On Sat, Feb 13, 2016 at 12:27 PM, mrq1 <email address hidden> wrote:
> great! starts now :-)
>
> what about the chapoly plugin? can you enable it in the extra package?
> it would be very important for me!
>
I can look at enabling it. It's new in 5.3.5. If enabled, can you test
and confirm it works?
Looks like something quite interesting. https://en.wikipedia.org/wiki/Poly1305
Comments here in the Debian bug indicate that this requires at least 4.2
kernel.
For Xenial, this will be sufficient I suppose.
>
> looks like the service is not running anymore but via
> # ipsec statusall
> everything looks ok
>
> is the some systemd-integration-magic missing?
>
I'm not sure what ipsec statusall invokes to check status.
In an up-to-date Xenial VM, installing the current packages in the PPA, I
get the following:
# systemctl status strongswan
● strongswan.service - strongSwan IPsec services
Loaded: loaded (/lib/systemd/system/strongswan.service; enabled; vendor
preset: enabled)
Active: active (running) since Sat 2016-02-13 21:50:59 UTC; 18s ago
Main PID: 2798 (starter)
CGroup: /system.slice/strongswan.service
├─2798 /usr/lib/ipsec/starter --daemon charon
└─2799 /usr/lib/ipsec/charon --use-syslog
Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading ocsp signer certificates
from '/...ts'
Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading attribute certificates
from '/et...ts'
Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading crls from
'/etc/ipsec.d/crls'
Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading secrets from
'/etc/ipsec.secrets'
Feb 13 21:50:59 sw1 charon[2799]: 00[LIB] loaded plugins: charon
test-vectors aes ...own
Feb 13 21:50:59 sw1 charon[2799]: 00[LIB] dropped capabilities, running as
uid 0, gid 0
Feb 13 21:50:59 sw1 charon[2799]: 00[JOB] spawning 16 worker threads
Feb 13 21:50:59 sw1 ipsec_starter[2798]: charon (2799) started after 20 ms
Feb 13 21:50:59 sw1 systemd[1]: Started strongSwan IPsec services.
Feb 13 21:51:00 sw1 systemd[1]: Started strongSwan IPsec services.
Hint: Some lines were ellipsized, use -l to show in full.
root@sw1:~#
root@sw1:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-4-generic,
x86_64):
uptime: 30 seconds, since Feb 13 21:51:00 2016
malloc: sbrk 946176, mmap 0, used 229008, free 717168
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random
nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp
dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve
socket-default stroke updown
Listening IP addresses:
192.168.122.147
10.0.3.1
Connections:
Security Associations (0 up, 0 connecting):
none
On Sat, Feb 13, 2016 at 12:27 PM, mrq1 <email address hidden> wrote:
> great! starts now :-)
>
> what about the chapoly plugin? can you enable it in the extra package?
> it would be very important for me!
>
I can look at enabling it. It's new in 5.3.5. If enabled, can you test /en.wikipedia. org/wiki/ Poly1305
and confirm it works?
Looks like something quite interesting.
https:/
Comments here in the Debian bug indicate that this requires at least 4.2
kernel.
For Xenial, this will be sufficient I suppose.
https:/ /bugs.debian. org/cgi- bin/bugreport. cgi?bug= 803787
> system/ strongswan. service; enabled; vendor /bin/rm -f /var/run/charon.pid starter. charon. pid (code=exited, status=0/SUCCESS) /usr/sbin/ ipsec stop (code=exited,
> btw: the output of service looks strange to me
>
> # service strongswan status
> ● strongswan.service - strongSwan IPsec services
> Loaded: loaded (/lib/systemd/
> preset: enabled)
> Active: inactive (dead) since Sat 2016-02-13 19:22:46 CET; 42s ago
> Process: 25807 ExecStopPost=
> /var/run/
> Process: 25789 ExecStop=
> status=0/SUCCESS)
> Main PID: 25643 (code=exited, status=0/SUCCESS)
>
That looks like from the initial install; You may need to reload the new
apparmor policy
apparmor_parser -r /etc/apparmor. d/usr.lib. ipsec.charon
And then you can restart it with:
systemctl restart strongswan
and check status
systemctl status strongswan
> integration- magic missing?
> looks like the service is not running anymore but via
> # ipsec statusall
> everything looks ok
>
> is the some systemd-
>
I'm not sure what ipsec statusall invokes to check status.
In an up-to-date Xenial VM, installing the current packages in the PPA, I
get the following:
# systemctl status strongswan system/ strongswan. service; enabled; vendor slice/strongswa n.service ipsec/starter --daemon charon ipsec/charon --use-syslog
● strongswan.service - strongSwan IPsec services
Loaded: loaded (/lib/systemd/
preset: enabled)
Active: active (running) since Sat 2016-02-13 21:50:59 UTC; 18s ago
Main PID: 2798 (starter)
CGroup: /system.
├─2798 /usr/lib/
└─2799 /usr/lib/
Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading ocsp signer certificates secrets' 2798]: charon (2799) started after 20 ms
from '/...ts'
Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading attribute certificates
from '/et...ts'
Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading crls from
'/etc/ipsec.d/crls'
Feb 13 21:50:59 sw1 charon[2799]: 00[CFG] loading secrets from
'/etc/ipsec.
Feb 13 21:50:59 sw1 charon[2799]: 00[LIB] loaded plugins: charon
test-vectors aes ...own
Feb 13 21:50:59 sw1 charon[2799]: 00[LIB] dropped capabilities, running as
uid 0, gid 0
Feb 13 21:50:59 sw1 charon[2799]: 00[JOB] spawning 16 worker threads
Feb 13 21:50:59 sw1 ipsec_starter[
Feb 13 21:50:59 sw1 systemd[1]: Started strongSwan IPsec services.
Feb 13 21:51:00 sw1 systemd[1]: Started strongSwan IPsec services.
Hint: Some lines were ellipsized, use -l to show in full.
root@sw1:~#
root@sw1:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-4-generic,
x86_64):
uptime: 30 seconds, since Feb 13 21:51:00 2016
malloc: sbrk 946176, mmap 0, used 229008, free 717168
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random
nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp
dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve
socket-default stroke updown
Listening IP addresses:
192.168.122.147
10.0.3.1
Connections:
Security Associations (0 up, 0 connecting):
none
> /bugs.launchpad .net/bugs/ 1535951 /bugs.launchpad .net/ubuntu/ +source/ strongswan/ +bug/1535951/ +subscriptions
> thanks!
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> Please merge strongswan 5.3.5-1 (main) from Debian unstable (main)
>
> To manage notifications about this bug go to:
>
> https:/
>