[Swan] FAILURE in loading XFRM IPsec stack on 3.28
Computerisms Corporation
bob at computerisms.ca
Tue May 28 01:30:49 UTC 2019
Hi,
Not sure if I did something stupid or if there is an actual problem here.
I compiled libreswan on Debian 10 (Buster), all seemed to go well.
imported my certs, copied a working config and modified. try to start
ipsec and it just won't.
To be sure, I did:
rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec
and reran:
make programs
make install
and get the same problem.
First issue:
systemd[1]: ipsec.service: Start request repeated too quickly.
systemd[1]: ipsec.service: Failed with result 'exit-code'.
Fixed by putting:
RestartSec=1
in /etc/systemd/system/multi-user.target.wants/ipsec.service and
systemctl daemon-reload
After that, the only error message I can find to work with is
_stackmanager[523]: FAILURE in loading XFRM IPsec stack
I traced it down in the code to a file called _stackmanager.in, and it
appears the error is generated because of a missing file:
/proc/net/xfrm_stat
Here is where I have been spinning my wheels for a bit too long, I am
not sure if that is supposed to be created as a result of iproute2 or
some other package, or maybe it's a kernel module (I did install and
then remove dkms trying to xtables-addons working) issue and I need to
modprobe something, or if Libreswan was supposed to create it and
didn't. from the FAQ on the wiki, it kinda looks like the xfrm_stat
is part of the kernel itself, I have rebooted the machine just to make
sure the kernel is loaded properly.
So, did I find a real problem, or am I just in need of someone to point
out a glaringly obvious error on my part?
--
Bob Miller
Cell: 867-334-7117
Office: 867-633-3760
www.computerisms.ca
More information about the Swan
mailing list