I have installed and configured IPsec in my OpenWrt router but the IPsec daemon is not starting. Below are the logs.
logread command output:
Mon Dec 14 11:56:53 2020 authpriv.info ipsec_starter[2116]: charon too long to start... - kill kill
Mon Dec 14 11:56:53 2020 authpriv.info ipsec_starter[2116]: connecting to 'unix:///var/run/charon.ctl' failed: No such file or directory
Mon Dec 14 11:56:53 2020 authpriv.info ipsec_starter[2116]: failed to connect to stroke socket 'unix:///var/run/charon.ctl'
Mon Dec 14 11:56:53 2020 authpriv.info ipsec_starter[2116]: connecting to 'unix:///var/run/charon.ctl' failed: No such file or directory
Mon Dec 14 11:56:53 2020 authpriv.info ipsec_starter[2116]: failed to connect to stroke socket 'unix:///var/run/charon.ctl'
Mon Dec 14 11:56:54 2020 authpriv.info ipsec_starter[2116]: charon has died -- restart scheduled (5sec)
Mon Dec 14 11:56:59 2020 daemon.info : 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.14.171, mips)
Mon Dec 14 11:56:59 2020 daemon.info : 00[CFG] PKCS11 module '<name>' lacks library path
Mon Dec 14 11:57:03 2020 kern.notice kernel: [ 82.842685] random: crng init done
Mon Dec 14 11:57:09 2020 authpriv.info ipsec_starter[2116]: charon too long to start... - kill kill
Mon Dec 14 11:57:09 2020 authpriv.info ipsec_starter[2116]: charon has died -- restart scheduled (5sec)
Mon Dec 14 11:57:14 2020 daemon.info : 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.14.171, mips)
Mon Dec 14 11:57:14 2020 daemon.info : 00[CFG] PKCS11 module '<name>' lacks library path
Mon Dec 14 11:57:24 2020 authpriv.info ipsec_starter[2116]: charon too long to start... - kill kill
Mon Dec 14 11:57:25 2020 authpriv.info ipsec_starter[2116]: charon has died -- restart scheduled (5sec)
Mon Dec 14 11:57:30 2020 daemon.info : 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.14.171, mips)
Mon Dec 14 11:57:30 2020 daemon.info : 00[CFG] PKCS11 module '<name>' lacks library path
Mon Dec 14 11:57:40 2020 authpriv.info ipsec_starter[2116]: charon too long to start... - kill kill
Mon Dec 14 11:57:40 2020 authpriv.info ipsec_starter[2116]: charon has died -- restart scheduled (5sec)
Mon Dec 14 11:57:44 2020 authpriv.info dropbear[2942]: Child connection from 192.168.1.150:55458
Mon Dec 14 11:57:45 2020 daemon.info : 00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.14.171, mips)
Mon Dec 14 11:57:45 2020 daemon.info : 00[CFG] PKCS11 module '<name>' lacks library path
Below is /etc/ipsec.conf file
conn primary_vpn
aggressive=yes
type=tunnel
left=%any
right=200.101.30.11
leftsubnet=192.168.1.0/24
rightsubnet=172.31.0.0/22
authby=secret
auto=start
keyexchange=ikev2
ike=3des-sha1-modp1024
esp=3des-sha1-modp1024
ikelifetime=24h
lifetime=8h
forceencaps=yes
dpdaction=restart
dpddelay=3s
dpdtimeout=9s
Below is the /etc/ipsec.conf file
200.101.30.11 %any : PSK "test@123"
Below is the /etc/strongswan.conf file
# strongswan.conf - strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should be made in the included files
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
Please help us to figure this out.
Thanks in advance