Modify

Opened 7 years ago

Closed 6 years ago

#8497 closed defect (fixed)

default strongswan4 configuration is broken

Reported by: Ryan Smith-Roberts <rmsr@…> Owned by: nico
Priority: normal Milestone: Backfire 10.03.1
Component: packages Version: Backfire 10.03.1 RC4
Keywords: Cc:

Description

It took me a while to figure this out. I'm using IKEv2 aka charon.

  • the -minimal and -default packages do not depend on strongswan4-mod-kernel-netlink; this package is required for charon to function on Linux (I don't know about pluto, don't use it)
  • The shipped /etc/strongswan.conf sets threads to 4, which is too few for charon to operate with a reasonable set of plugins loaded
  • /etc/strongswan.conf sets a preconfigured list of loaded strongswan modules, instead of letting the module loading subsystem do its job. As this list does not include kernel-netlink, installing the netlink module still doesn't make things work.

Attachments (0)

Change History (3)

comment:1 Changed 7 years ago by anonymous

It seems this bug is still valid as of Tue 24 May 2011!

Please increase the amount of threads in strongswan.conf to its standard value of 16. The current setting of 4 threads leads to strange errors that are a pain to debug since the error messages are misleading (such as failure to load necessary hash or crypto plugins and subsequently not correctly reading certificates private keys!)!

I also second the request to remove the explicit "load" statement in strongswan.conf! In the configuration that is shipped currently, this does not allow strongswan to read certificates (because of missing modules "pem" "pkcs1" and others!).

Thanks,

Simon

comment:2 Changed 6 years ago by nico

  • Owner changed from developers to nico
  • Status changed from new to accepted

comment:3 Changed 6 years ago by nico

  • Resolution set to fixed
  • Status changed from accepted to closed

All issues seem to be fixed by 4.5.x upgrades (in [26789] & [27092])

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.