Connecting to 'unix:///var/run/charon.vici' failed: No such file or directory

Installing and Using OpenWrt
1

Hello, I want setup IPsec on my OpnWRT(22.03.2) router and installed last version of strongSwan (5.9.5, full package).
After basic setup in config files, IPsec not starting connection

/etc/init.d/swanctl status
active with no instances

swanct --stats shows error:
curl SSL backed 'mbedTLS/2.28.2' not supported, https:// disabled
connecting to 'unix:///var/run/charom.vici' failed: No such file or directory
Error: connecting to 'default' URI failed: No such file or directory

No information about IPsec in logs.

2

hey @soleswagg don't know if you're still trying to figure this out but here's my understanding:

  • this i believe comes from the shared-common libs that init.d scripts use, and it just means no process is currently running..

    • this could be because the config file that the swanctl generates might not be valid.. unfortunately the init script still returns "successfully" on the start command, even if the generated config is invalid and the service didn't actually start (probably what happens in your case)

  • to figure out if that's the case, check the /var/swanctl/swanctl.conf file, see if it actually has the connection and children sections filled out..

    • also maybe you already checked but, does logread -f running in another shell terminal while you invoke /etc/init.d/swanctl start show anything?
    • you can also bump up the logging level.. i leave mine set to 1 or 2 if i have issues.. any more than that and it becomes way too verbose

the vici plugin is usually related to the unix-domain socket "file" being dead, whereas swanctl would otherwise use a successfully-started charon (part of strongswan) instance communicate over.

  • this is another symptom of the charon not having started properly
  • the charon daemon is responsible for allowing IKE to be negotiated, the first-phase of a connecting VPN client, which btw happens in user-space.
  • if you want to learn more about how strongswan implements ipsec, have a look at this video though i'd only pay attention to the concepts, not the config, as this uses the old-style ipsec.conf which has been deprecated

this is because you have the strongswan curl plugin installed, it could be used to fetch URLs containing revocation lists (i don't use this so i don't install this plugin)

this i no idea about :stuck_out_tongue: but it's also probably a symptom of a bad config or something else keeping strongswan from being able to start, and not a cause.