Hi Terry,
For a start, the code is here:
https://git.alpinelinux.org/cgit/user/tteras/strongswan/log/?h=tteras-release
That's not documented, but Timo didn't touch anything in the build system or
the configure arguments, so the commands are the same as one would normally
build strongSwan.
The
Hi Noel,
Any chance there is a document describing how Timo builds it?
Regards,
Terry
> On 9 Nov 2017, at 3:37 AM, Noel Kuntze
> wrote:
>
> Hello Terry,
>
> Of course it aborts. %any is neither an IP address, nor an FQDN.
>
> Check the
Hello Terry,
Of course it aborts. %any is neither an IP address, nor an FQDN.
Check the output of `which ipsec` to figure out where your shell gets it from.
Make sure it uses only libs that belong to your compiled version. You likely
mixed up
the files of the package with your self compiled
Hi,
Also, I’ve noticed a different error message.
root@test-frr-debian-02:/run# ipsec up dmvpn
unable to resolve %any, initiate aborted
tried to checkin and delete nonexisting IKE_SA
establishing connection 'dmvpn’ failed
This is the output of “ispec statusall”
root@test-frr-debian-02:/run#
Hi Jafar,
You are right!
After I allowed user “frr” to access “charon.vici”, the error message is gone.
Now I’m getting this error message.
2017/11/08 15:41:45 NHRP: VICI: StrongSwan does not support mandatory events
(unpatched?)
I installed tteras’ patched version of strongswan.
However
Terry,
From the limited information you are giving, my guess is that nhrpd
doesn't have permissions to access the VICI socket. nhrpd is probably
configured as part of FRR/Quagga with permissions to access
/var/run/frr or /var/run/quagga only. Whereas the vici socket, according to
> Hi,
>
> I’m trying to setup nhrpd with strongswan, and I’m getting this error message.
>
> Failure connecting VICI socket: permission denied
>
> I wonder if there is a way to test the VICI socket and see if it’s running
> properly?
>
> Regards,
>
> Terry