4)
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f49c3d7a000 [0x7f49c3d82609]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> ??:?
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /lib/x86_64-linux-gnu/libc.so.6 @ 0x7f49c3b88000 (clone+0x43) [0x7f49c3ca7133]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> ??:?
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: dumping 11 stack frame addresses:
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f49c3d7a000 [0x7f49c3d8e420]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> ??:?
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/plugins/libstrongswan-connmark.so @ 0x7f49c386b000 [0x7f49c386cfae]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> ??:0
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libcharon.so.0 @ 0x7f49c3e56000 [0x7f49c3e6581a]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libcharon/bus/bus.c:888
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libcharon.so.0 @ 0x7f49c3e56000 [0x7f49c3e8aa0e]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libcharon/sa/ike_sa.c:1189
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libcharon.so.0 @ 0x7f49c3e56000 [0x7f49c3e9b779]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libcharon/sa/ikev2/task_manager_v2.c:1911
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libcharon.so.0 @ 0x7f49c3e56000 [0x7f49c3e89aa0]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libcharon/sa/ike_sa.c:1637
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libcharon.so.0 @ 0x7f49c3e56000 [0x7f49c3e82797]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libcharon/processing/jobs/process_message_job.c:75
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f49c3ed7000 [0x7f49c3f174d8]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libstrongswan/processing/processor.c:262
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f49c3ed7000 [0x7f49c3f2ad8a]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> /home/ulvs/strongswan-5.9.11/src/libstrongswan/threading/thread.c:337 (discriminator 4)
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f49c3d7a000 [0x7f49c3d82609]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> ??:?
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: /lib/x86_64-linux-gnu/libc.so.6 @ 0x7f49c3b88000 (clone+0x43) [0x7f49c3ca7133]
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: -> ??:?
Oct 17 16:09:02 peerGW5 charon-systemd[152722]: killing ourself, received critical signal
Oct 17 16:09:03 peerGW5 systemd[1]: strongswan.service: Main process exited, code=killed, status=6/ABRT
Oct 17 16:09:03 peerGW5 systemd[1]: strongswan.service: Failed with result 'signal'.
from strongswan.
My guess is that you are combining binaries of a newer strongSwan version with those of an older one. In this case, the connmark plugin that's installed at /usr/lib/ipsec/plugins/libstrongswan-connmark.so
is probably from a strongSwan version before 5.9.2, which changed the interface for listener_t::ike_update
.
Since you are building from sources, first make sure that you removed any distribution packages related to strongSwan and then possibly re-install your custom build. If you built the old version from sources too, either remove the old plugins manually (connmark might not be the only one, check the timestamps), or enable the same configure options as before to build a new version of these plugins.
from strongswan.
Thank you so much, I indeed had some 5.8 packets installed. Removing them and reinstalling appears to solve the problem.
from strongswan.
Related Issues (20)
- android11 can't use "IKEv2/IPSec MSCHAPv2" to connect strongswanVPN server
- "<child>.local_ts" Dynamic acquisition of network card IP address HOT 2
- I used a tester to test VPN throughput and found that charon’s memory usage was high and was killed by the kernel. Is there any solution to limit memory usage? HOT 13
- Build of version 5.9.14 fails on alpine (musl) HOT 1
- ubuntu make error
- proposal_keywords.c is excluded by the .gitignore file HOT 2
- charon-nm: only a single CA cert file is loaded from "server certificate" file HOT 3
- add logger configuration for json output HOT 5
- Add support for the post-quantum ML-KEM KE algorithm in openssl plugin
- Routing regression between 5.9.8 (Debian Bookworm deb12u1) and 5.9.13 (Ubuntu 24.04 (2ubuntu4)) HOT 11
- libstrongswan rsa test getting hang sporadically with strongswan 5.9.6 HOT 2
- "Invalid ELF image for this architecture" error while running tests suite in strongswan HOT 1
- Confusing loading state in Battery Saver HOT 1
- "Invalid ELF image for this architecture" error while running tests suite in strongswan 5.8.4 version HOT 5
- Are there plans to adapt HarmonyOS in the future? HOT 2
- "printf_hooks" test failure in strongswan 5.9.13 version HOT 2
- Always list first usable address as base in the output of swanctl --list-pools command
- multiple subnet but only one establishing
- swanctl ignores load=no for plugins HOT 1
- "Stream tests and http fetcher tests" failing on strongswan 5.9.13 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from strongswan.