[Swan] Need support for IPSEC

Sriram Yarlagadda sriram.yarlagadda2 at gmail.com
Thu Mar 29 04:34:34 UTC 2018 

Hello Paul,

Thank you very much for your response. I installed a new version of Debian
which is supposed to have support for ipsec Libreswan. But still continue
have some additional issues. Following are the details regarding the issue
observed.

*$uname -r*
4.9.82-ti-r102

*$uname -a*
Linux beaglebone 4.9.82-ti-r102 #1 SMP PREEMPT Thu Feb 22 01:16:12 UTC 2018
armv7l GNU/Linux

*$ipsec verify *
Verifying installed system and configuration files

Version check and ipsec on-path                    [OK]
Libreswan v3.23-dirty-17510eef70f0c2c18fcd5f1bb4eb447aa931733e (netkey) on
4.9.82-ti-r102
Checking for IPsec support in kernel              [OK]
 NETKEY: Testing XFRM related proc values
         ICMP default/send_redirects              [OK]
         ICMP default/accept_redirects            [OK]
         XFRM larval drop                          [OK]
Pluto ipsec.conf syntax                            [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter                                [OK]
Checking that pluto is running                    [FAILED]
Checking 'ip' command                              [OK]
Checking 'iptables' command                        [OK]
Checking 'prelink' command does not interfere with FIPS [OK]
Checking for obsolete ipsec.conf options          [OK]

*$ipsec status*
whack: Pluto is not running (no "/run/pluto/pluto.ctl")

* $systemctl status ipsec.service*
● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
   Loaded: loaded (/lib/systemd/system/ipsec.service; enabled; vendor
preset: en
   Active: activating (start-pre) since Thu 2018-03-29 04:31:49 UTC; 1s ago
     Docs: man:ipsec(8)
           man:pluto(8)
           man:ipsec.conf(5)
  Process: 17567 ExecStopPost=/usr/local/sbin/ipsec --stopnflog
(code=exited, st
  Process: 17564 ExecStopPost=/sbin/ip xfrm state flush (code=exited,
status=0/S
  Process: 17561 ExecStopPost=/sbin/ip xfrm policy flush (code=exited,
status=0/
  Process: 17536 ExecStart=/usr/local/libexec/ipsec/pluto --leak-detective
--con
  Process: 17523 ExecStartPre=/usr/local/sbin/ipsec --checknflog
(code=exited, s
  Process: 17520 ExecStartPre=/usr/local/sbin/ipsec --checknss
(code=exited, sta
  Process: 17575 ExecStartPre=/usr/local/libexec/ipsec/addconn --config
/etc/ips
 Main PID: 17536 (code=exited, status=9); Control PID: 17578 (_stackmanager)
    Tasks: 3 (limit: 4915)
   CGroup: /system.slice/ipsec.service
           └─control
             ├─17578 /bin/sh /usr/local/libexec/ipsec/_stackmanager start
             └─17746 modprobe --quiet --use-blacklist esp4


Can you please help me resolve this problem. I would really appreciate your
support if you can help me with some directions on what to resolve.

Thank you very much for your time in advance.

Regards,
Sriram Yarlagadda




On Mon, Mar 26, 2018 at 7:54 AM, Paul Wouters <paul at nohats.ca> wrote:

> On Fri, 23 Mar 2018, Sriram Yarlagadda wrote:
>
> i am observing the following errors when i tried starting the IPSEC service
>>
>
>   Process: 114278 ExecStartPre=/usr/local/libexec/ipsec/_stackmanager
>> start (code=exited, status=1/FAILURE)
>>
>
>
> the stackmanager failed to insert or see the proper kernel modules.
> Likely your kernel does not support (inline or via module) some of
> the IPsec / crypto requirements.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180329/52a8eca3/attachment-0001.html>

More information about the Swan mailing list