FreeBSD10.0でのStrongSwanの問題。カロンは開始を拒否します
完全なデバッグレベル(4)のcharon.logは次のとおりです。
Jan 21 16:09:47 00[DMN] Starting IKE charon daemon (strongSwan 5.0.4, FreeBSD 10.0-RELEASE, AMD64)
Jan 21 16:09:47 00[LIB] plugin 'aes': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'des': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'blowfish': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'sha1': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'sha2': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'md4': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'md5': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'random': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'nonce': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'x509': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'revocation': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'constraints': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'pubkey': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'pkcs1': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'pkcs8': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'pgp': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'dnskey': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'pem': loaded successfully
Jan 21 16:09:47 00[LIB] openssl FIPS mode(0) unavailable
Jan 21 16:09:47 00[LIB] plugin 'openssl': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'fips-prf': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'xcbc': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'cmac': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'hmac': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'attr': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'kernel-pfkey': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'kernel-pfroute': loaded successfully
Jan 21 16:09:47 00[KNL] known interfaces and IP addresses:
Jan 21 16:09:47 00[KNL] bce0
Jan 21 16:09:47 00[KNL] -snip-
Jan 21 16:09:47 00[KNL] -snip-
Jan 21 16:09:47 00[KNL] lo0
Jan 21 16:09:47 00[KNL] ::1
Jan 21 16:09:47 00[KNL] fe80::1
Jan 21 16:09:47 00[KNL] 127.0.0.1
Jan 21 16:09:47 00[LIB] plugin 'resolve': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'socket-default': loaded successfully
Jan 21 16:09:47 00[KNL] unable to set UDP_ENCAP: Invalid argument
Jan 21 16:09:47 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
Jan 21 16:09:47 00[KNL] unable to set UDP_ENCAP: Invalid argument
Jan 21 16:09:47 00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed
Jan 21 16:09:47 00[LIB] plugin 'stroke': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'updown': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'eap-identity': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'eap-md5': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'eap-mschapv2': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'eap-tls': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'eap-ttls': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'eap-peap': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'whitelist': loaded successfully
Jan 21 16:09:47 00[LIB] plugin 'addrblock': loaded successfully
Jan 21 16:09:47 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Jan 21 16:09:47 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Jan 21 16:09:47 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Jan 21 16:09:47 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Jan 21 16:09:47 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
Jan 21 16:09:47 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
Jan 21 16:09:47 00[CFG] loaded IKE secret for %any
Jan 21 16:09:47 00[CFG] secret: -snip-
Jan 21 16:09:47 00[LIB] feature CUSTOM:libcharon in 'charon' plugin has unsatisfied dependency: CUSTOM:libcharon-receiver
Jan 21 16:09:47 00[LIB] feature CUSTOM:libcharon-receiver in 'charon' plugin has unsatisfied dependency: HASHER:HASH_SHA1
Jan 21 16:09:47 00[LIB] feature PRIVKEY:DSA in 'pem' plugin has unsatisfied dependency: PRIVKEY:DSA
Jan 21 16:09:47 00[LIB] feature PUBKEY:DSA in 'pem' plugin has unsatisfied dependency: PUBKEY:DSA
Jan 21 16:09:47 00[LIB] feature CERT_DECODE:X509_OCSP_REQUEST in 'pem' plugin has unsatisfied dependency: CERT_DECODE:X509_OCSP_REQUEST
Jan 21 16:09:47 00[LIB] failed to load CUSTOM:libcharon in critical plugin 'charon'
Jan 21 16:09:47 00[LIB] failed to load CUSTOM:libcharon-receiver in critical plugin 'charon'
Jan 21 16:09:47 00[LIB] failed to load 2 features in critical plugin 'charon'
Jan 21 16:09:47 00[DMN] initialization failed - aborting charon
同じ設定が9.2で正常に機能しましたが、10.0へのアップグレード後は機能しなくなりました。システムの残りの部分は期待どおりに機能します。
uname -aは次のとおりです(ご覧のとおり、IPSecサポート用のカスタムカーネル)
FreeBSD icefox 10.0-RELEASE FreeBSD 10.0-RELEASE #3: Tue Jan 21 15:49:28 CET 2014 doridian@icefox:/usr/obj/usr/src/sys/IPSEC AMD64
StrongSwan 5.0.4に問題があったことを覚えていますが、当時はFreeBSD 10rc3にあったと思います。ポートの最新バージョンが2月に更新され、現在は5.1.1であり、テスト環境で機能することを知っています。