After I recompiled my ports with libressl support (openntpd asked for it), I have an issue with security/strongswan Or 2 issues, actually: Aug 25 17:14:59 sphinx charon: 00[LIB] plugin 'openssl' failed to load: /usr/local/lib/ipsec/plugins/libstrongswan-openssl.so: Undefined symbol "CMS_RecipientInfo_ktri_get0_signer_id" Aug 25 17:14:59 sphinx charon: 05[IKE] configured DH group MODP_3072 not supported
I tried different DH groups without any success, so I suppose strongswan is broken. I read UPDATING and applied https://raw.githubusercontent.com/HardenedBSD/hardenedbsd-ports/c2091a265c9c78401cd1f4135de97590c8e7c454/security/strongswan/files/patch-src_libstrongswan_plugins_openssl_openssl__plugin.c No effect at all. Any workarounds or confirmation? Aug 25 17:14:59 sphinx charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.0, FreeBSD 11.0-RC1, amd64) Aug 25 17:14:59 sphinx charon: 00[LIB] plugin 'openssl' failed to load: /usr/local/lib/ipsec/plugins/libstrongswan-openssl.so: Undefined symbol "CMS_RecipientInfo_ktri_get0_signer_id" Aug 25 17:14:59 sphinx charon: 00[NET] could not open socket: Address family not supported by protocol family Aug 25 17:14:59 sphinx charon: 00[NET] could not open IPv6 socket, IPv6 disabled Aug 25 17:14:59 sphinx charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' Aug 25 17:14:59 sphinx charon: 00[LIB] building CRED_CERTIFICATE - X509 failed, tried 3 builders Aug 25 17:14:59 sphinx charon: 00[CFG] loading ca certificate from '/usr/local/etc/ipsec.d/cacerts/ipsec-ca-cert.pem' failed Aug 25 17:14:59 sphinx charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' Aug 25 17:14:59 sphinx charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' Aug 25 17:14:59 sphinx charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' Aug 25 17:14:59 sphinx charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' Aug 25 17:14:59 sphinx charon: 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' Aug 25 17:14:59 sphinx charon: 00[LIB] building CRED_PRIVATE_KEY - RSA failed, tried 4 builders Aug 25 17:14:59 sphinx charon: 00[CFG] loading private key from '/usr/local/etc/ipsec.d/private/ipsec-sphinx-key.pem' failed Aug 25 17:14:59 sphinx charon: 00[LIB] loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf xcbc cmac hmac attr kernel-pfkey kernel-pfroute resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-ttls eap-peap whitelist addrblock Aug 25 17:14:59 sphinx charon: 00[JOB] spawning 16 worker threads Aug 25 17:14:59 sphinx ipsec_starter[96396]: charon (96397) started after 20 ms Aug 25 17:14:59 sphinx charon: 01[CFG] received stroke: add connection 'abinet' Aug 25 17:14:59 sphinx charon: 01[LIB] building CRED_CERTIFICATE - ANY failed, tried 1 builders Aug 25 17:14:59 sphinx charon: 01[CFG] loading certificate from 'ipsec-sphinx-cert.pem' failed Aug 25 17:14:59 sphinx charon: 01[CFG] added configuration 'abinet' Aug 25 17:14:59 sphinx charon: 05[CFG] received stroke: initiate 'abinet' Aug 25 17:14:59 sphinx charon: 05[IKE] initiating IKE_SA abinet[1] to xxxxxxxxxxxxxxxx Aug 25 17:14:59 sphinx charon: 05[IKE] configured DH group MODP_3072 not supported Aug 25 17:14:59 sphinx charon: 05[MGR] tried to checkin and delete nonexisting IKE_SA -- abi <a...@abinet.ru> _______________________________________________ freebsd-ports@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
