On Mon, Apr 6, 2020 at 1:22 PM Majcher Wojciech (STUD) <wojciech.majcher.s...@pw.edu.pl> wrote: > > Hi, > > I've tried to establish ipsec tunnel according to OvS IPsec tutorial. On one > side of the tunnel i use Fedora 31 OS and StrongSwan IKE daemon. > > I am getting strongswan service error: > > strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf > Loaded: loaded (/usr/lib/systemd/system/strongswan.service; disabled; > vendor preset: disabled) > Active: inactive (dead) > > Apr 06 20:19:49 fedora.wojtek strongswan[3177]: 00[CFG] > /etc/strongswan/strongswan.d/charon.conf:4: syntax error, unexpected ., > expecting : or '{' or '=' [.] > Apr 06 20:19:49 fedora.wojtek strongswan[3177]: 00[CFG] invalid config file > '/etc/strongswan/strongswan.conf' > Apr 06 20:19:49 fedora.wojtek strongswan[3177]: 00[LIB] abort initialization > due to invalid configuration > Apr 06 20:19:49 fedora.wojtek strongswan[3177]: charon has quit: integrity > test of libstrongswan failed > Apr 06 20:19:49 fedora.wojtek ipsec_starter[3177]: charon has quit: integrity > test of libstrongswan failed > Apr 06 20:19:49 fedora.wojtek strongswan[3177]: charon refused to be started > Apr 06 20:19:49 fedora.wojtek ipsec_starter[3177]: charon refused to be > started > Apr 06 20:19:49 fedora.wojtek strongswan[3177]: ipsec starter stopped > Apr 06 20:19:49 fedora.wojtek ipsec_starter[3177]: ipsec starter stopped > Apr 06 20:19:49 fedora.wojtek systemd[1]: strongswan.service: Succeeded. > > > charon.conf: > > # Generated by ovs-monitor-ipsec...do not modify by hand! > > > charon.plugins.kernel-netlink.set_proto_port_transport_sa = yes Is the line line #4 that is causing the issue the one above?
If yes, then I am wondering if that option has been removed set_proto_port_transport_sa option in later versions. Can you simply remove it and reload strongswan with "ipsec restart" to see if the issue went away? > charon.plugins.kernel-netlink.xfrm_ack_expires = 10 > charon.load_modular = yes > charon.plugins.gcm.load = yes > > strongswan.conf: > > # strongswan.conf - strongSwan configuration file > # > # Refer to the strongswan.conf(5) manpage for details > # > # Configuration changes should be made in the included files > > charon { > load_modular = yes > plugins { > include strongswan.d/charon/*.conf > } > } > > include strongswan.d/*.conf > > > OvS: > > openvswitch-ipsec.x86_64 > 2.12.0-1.fc31 > openvswitch.x86_64 > 2.12.0-1.fc31 > > StrongSwan: > > strongswan.x86_64 > 5.7.2-3.fc31 > > Is it the StrongSwan service issue ? The tutorial is for fedora 27 and > StrongSwan (>= v5.3.5). > > Best Regards, > Wojtek > > > _______________________________________________ > discuss mailing list > disc...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-discuss _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss