Re: [strongSwan] ipsec.secrets loading p12 file fail due to no CRED_CONTAINER during enumeration

2019-02-05 Thread Peter Hsiang 
Hi Tobias,

You are right.  The plugin pkcs12 is not being loaded.
By adding the ! to force loading it, confirms failure to load this plugin.
Checking the items per the wiki, they look fine.  What else could be missing?

1) The pkcs12 plugin is present.
  $ find |grep pkcs12.so
  ./lib/ipsec/plugins/libstrongswan-pkcs12.so

---
2) strongswan.conf does include strongswan.d/charon:

charon {
load = random nonce aes md5 sha1 sha2 pem pkcs8 pkcs12 curve25519 gmp x509 curl 
revocation hmac gcm stroke kernel-netlink socket-default eap-tls updown

multiple_authentication=no
plugins {
 include strongswan.d/charon/*.conf
}

syslog {
 daemon {
  tls = 2
 }
}

}

include strongswan.d/*.conf

---
3) pkcs12.conf does have load=yes

/etc/strongswan.d/charon# cat pkcs12.conf
pkcs12 {

# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes

}

---
4) Yes I compiled strongswan myself.
Here is the configuration:

./configure --prefix=/usr --sysconfdir=/etc \
--enable-monolithic --enable-openssl --enable-kernel-libipsec \
--enable-eap-identity --enable-eap-mschapv2 --enable-eap-md5 --enable-eap-aka \
--enable-eap-tls --enable-eap-ttls --enable-error-notify \
--enable-eap-aka-3gpp --enable-eap-aka-3gpp2 \
--enable-eap-peap --enable-eap-dynamic --enable-ipseckey \
--enable-eap-sim --enable-eap-sim-file --enable-acert \
--enable-agent --enable-files --enable-ctr --enable-ccm

I believe pkcs12 is enabled by default.  Perhaps it's missing other packages?

Thanks,
Peter



From: Tobias Brunner 
Sent: Tuesday, February 5, 2019 12:12 AM
To: Peter Hsiang; users@lists.strongswan.org
Subject: Re: [strongSwan] ipsec.secrets loading p12 file fail due to no 
CRED_CONTAINER during enumeration

Hi Peter,

> Any idea why there is no pkcs12 in the log message?

https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Plugin-is-missing

Regards,
Tobias

---
This email message is for the sole use of the intended recipient(s) and may 
contain
confidential information.  Any unauthorized review, use, disclosure or 
distribution
is prohibited.  If you are not the intended recipient, please contact the 
sender by
reply email and destroy all copies of the original message.
---

Re: [strongSwan] ipsec.secrets loading p12 file fail due to no CRED_CONTAINER during enumeration

2019-02-05 Thread Tobias Brunner 
Hi Peter,

> Any idea why there is no pkcs12 in the log message?

https://wiki.strongswan.org/projects/strongswan/wiki/FAQ#Plugin-is-missing

Regards,
Tobias