[Swan] FAILURE in loading XFRM IPsec stack on 3.28

António Silva asilva at wirelessmundi.com
Wed May 29 07:47:42 UTC 2019


Hi,

your kernel need to have enabled CONFIG_XFRM_STATISTICS=y , probably 
debian 10 kernel doesn't have this option enabled....


On 28/05/2019 03:30, Computerisms Corporation wrote:
> Hi,
>
> Not sure if I did something stupid or if there is an actual problem here.
>
> I compiled libreswan on Debian 10 (Buster), all seemed to go well. 
> imported my certs, copied a working config and modified.  try to start 
> ipsec and it just won't.
>
> To be sure, I did:
>
> rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec
>
> and reran:
>
> make programs
> make install
>
> and get the same problem.
>
> First issue:
>
> systemd[1]: ipsec.service: Start request repeated too quickly.
> systemd[1]: ipsec.service: Failed with result 'exit-code'.
>
> Fixed by putting:
>
> RestartSec=1
>
> in /etc/systemd/system/multi-user.target.wants/ipsec.service and
>
> systemctl daemon-reload
>
> After that, the only error message I can find to work with is
>
> _stackmanager[523]: FAILURE in loading XFRM IPsec stack
>
> I traced it down in the code to a file called _stackmanager.in, and it 
> appears the error is generated because of a missing file:
>
> /proc/net/xfrm_stat
>
> Here is where I have been spinning my wheels for a bit too long, I am 
> not sure if that is supposed to be created as a result of iproute2 or 
> some other package, or maybe it's a kernel module (I did install and 
> then remove dkms trying to xtables-addons working) issue and I need to 
> modprobe something, or if Libreswan was supposed to create it and 
> didn't.    from the FAQ on the wiki, it kinda looks like the xfrm_stat 
> is part of the kernel itself, I have rebooted the machine just to make 
> sure the kernel is loaded properly.
>
> So, did I find a real problem, or am I just in need of someone to 
> point out a glaringly obvious error on my part?
>
-- 
Saludos / Regards / Cumprimentos
António Silva



More information about the Swan mailing list