Hi all,
i have tried that and after a

[root@ipfire-server ~]# /etc/init.d/ipsec start
Starting strongSwan 5.0.0 IPsec [starter]...
insmod /lib/modules/2.6.32.45-ipfire/kernel/net/key/af_key.ko 
insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/ah4.ko 
insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/esp4.ko 
insmod /lib/modules/2.6.32.45-ipfire/kernel/net/xfrm/xfrm_ipcomp.ko 
insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/ipcomp.ko 
insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/tunnel4.ko 
insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/xfrm4_tunnel.ko 
insmod /lib/modules/2.6.32.45-ipfire/kernel/net/xfrm/xfrm_user.ko 

there was no output on httpd/error_log

but my log manager warned me per email with a:

OSSEC HIDS Notification.
2012 Aug 07 10:29:16

Received From: ipfire-server->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):

Aug  7 10:29:16 ipfire-server charon: 00[LIB] plugin 'padlock': failed to load - padlock_plugin_create returned NULL 



--END OF NOTIFICATION

and a look to /var/log/messages gives me the following back:


Aug  7 10:34:28 ipfire-server charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.0.0, Linux 2.6.32.45-ipfire, i686) 
Aug  7 10:34:28 ipfire-server charon: 00[LIB] Padlock not found, CPU is GenuineIntel 
Aug  7 10:34:28 ipfire-server charon: 00[LIB] plugin 'padlock': failed to load - padlock_plugin_create returned NULL 

Also is there a dev list with changes on this new version especially for the WUI so the documentation can start up more quickly ?

Greetings 

Erik

Am 06.08.2012 um 23:11 schrieb Michael Tremer:

Please try to manually stop strongswan with the helper tool:

ipsecctrl D

Try to start it again with:

ipsecctrl S

On Mon, 2012-08-06 at 21:48 +0200, Stefan Schantl wrote:
Hello Michael,

I've tested to stop IPSec from shell which worked without problems. But 
if I try to disable and stop it from the WUI, by
unsing the checkbox the service does a restart and no shutdown.

I've looked inside the error_log from the httpd, and found the following 
lines:

[Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] IPSec 
enabled on orange but orange interface is invalid or not found, referer: 
https://gate.xxx:444/cgi-bin/vpnmain.cgi
[Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] IPSec 
enabled on blue but blue interface is invalid or not found, referer: 
https://gate.xxx:444/cgi-bin/vpnmain.cgi
[Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] Stopping 
strongSwan IPsec..., referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi
[Mon Aug 06 21:42:12 2012] [error] [client 192.168.xxx.xxx] Starting 
strongSwan 5.0.0 IPsec [starter]..., referer: 
https://gate.xxx:444/cgi-bin/vpnmain.cgi
[Mon Aug 06 21:42:12 2012] [error] [client 192.168.xxx.xxx] , referer: 
https://gate.xxx:444/cgi-bin/vpnmain.cgi

Why are there entries about an orange and blue network, I don't have one 
of them......

Do you have any idea about that ?

Stefan

On Mon, 2012-08-06 at 17:21 +0200, Stefan Schantl wrote:
The only bad point, I've to report is, that after the update I can't
disable IPSec over the WUI anymore - may other testers will report the
same issue.
What is the exact problem? Did you get an internal server error from the
CGI script? Need a more precise error report.

Michael



_______________________________________________
SIG-VPN mailing list
SIG-VPN@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/sig-vpn

_______________________________________________
Development mailing list
Development@lists.ipfire.org
http://lists.ipfire.org/mailman/listinfo/development