Re: StrongSwan as configured on Knoppix 8.1 isn't really useful ...
Hello ,
On 10.02.18, hb wrote:
> or, more or less the same problems as with Knoppix 7.7.1:
> - XAuth is not installed and installing it is not straight forward
> - The kernel doesn't seem to be configured to support whatever
> (allocating SPI) strongSwan needs.
Can you tell me which kernel option is missing?
> # ipsec --version
> Linux strongSwan U5.6.0/K4.12.7-64
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil, Switzerland
> See 'ipsec --copyright' for copyright information.
> #
>
> # ipsec up remote
> ...
> no XAuth method found
>
>
> # aptitude update
> ...
>
> # aptitude install libcharon-extra-plugins
Please use
apt install -t testing libcharon-extra-plugins
else you will get:
> The following NEW packages will be installed:
> libcharon-extra-plugins{b} libfcgi-bin{a} libfcgi0ldbl{a}
> 0 packages upgraded, 3 newly installed, 0 to remove and 1214 not upgraded.
> Need to get 490 kB of archives. After unpacking 1,501 kB will be used.
> The following packages have unmet dependencies:
> libcharon-extra-plugins : Depends: libstrongswan (= 5.2.1-6+deb8u2) but
> 5.5.1-3 is installed
> The following actions will resolve these dependencies:
>
> Keep the following packages at their current version:
> 1) libcharon-extra-plugins [Not Installed]
[...]
> # ipsec restart
> Stopping strongSwan IPsec...
> Starting strongSwan 5.5.1 IPsec [starter]...
>
> # ipsec up remote
> ...
> XAuth authentication of '<username>' (myself) successful
> ...
> installing DNS server <DNS1_IP> to /etc/resolv.conf
> installing DNS server <DNS2_IP> to /etc/resolv.conf
> installing new virtual IP <VIRTUAL_IP>
> allocating SPI failed: Operation not supported (95)
> unable to get SPI
> allocating SPI from kernel failed
> removing DNS server <DNS2_IP> from /etc/resolv.conf
> removing DNS server <DNS1_IP> from /etc/resolv.conf
> establishing connection 'remote' failed
Does this help: https://wiki.strongswan.org/issues/996
?
Regards
-Klaus Knopper
Reply to: