Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - jgrande

Pages: [1]

22.1 Legacy Series / Re: Strongswan not starting on 22.1

« on: February 05, 2022, 08:45:38 pm »

After a clean install I got logging to work. Now the problem is it does not automatically start and the config files are still empty. For example /usr/local/etc/ipsec.secrets doesn't contain any of the PSKs I entered from web UI.

Code: [Select]

<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="25"] 00[DMN] Starting IKE charon daemon (strongSwan 5.9.4, FreeBSD 13.0-STABLE, amd64)
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="26"] 00[KNL] unable to set IPSEC_POLICY on socket: Protocol not available
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="27"] 00[NET] installing IKE bypass policy failed
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="28"] 00[KNL] unable to set IPSEC_POLICY on socket: Protocol not available
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="29"] 00[NET] installing IKE bypass policy failed
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="30"] 00[KNL] unable to set UDP_ENCAP: Invalid argument
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="31"] 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="32"] 00[KNL] unable to set IPSEC_POLICY on socket: Protocol not available
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="33"] 00[NET] installing IKE bypass policy failed
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="34"] 00[KNL] unable to set IPSEC_POLICY on socket: Protocol not available
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="35"] 00[NET] installing IKE bypass policy failed
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="36"] 00[KNL] unable to set UDP_ENCAP: Protocol not available
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="37"] 00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="38"] 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="39"] 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="40"] 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="41"] 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="42"] 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="43"] 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="44"] 00[CFG] loaded 0 RADIUS server configurations
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="45"] 00[LIB] loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac gcm drbg attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam whitelist addrblock counters
<30>1 2022-02-05T11:52:14-07:00 gw.home.jxa.ca charon 62682 - [meta sequenceId="46"] 00[JOB] spawning 16 worker threads

# ipsec statusall
Status of IKE charon daemon (strongSwan 5.9.4, FreeBSD 13.0-STABLE, amd64):
  uptime: 7 seconds, since Feb 05 12:30:39 2022
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac gcm drbg attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam whitelist addrblock counters
Listening IP addresses:
  192.168.1.1
  162.x.y.z
Connections:
Security Associations (0 up, 0 connecting):
  none

22.1 Legacy Series / Re: Strongswan not starting on 22.1

« on: February 03, 2022, 07:54:22 am »

# /usr/local/sbin/ipsec start
Starting strongSwan 5.9.4 IPsec [starter]...
# pgrep charon
8465

22.1 Legacy Series / Re: Strongswan not starting on 22.1

« on: February 03, 2022, 06:07:09 am »

I can't find an ipsec/strongswan/charon log in /var/log:
audit dhcpd lighttpd ntpd qemu-ga.log routing userlog utx.log
configd filter ntp portalauth resolver system utx.lastlogin

Since most of the other services are using config files in the /var tree, I checked everywhere in the /var tree and I can not find any ipsec/strongswan/charon config files at all.

Virtual private networks / Re: VPN that requires no cert to install on windows 10 client

« on: February 03, 2022, 03:42:38 am »

If letsencrypt is an option for you, try IKEv2 + EAP MSCHAPv2.

22.1 Legacy Series / Re: Strongswan not starting on 22.1

« on: February 03, 2022, 02:57:56 am »

If anyone knows the command to manually start strongswan from the CLI, I could see if I get any errors there.

22.1 Legacy Series / Re: Strongswan not starting on 22.1

« on: February 03, 2022, 02:52:43 am »

Unfortunately the IPsec log is completely empty.

22.1 Legacy Series / Strongswan not starting on 22.1

« on: February 01, 2022, 06:59:01 am »

I'm unable to get the strongswan service to start on a clean install of 22.1. I checked the generated config files in /usr/local/etc and they're all installation default (checked ipsec, swanctl, strongswan, including the .d folders). As far as I can tell the config files aren't getting generated. Suspecting a bad option, I reset the IPsec config and set up a tunnel with as many defaults as possible, but it still won't start. The only thing I can find in logs is this:

Code: [Select]

2022-01-31T22:29:35-07:00	Notice	opnsense	plugins_configure ipsec (execute task : ipsec_configure_do(1))	 
2022-01-31T22:29:35-07:00	Notice	opnsense	plugins_configure ipsec (1)	 
2022-01-31T22:29:34-07:00	Notice	configctl	event @ 1643693374.31 exec: system event config_changed

2022-01-31T22:29:37-07:00	Error	configd.py	[cf9dc8e9-3ecf-49a4-bd81-3361c4e73102] Script action stderr returned "b"connecting to 'unix:///var/run/charon.vici' failed: No such file or directory\nError: connecting to 'default' URI failed: No such file or directory\nstrongSwan 5.9.4 swanctl\nusage:\n swanctl --stats [--raw|--pretty]\n --help (-h) show u""	
2022-01-31T22:29:37-07:00	Notice	configd.py	[cf9dc8e9-3ecf-49a4-bd81-3361c4e73102] request IPsec status	
2022-01-31T22:29:35-07:00	Notice	configd.py	[d90d7a0a-c063-4a0c-8a7d-49f65784b4f2] IPsec config generation	
2022-01-31T22:29:34-07:00	Notice	configd.py	[fd625239-5795-4d32-a6ed-da6d3c5c1fa4] trigger config changed event

I with I could be more specific but I'm at a loss here. Any help would be appreciated.

Pages: [1]