[Swan] Need support for IPSEC
Sriram Yarlagadda
sriram.yarlagadda2 at gmail.com
Thu Mar 29 04:34:34 UTC 2018
Hello Paul,
Thank you very much for your response. I installed a new version of Debian
which is supposed to have support for ipsec Libreswan. But still continue
have some additional issues. Following are the details regarding the issue
observed.
*$uname -r*
4.9.82-ti-r102
*$uname -a*
Linux beaglebone 4.9.82-ti-r102 #1 SMP PREEMPT Thu Feb 22 01:16:12 UTC 2018
armv7l GNU/Linux
*$ipsec verify *
Verifying installed system and configuration files
Version check and ipsec on-path [OK]
Libreswan v3.23-dirty-17510eef70f0c2c18fcd5f1bb4eb447aa931733e (netkey) on
4.9.82-ti-r102
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [FAILED]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPS [OK]
Checking for obsolete ipsec.conf options [OK]
*$ipsec status*
whack: Pluto is not running (no "/run/pluto/pluto.ctl")
* $systemctl status ipsec.service*
● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
Loaded: loaded (/lib/systemd/system/ipsec.service; enabled; vendor
preset: en
Active: activating (start-pre) since Thu 2018-03-29 04:31:49 UTC; 1s ago
Docs: man:ipsec(8)
man:pluto(8)
man:ipsec.conf(5)
Process: 17567 ExecStopPost=/usr/local/sbin/ipsec --stopnflog
(code=exited, st
Process: 17564 ExecStopPost=/sbin/ip xfrm state flush (code=exited,
status=0/S
Process: 17561 ExecStopPost=/sbin/ip xfrm policy flush (code=exited,
status=0/
Process: 17536 ExecStart=/usr/local/libexec/ipsec/pluto --leak-detective
--con
Process: 17523 ExecStartPre=/usr/local/sbin/ipsec --checknflog
(code=exited, s
Process: 17520 ExecStartPre=/usr/local/sbin/ipsec --checknss
(code=exited, sta
Process: 17575 ExecStartPre=/usr/local/libexec/ipsec/addconn --config
/etc/ips
Main PID: 17536 (code=exited, status=9); Control PID: 17578 (_stackmanager)
Tasks: 3 (limit: 4915)
CGroup: /system.slice/ipsec.service
└─control
├─17578 /bin/sh /usr/local/libexec/ipsec/_stackmanager start
└─17746 modprobe --quiet --use-blacklist esp4
Can you please help me resolve this problem. I would really appreciate your
support if you can help me with some directions on what to resolve.
Thank you very much for your time in advance.
Regards,
Sriram Yarlagadda
On Mon, Mar 26, 2018 at 7:54 AM, Paul Wouters <paul at nohats.ca> wrote:
> On Fri, 23 Mar 2018, Sriram Yarlagadda wrote:
>
> i am observing the following errors when i tried starting the IPSEC service
>>
>
> Process: 114278 ExecStartPre=/usr/local/libexec/ipsec/_stackmanager
>> start (code=exited, status=1/FAILURE)
>>
>
>
> the stackmanager failed to insert or see the proper kernel modules.
> Likely your kernel does not support (inline or via module) some of
> the IPsec / crypto requirements.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180329/52a8eca3/attachment-0001.html>
More information about the Swan
mailing list