Hi, I've had it already compiled with --with-capabilities=libcap . I've tried sudo'ing and it has changed something, but I think there are still missing some bits.
Here's the new log error : Jul 2 13:33:56 vpn6-test pluto[3286]: "cisco-vpn"[6] 192.168.3.18:58180 #6: up-client output: /usr/local/libexec/ipsec/_updown: unknown interface version `' Jul 2 13:33:56 vpn6-test pluto[3286]: "cisco-vpn"[6] 192.168.3.18:58180 #6: up-client command exited with status 2 Jul 2 13:33:56 vpn6-test pluto[3286]: "cisco-vpn"[6] 192.168.3.18:58180 #6: ERROR: netlink response for Del SA esp.63e0a...@192.168.1.13 included errno 3: No such process Jul 2 13:33:57 vpn6-test pluto[3286]: "cisco-vpn"[6] 192.168.3.18:58180 #5: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x919ff160) not found (maybe expired) Jul 2 13:33:57 vpn6-test pluto[3286]: "cisco-vpn"[6] 192.168.3.18:58180 #5: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x63e0a322) not found (maybe expired) kind regards Claude On Friday 02 July 2010 12:13:21 Martin Willi wrote: > Hi, > > > I've compiled strongswan with user vpn and group vpn. > > If you use non-root users, you'll need support for capability handling > too. Add --with-capabilities=libcap to ./configure. > > > route-client output: Not sufficient rights to flush > > It is not possible to propagate the capabilities to the updown script. > Pluto uses the updown script not only for firewalling, but also for > route installation. > You'll have to run the updown script with root privileges. Never tried > it, but file system based capability settings might work. Another > alternative is to define > leftupdown="sudo ipsec _updown" > and configure sudo accordingly. > > Regards > Martin > > -- Claude Tompers Ingénieur réseau et système Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users