Hi,
your kernel need to have enabled CONFIG_XFRM_STATISTICS=y , probably
debian 10 kernel doesn't have this option enabled....
On 28/05/2019 03:30, Computerisms Corporation wrote:
Hi,
Not sure if I did something stupid or if there is an actual problem here.
I compiled libreswan on Debian 10 (Buster), all seemed to go well.
imported my certs, copied a working config and modified. try to start
ipsec and it just won't.
To be sure, I did:
rm -rf /usr/local/sbin/ipsec /usr/local/libexec/ipsec
and reran:
make programs
make install
and get the same problem.
First issue:
systemd[1]: ipsec.service: Start request repeated too quickly.
systemd[1]: ipsec.service: Failed with result 'exit-code'.
Fixed by putting:
RestartSec=1
in /etc/systemd/system/multi-user.target.wants/ipsec.service and
systemctl daemon-reload
After that, the only error message I can find to work with is
_stackmanager[523]: FAILURE in loading XFRM IPsec stack
I traced it down in the code to a file called _stackmanager.in, and it
appears the error is generated because of a missing file:
/proc/net/xfrm_stat
Here is where I have been spinning my wheels for a bit too long, I am
not sure if that is supposed to be created as a result of iproute2 or
some other package, or maybe it's a kernel module (I did install and
then remove dkms trying to xtables-addons working) issue and I need to
modprobe something, or if Libreswan was supposed to create it and
didn't. from the FAQ on the wiki, it kinda looks like the xfrm_stat
is part of the kernel itself, I have rebooted the machine just to make
sure the kernel is loaded properly.
So, did I find a real problem, or am I just in need of someone to
point out a glaringly obvious error on my part?
--
Saludos / Regards / Cumprimentos
António Silva
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
