Hi all,

i have tried that and after a

[root@ipfire-server ~]# /etc/init.d/ipsec start

Starting strongSwan 5.0.0 IPsec [starter]...

insmod /lib/modules/2.6.32.45-ipfire/kernel/net/key/af_key.ko 

insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/ah4.ko 

insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/esp4.ko 

insmod /lib/modules/2.6.32.45-ipfire/kernel/net/xfrm/xfrm_ipcomp.ko 

insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/ipcomp.ko 

insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/tunnel4.ko 

insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/xfrm4_tunnel.ko 

insmod /lib/modules/2.6.32.45-ipfire/kernel/net/xfrm/xfrm_user.ko 

there was no output on httpd/error_log

but my log manager warned me per email with a:

OSSEC HIDS Notification.

2012 Aug 07 10:29:16

Received From: ipfire-server->/var/log/messages

Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."

Portion of the log(s):

Aug  7 10:29:16 ipfire-server charon: 00[LIB] plugin 'padlock': failed to load - padlock_plugin_create returned NULL 

--END OF NOTIFICATION

and a look to /var/log/messages gives me the following back:

Aug  7 10:34:28 ipfire-server charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.0.0, Linux 2.6.32.45-ipfire, i686) 

Aug  7 10:34:28 ipfire-server charon: 00[LIB] Padlock not found, CPU is GenuineIntel 

Aug  7 10:34:28 ipfire-server charon: 00[LIB] plugin 'padlock': failed to load - padlock_plugin_create returned NULL 

Also is there a dev list with changes on this new version especially for the WUI so the documentation can start up more quickly ?

Greetings 

Erik

Am 06.08.2012 um 23:11 schrieb Michael Tremer:

Please try to manually stop strongswan with the helper tool:

ipsecctrl D

Try to start it again with:

ipsecctrl S

On Mon, 2012-08-06 at 21:48 +0200, Stefan Schantl wrote:

Hello Michael,

I've tested to stop IPSec from shell which worked without problems. But 

if I try to disable and stop it from the WUI, by

unsing the checkbox the service does a restart and no shutdown.

I've looked inside the error_log from the httpd, and found the following 

lines:

[Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] IPSec 

enabled on orange but orange interface is invalid or not found, referer: 

https://gate.xxx:444/cgi-bin/vpnmain.cgi

[Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] IPSec 

enabled on blue but blue interface is invalid or not found, referer: 

https://gate.xxx:444/cgi-bin/vpnmain.cgi

[Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] Stopping 

strongSwan IPsec..., referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi

[Mon Aug 06 21:42:12 2012] [error] [client 192.168.xxx.xxx] Starting 

strongSwan 5.0.0 IPsec [starter]..., referer: 

https://gate.xxx:444/cgi-bin/vpnmain.cgi

[Mon Aug 06 21:42:12 2012] [error] [client 192.168.xxx.xxx] , referer: 

https://gate.xxx:444/cgi-bin/vpnmain.cgi

Why are there entries about an orange and blue network, I don't have one 

of them......

Do you have any idea about that ?

Stefan

On Mon, 2012-08-06 at 17:21 +0200, Stefan Schantl wrote:

The only bad point, I've to report is, that after the update I can't

disable IPSec over the WUI anymore - may other testers will report the

same issue.

What is the exact problem? Did you get an internal server error from the

CGI script? Need a more precise error report.

Michael

_______________________________________________

SIG-VPN mailing list

SIG-VPN@lists.ipfire.org

http://lists.ipfire.org/mailman/listinfo/sig-vpn

_______________________________________________

Development mailing list

Development@lists.ipfire.org

http://lists.ipfire.org/mailman/listinfo/development