Re: StrongSwan as configured on Knoppix 8.1 isn't really useful ...

To: hb <hb09@mnet-mail.de>
Cc: debian-knoppix@lists.debian.org
Subject: Re: StrongSwan as configured on Knoppix 8.1 isn't really useful ...
From: Klaus Knopper <debian-knoppix@knopper.net>
Date: Tue, 13 Feb 2018 07:06:58 +0100
Message-id: <[🔎] 20180213060658.GI20295@knopper.net>
In-reply-to: <[🔎] 92215bdf-7a56-7a04-5f7a-7a2e78166cbe@mnet-mail.de>
References: <[🔎] 92215bdf-7a56-7a04-5f7a-7a2e78166cbe@mnet-mail.de>

Hello ,

On 10.02.18, hb wrote:
> or, more or less the same problems as with Knoppix 7.7.1:
> - XAuth is not installed and installing it is not straight forward
> - The kernel doesn't seem to be configured to support whatever
> (allocating SPI) strongSwan needs.

Can you tell me which kernel option is missing?

> # ipsec --version
> Linux strongSwan U5.6.0/K4.12.7-64
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil, Switzerland
> See 'ipsec --copyright' for copyright information.
> #
> 
> # ipsec up remote
> ...
> no XAuth method found
> 
> 
> # aptitude update
> ...
> 
> # aptitude install libcharon-extra-plugins

Please use

apt install -t testing libcharon-extra-plugins

else you will get:

> The following NEW packages will be installed:
>   libcharon-extra-plugins{b} libfcgi-bin{a} libfcgi0ldbl{a}
> 0 packages upgraded, 3 newly installed, 0 to remove and 1214 not upgraded.
> Need to get 490 kB of archives. After unpacking 1,501 kB will be used.
> The following packages have unmet dependencies:
>  libcharon-extra-plugins : Depends: libstrongswan (= 5.2.1-6+deb8u2) but
> 5.5.1-3 is installed
> The following actions will resolve these dependencies:
> 
>      Keep the following packages at their current version:
> 1)     libcharon-extra-plugins [Not Installed]

[...]

> # ipsec restart
> Stopping strongSwan IPsec...
> Starting strongSwan 5.5.1 IPsec [starter]...
> 
> # ipsec up remote
> ...
> XAuth authentication of '<username>' (myself) successful
> ...
> installing DNS server <DNS1_IP> to /etc/resolv.conf
> installing DNS server <DNS2_IP> to /etc/resolv.conf
> installing new virtual IP <VIRTUAL_IP>
> allocating SPI failed: Operation not supported (95)
> unable to get SPI
> allocating SPI from kernel failed
> removing DNS server <DNS2_IP> from /etc/resolv.conf
> removing DNS server <DNS1_IP> from /etc/resolv.conf
> establishing connection 'remote' failed

Does this help: https://wiki.strongswan.org/issues/996
?

Regards
-Klaus Knopper

Reply to:

Follow-Ups:
- Re: StrongSwan as configured on Knoppix 8.1 isn't really useful ...
  - From: hb <hb09@mnet-mail.de>
- Re: StrongSwan as configured on Knoppix 8.1 isn't really useful ...
  - From: hb <hb09@mnet-mail.de>

References:
- StrongSwan as configured on Knoppix 8.1 isn't really useful ...
  - From: hb <hb09@mnet-mail.de>

Prev by Date: StrongSwan as configured on Knoppix 8.1 isn't really useful ...
Next by Date: Re: StrongSwan as configured on Knoppix 8.1 isn't really useful ...
Previous by thread: StrongSwan as configured on Knoppix 8.1 isn't really useful ...
Next by thread: Re: StrongSwan as configured on Knoppix 8.1 isn't really useful ...
Index(es):
- Date
- Thread