Hi all, i have tried that and after a
[root@ipfire-server ~]# /etc/init.d/ipsec start Starting strongSwan 5.0.0 IPsec [starter]... insmod /lib/modules/2.6.32.45-ipfire/kernel/net/key/af_key.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/ah4.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/esp4.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/xfrm/xfrm_ipcomp.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/ipcomp.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/tunnel4.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/xfrm4_tunnel.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/xfrm/xfrm_user.ko
there was no output on httpd/error_log
but my log manager warned me per email with a:
OSSEC HIDS Notification. 2012 Aug 07 10:29:16
Received From: ipfire-server->/var/log/messages Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s):
Aug 7 10:29:16 ipfire-server charon: 00[LIB] plugin 'padlock': failed to load - padlock_plugin_create returned NULL
--END OF NOTIFICATION
and a look to /var/log/messages gives me the following back:
Aug 7 10:34:28 ipfire-server charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.0.0, Linux 2.6.32.45-ipfire, i686) Aug 7 10:34:28 ipfire-server charon: 00[LIB] Padlock not found, CPU is GenuineIntel Aug 7 10:34:28 ipfire-server charon: 00[LIB] plugin 'padlock': failed to load - padlock_plugin_create returned NULL
Also is there a dev list with changes on this new version especially for the WUI so the documentation can start up more quickly ?
Greetings
Erik
Am 06.08.2012 um 23:11 schrieb Michael Tremer:
Please try to manually stop strongswan with the helper tool:
ipsecctrl D
Try to start it again with:
ipsecctrl S
On Mon, 2012-08-06 at 21:48 +0200, Stefan Schantl wrote:
Hello Michael,
I've tested to stop IPSec from shell which worked without problems. But if I try to disable and stop it from the WUI, by unsing the checkbox the service does a restart and no shutdown.
I've looked inside the error_log from the httpd, and found the following lines:
[Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] IPSec enabled on orange but orange interface is invalid or not found, referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi [Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] IPSec enabled on blue but blue interface is invalid or not found, referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi [Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] Stopping strongSwan IPsec..., referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi [Mon Aug 06 21:42:12 2012] [error] [client 192.168.xxx.xxx] Starting strongSwan 5.0.0 IPsec [starter]..., referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi [Mon Aug 06 21:42:12 2012] [error] [client 192.168.xxx.xxx] , referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi
Why are there entries about an orange and blue network, I don't have one of them......
Do you have any idea about that ?
Stefan
On Mon, 2012-08-06 at 17:21 +0200, Stefan Schantl wrote:
The only bad point, I've to report is, that after the update I can't disable IPSec over the WUI anymore - may other testers will report the same issue.
What is the exact problem? Did you get an internal server error from the CGI script? Need a more precise error report.
Michael
SIG-VPN mailing list SIG-VPN@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/sig-vpn
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development