[Swan-dev] 'error: ‘CKM_AES_CTR’ undeclared' while compiling libreswan-3.15
paul at nohats.ca
Tue Sep 22 19:55:18 EEST 2015
On Tue, 22 Sep 2015, prasad zambare wrote:
> Please find the below steps and let me know what I am missing or doing wrong. Please guide me on how can I use or deploy the
> compiled binaries of libreswan+nss.
> Commented lines from Makefile.inc starting with NSSFLAGS and NSSLIBS (as Makefile.inc.local was not present)
Makefile.inc.local will never be created by us. The idea is you can
always just copy your Makefile.inc.local into any libreswan-3.xx/
directory and everything in Makefile.inc.local overrides what is in
So yes, you can change Makefile.inc too.
> Appended below lines to Makefile.inc (as i did not find nss folder in /usr/local/include, but found it in
> NSSFLAGS=-I/root/libreconfig/nss-3.16/dist/public/nss -I/usr/local/include/nspr
> NSSLIBS=-L/usr/local/lib -lssl3 -lsmime3 -lnss3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl
These should get auto-detected using pkg-config. If not, then your
install of nss or nspr was not complete. You should never need to
link against things in the nss-3.16 source tree!
> Also, set LD_LIBRARY_PATH to /root/libreconfig/nss-3.16/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/lib (to resolve undefined reference
That seems wrong. is /usr/local/lib in your /etc/ld.so.conf? You need to
install the nss library and headers using something like "make install".
> Then copied certutil to /usr/bin (to avoid error "/usr/local/sbin/ipsec: line 342: certutil: command not found" while starting
> ipsec service)
> cp ../nss-3.16/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/bin/certutil /usr/bin/
/usr/local/bin and /usr/local/sbin tend to not be in root's PATH on
> After these steps when '/etc/ipsec start' ipsec got started but immediately after; the '/etc/ipsec status' showed it has stopped.
the ipsec command should not be in /etc ???
the ipsec command should be in your path, and then you can issue:
More information about the Swan-dev