[Swan] Need support for IPSEC

Sriram Yarlagadda sriram.yarlagadda2 at gmail.com
Fri Mar 23 23:42:22 UTC 2018 

Hello Libreswan team,

How are you doing ?

I have been trying to develop a cybersecurity project for learning
purposes. My goal is to add ipsec stack to my ethernet communication
between Beagle bone board and my computer.

I have been facing following issues from the past couple of days on using
IPSEC stack. I would really appreciate your help if you can provide some
insights to me.

I downloaded the package from the following weblink
https://download.libreswan.org/libreswan-3.23.tar.gz

After downloading the file i ran the following commands to install

$sudo make all
$sudo make install


i am observing the following errors when i tried starting the IPSEC service

$sudo systemctl status ipsec.service

ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
   Loaded: loaded (/lib/systemd/system/ipsec.service; enabled; vendor
preset: enabled)
   Active: inactive (dead) (Result: exit-code) since Fri 2018-03-23
16:26:35 PDT; 5s ago
     Docs: man:ipsec(8)
           man:pluto(8)
           man:ipsec.conf(5)
  Process: 114278 ExecStartPre=/usr/local/libexec/ipsec/_stackmanager start
(code=exited, status=1/FAILURE)
  Process: 114270 ExecStartPre=/usr/local/libexec/ipsec/addconn --config
/etc/ipsec.conf --checkconfig (code=exited, status=0/SUCCES
 Main PID: 35602 (code=exited, status=127)

Mar 23 16:26:35 ubuntu systemd[1]: Failed to start Internet Key Exchange
(IKE) Protocol Daemon for IPsec.
Mar 23 16:26:35 ubuntu systemd[1]: ipsec.service: Unit entered failed state.
Mar 23 16:26:35 ubuntu systemd[1]: ipsec.service: Failed with result
'exit-code'.
Mar 23 16:26:35 ubuntu systemd[1]: ipsec.service: Service hold-off time
over, scheduling restart.
Mar 23 16:26:35 ubuntu systemd[1]: Stopped Internet Key Exchange (IKE)
Protocol Daemon for IPsec.
Mar 23 16:26:35 ubuntu systemd[1]: ipsec.service: Start request repeated
too quickly.
Mar 23 16:26:35 ubuntu systemd[1]: Failed to start Internet Key Exchange
(IKE) Protocol Daemon for IPsec.


following is the data when i ran the
$ipsec verify

Checking if IPsec got installed and started correctly:

Version check and ipsec on-path                    [OK]
Openswan U2.6.50/K4.13.0-37-generic (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel              [OK]
 NETKEY: Testing XFRM related proc values
         ICMP default/send_redirects              [OK]
         ICMP default/accept_redirects            [OK]
         XFRM larval drop                          [OK]
Hardware random device check                      [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter                                [OK]
Checking that pluto is running                    [FAILED]
Checking NAT and MASQUERADEing                    [TEST INCOMPLETE]
Checking 'ip' command                              [OK]
Checking 'iptables' command                        [OK]

ipsec verify: encountered errors

I do not see the following file available

/var/log/pluto.ctl

following are my OS details
Linux ubuntu 4.13.0-37-generic #42~16.04.1-Ubuntu SMP Wed Mar 7 16:03:28
UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


I would really appreciate your time and support if you can give some
insights on what things i can try to solve this issue.

Regrds,
Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180323/5f0a1f79/attachment.html>

More information about the Swan mailing list