Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - jgrande

Pages1
#1
22.1 Legacy Series / Re: Strongswan not starting on 22.1
February 05, 2022, 08:45:38 PM
After a clean install I got logging to work. Now the problem is it does not automatically start and the config files are still empty. For example /usr/local/etc/ipsec.secrets doesn't contain any of the PSKs I entered from web UI.

Code Select

<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="25"] 00[DMN] Starting IKE charon daemon (strongSwan 5.9.4, FreeBSD 13.0-STABLE, amd64)
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="26"] 00[KNL] unable to set IPSEC_POLICY on socket: Protocol not available
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="27"] 00[NET] installing IKE bypass policy failed
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="28"] 00[KNL] unable to set IPSEC_POLICY on socket: Protocol not available
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="29"] 00[NET] installing IKE bypass policy failed
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="30"] 00[KNL] unable to set UDP_ENCAP: Invalid argument
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="31"] 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="32"] 00[KNL] unable to set IPSEC_POLICY on socket: Protocol not available
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="33"] 00[NET] installing IKE bypass policy failed
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="34"] 00[KNL] unable to set IPSEC_POLICY on socket: Protocol not available
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="35"] 00[NET] installing IKE bypass policy failed
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="36"] 00[KNL] unable to set UDP_ENCAP: Protocol not available
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="37"] 00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="38"] 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="39"] 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="40"] 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="41"] 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="42"] 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="43"] 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="44"] 00[CFG] loaded 0 RADIUS server configurations
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="45"] 00[LIB] loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac gcm drbg attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam whitelist addrblock counters
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="46"] 00[JOB] spawning 16 worker threads

# ipsec statusall
Status of IKE charon daemon (strongSwan 5.9.4, FreeBSD 13.0-STABLE, amd64):
  uptime: 7 seconds, since Feb 05 12:30:39 2022
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac gcm drbg attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam whitelist addrblock counters
Listening IP addresses:
  192.168.1.1
  162.x.y.z
Connections:
Security Associations (0 up, 0 connecting):
  none
#2
22.1 Legacy Series / Re: Strongswan not starting on 22.1
February 03, 2022, 07:54:22 AM
# /usr/local/sbin/ipsec start
Starting strongSwan 5.9.4 IPsec [starter]...
# pgrep charon
8465
#3
22.1 Legacy Series / Re: Strongswan not starting on 22.1
February 03, 2022, 06:07:09 AM
I can't find an ipsec/strongswan/charon log in /var/log:
audit           dhcpd           lighttpd        ntpd            qemu-ga.log     routing         userlog         utx.log
configd         filter          ntp             portalauth      resolver        system          utx.lastlogin

Since most of the other services are using config files in the /var tree, I checked everywhere in the /var tree and I can not find any ipsec/strongswan/charon config files at all.
#4
Virtual private networks / Re: VPN that requires no cert to install on windows 10 client
February 03, 2022, 03:42:38 AM
If letsencrypt is an option for you, try IKEv2 + EAP MSCHAPv2.
#5
22.1 Legacy Series / Re: Strongswan not starting on 22.1
February 03, 2022, 02:57:56 AM
If anyone knows the command to manually start strongswan from the CLI, I could see if I get any errors there.
#6
22.1 Legacy Series / Re: Strongswan not starting on 22.1
February 03, 2022, 02:52:43 AM
Unfortunately the IPsec log is completely empty.
#7
22.1 Legacy Series / Strongswan not starting on 22.1
February 01, 2022, 06:59:01 AM
I'm unable to get the strongswan service to start on a clean install of 22.1. I checked the generated config files in /usr/local/etc and they're all installation default (checked ipsec, swanctl, strongswan, including the .d folders). As far as I can tell the config files aren't getting generated. Suspecting a bad option, I reset the IPsec config and set up a tunnel with as many defaults as possible, but it still won't start. The only thing I can find in logs is this:

Code Select
2022-01-31T22:29:35-07:00 Notice opnsense plugins_configure ipsec (execute task : ipsec_configure_do(1))
2022-01-31T22:29:35-07:00 Notice opnsense plugins_configure ipsec (1)
2022-01-31T22:29:34-07:00 Notice configctl event @ 1643693374.31 exec: system event config_changed

2022-01-31T22:29:37-07:00 Error configd.py [cf9dc8e9-3ecf-49a4-bd81-3361c4e73102] Script action stderr returned "b"connecting to 'unix:///var/run/charon.vici' failed: No such file or directory\nError: connecting to 'default' URI failed: No such file or directory\nstrongSwan 5.9.4 swanctl\nusage:\n swanctl --stats [--raw|--pretty]\n --help (-h) show u""
2022-01-31T22:29:37-07:00 Notice configd.py [cf9dc8e9-3ecf-49a4-bd81-3361c4e73102] request IPsec status
2022-01-31T22:29:35-07:00 Notice configd.py [d90d7a0a-c063-4a0c-8a7d-49f65784b4f2] IPsec config generation
2022-01-31T22:29:34-07:00 Notice configd.py [fd625239-5795-4d32-a6ed-da6d3c5c1fa4] trigger config changed event


I with I could be more specific but I'm at a loss here. Any help would be appreciated.
Pages1