Hi Today I didn't succed to configure site2site VPN with strongSwan. Details:
- Server Debian 7.3 32-bit, OpenVZ VM (Host is Proxmox) - I did configure 'Gateway moon' of http://www.strongswan.org/uml/testresults4/ikev2/rw-psk-ipv4/ # ipsec start Starting strongSwan 4.5.2 IPsec [starter]... !! Your strongswan.conf contains manual plugin load options for !! pluto and/or charon. This is recommended for experts only, see !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad # tail /var/log/daemon.log May 9 19:22:49 development charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.5.2) May 9 19:22:49 development charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' May 9 19:22:49 development charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' May 9 19:22:49 development charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' May 9 19:22:49 development charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' May 9 19:22:49 development charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' May 9 19:22:49 development charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' May 9 19:22:49 development charon: 00[CFG] loaded IKE secret for @development.test @office.test May 9 19:22:49 development charon: 00[KNL] listening on interfaces: May 9 19:22:49 development charon: 00[KNL] venet0 May 9 19:22:49 development charon: 00[KNL] 127.0.0.2 May 9 19:22:49 development charon: 00[KNL] [Public IP not shown in this E-Mail] May 9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported May 9 19:22:49 development charon: 00[NET] installing bypass policy on receive socket failed May 9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported May 9 19:22:49 development charon: 00[NET] installing bypass policy on send socket failed May 9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported May 9 19:22:49 development charon: 00[NET] installing bypass policy on send socket failed May 9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted May 9 19:22:49 development charon: 00[NET] installing bypass policy on receive socket failed May 9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted May 9 19:22:49 development charon: 00[NET] installing bypass policy on send socket failed May 9 19:22:49 development charon: 00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted May 9 19:22:49 development charon: 00[NET] installing bypass policy on send socket failed May 9 19:22:49 development charon: 00[DMN] loaded plugins: aes des sha1 sha2 md5 pem pkcs1 gmp random hmac xcbc stroke kernel-netlink socket-raw updown May 9 19:22:49 development charon: 00[DMN] unable to drop daemon capabilities May 9 19:22:49 development charon: 00[DMN] capability dropping failed - aborting charon I did check Kernel stuff: http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules I did load some Modules on the Host manually: # modprobe ah4 # modprobe esp4 # modprobe ipcomp # modprobe xfrm4_tunnel But still the same Error. Is there another missing Module? Any help is appreciated. Flink _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users