Hi all, i have tried that and after a
[root@ipfire-server ~]# /etc/init.d/ipsec start Starting strongSwan 5.0.0 IPsec [starter]... insmod /lib/modules/2.6.32.45-ipfire/kernel/net/key/af_key.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/ah4.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/esp4.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/xfrm/xfrm_ipcomp.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/ipcomp.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/tunnel4.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/xfrm4_tunnel.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/xfrm/xfrm_user.ko
there was no output on httpd/error_log
but my log manager warned me per email with a:
OSSEC HIDS Notification. 2012 Aug 07 10:29:16
Received From: ipfire-server->/var/log/messages Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s):
Aug 7 10:29:16 ipfire-server charon: 00[LIB] plugin 'padlock': failed to load - padlock_plugin_create returned NULL
--END OF NOTIFICATION
and a look to /var/log/messages gives me the following back:
Aug 7 10:34:28 ipfire-server charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.0.0, Linux 2.6.32.45-ipfire, i686) Aug 7 10:34:28 ipfire-server charon: 00[LIB] Padlock not found, CPU is GenuineIntel Aug 7 10:34:28 ipfire-server charon: 00[LIB] plugin 'padlock': failed to load - padlock_plugin_create returned NULL
Also is there a dev list with changes on this new version especially for the WUI so the documentation can start up more quickly ?
Greetings
Erik
Am 06.08.2012 um 23:11 schrieb Michael Tremer:
Please try to manually stop strongswan with the helper tool:
ipsecctrl D
Try to start it again with:
ipsecctrl S
On Mon, 2012-08-06 at 21:48 +0200, Stefan Schantl wrote:
Hello Michael,
I've tested to stop IPSec from shell which worked without problems. But if I try to disable and stop it from the WUI, by unsing the checkbox the service does a restart and no shutdown.
I've looked inside the error_log from the httpd, and found the following lines:
[Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] IPSec enabled on orange but orange interface is invalid or not found, referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi [Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] IPSec enabled on blue but blue interface is invalid or not found, referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi [Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] Stopping strongSwan IPsec..., referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi [Mon Aug 06 21:42:12 2012] [error] [client 192.168.xxx.xxx] Starting strongSwan 5.0.0 IPsec [starter]..., referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi [Mon Aug 06 21:42:12 2012] [error] [client 192.168.xxx.xxx] , referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi
Why are there entries about an orange and blue network, I don't have one of them......
Do you have any idea about that ?
Stefan
On Mon, 2012-08-06 at 17:21 +0200, Stefan Schantl wrote:
The only bad point, I've to report is, that after the update I can't disable IPSec over the WUI anymore - may other testers will report the same issue.
What is the exact problem? Did you get an internal server error from the CGI script? Need a more precise error report.
Michael
SIG-VPN mailing list SIG-VPN@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/sig-vpn
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
On Tue, 2012-08-07 at 10:51 +0200, Erik K. wrote:
Hi all, i have tried that and after a
[root@ipfire-server ~]# /etc/init.d/ipsec start Starting strongSwan 5.0.0 IPsec [starter]... insmod /lib/modules/2.6.32.45-ipfire/kernel/net/key/af_key.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/ah4.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/esp4.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/xfrm/xfrm_ipcomp.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/ipcomp.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/tunnel4.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/xfrm4_tunnel.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/xfrm/xfrm_user.ko
there was no output on httpd/error_log
It is not supposed that there is any.
but my log manager warned me per email with a:
OSSEC HIDS Notification. 2012 Aug 07 10:29:16
Received From: ipfire-server->/var/log/messages Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s):
Aug 7 10:29:16 ipfire-server charon: 00[LIB] plugin 'padlock': failed to load - padlock_plugin_create returned NULL
--END OF NOTIFICATION
Well, that's bad from your log manager.
strongswan tries to use hardware crypto when it is available. So it loads the padlock module which fails to load with an error saying there is not padlock available. Which is totally normal on an Intel PC.
This is nothing harmful, but the program shouldn't notify.
Also is there a dev list with changes on this new version especially for the WUI so the documentation can start up more quickly ?
No, we are still testing those changes.
If we can be sure that there are no more severe problems, we can start the documentation. At this stage, it might be possible that changes in the UI are required.
Please do a little more testing...
Michael
Am 07.08.2012 um 11:13 schrieb Michael Tremer:
On Tue, 2012-08-07 at 10:51 +0200, Erik K. wrote:
Hi all, i have tried that and after a
[root@ipfire-server ~]# /etc/init.d/ipsec start Starting strongSwan 5.0.0 IPsec [starter]... insmod /lib/modules/2.6.32.45-ipfire/kernel/net/key/af_key.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/ah4.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/esp4.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/xfrm/xfrm_ipcomp.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/ipcomp.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/tunnel4.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/ipv4/xfrm4_tunnel.ko insmod /lib/modules/2.6.32.45-ipfire/kernel/net/xfrm/xfrm_user.ko
there was no output on httpd/error_log
It is not supposed that there is any.
but my log manager warned me per email with a:
OSSEC HIDS Notification. 2012 Aug 07 10:29:16
Received From: ipfire-server->/var/log/messages Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system." Portion of the log(s):
Aug 7 10:29:16 ipfire-server charon: 00[LIB] plugin 'padlock': failed to load - padlock_plugin_create returned NULL
--END OF NOTIFICATION
Well, that's bad from your log manager.
strongswan tries to use hardware crypto when it is available. So it loads the padlock module which fails to load with an error saying there is not padlock available. Which is totally normal on an Intel PC.
This is nothing harmful, but the program shouldn't notify.
Also is there a dev list with changes on this new version especially for the WUI so the documentation can start up more quickly ?
No, we are still testing those changes.
If we can be sure that there are no more severe problems, we can start the documentation. At this stage, it might be possible that changes in the UI are required.
Please do a little more testing...
Michael
Development mailing list Development@lists.ipfire.org http://lists.ipfire.org/mailman/listinfo/development
Ah O.K. my fault sorry
Thanks for information
-
Erik K. -
Michael Tremer