[Swan] FAILURE in loading XFRM IPsec stack on 3.28

Computerisms Corporation bob at computerisms.ca
Tue May 28 01:30:49 UTC 2019


Hi,

Not sure if I did something stupid or if there is an actual problem here.

I compiled libreswan on Debian 10 (Buster), all seemed to go well. 
imported my certs, copied a working config and modified.  try to start 
ipsec and it just won't.

To be sure, I did:

rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec

and reran:

make programs
make install

and get the same problem.

First issue:

systemd[1]: ipsec.service: Start request repeated too quickly.
systemd[1]: ipsec.service: Failed with result 'exit-code'.

Fixed by putting:

RestartSec=1

in /etc/systemd/system/multi-user.target.wants/ipsec.service and

systemctl daemon-reload

After that, the only error message I can find to work with is

_stackmanager[523]: FAILURE in loading XFRM IPsec stack

I traced it down in the code to a file called _stackmanager.in, and it 
appears the error is generated because of a missing file:

/proc/net/xfrm_stat

Here is where I have been spinning my wheels for a bit too long, I am 
not sure if that is supposed to be created as a result of iproute2 or 
some other package, or maybe it's a kernel module (I did install and 
then remove dkms trying to xtables-addons working) issue and I need to 
modprobe something, or if Libreswan was supposed to create it and 
didn't.    from the FAQ on the wiki, it kinda looks like the xfrm_stat 
is part of the kernel itself, I have rebooted the machine just to make 
sure the kernel is loaded properly.

So, did I find a real problem, or am I just in need of someone to point 
out a glaringly obvious error on my part?

-- 
Bob Miller
Cell: 867-334-7117
Office: 867-633-3760
www.computerisms.ca


More information about the Swan mailing list