Hello,
I am using openwrt 21.02.1, and installed strongswan full. I made some changes to libcharon and cross-compile it on openwrt SDK 21.02.1 and the installed in openwrt. When I charon using /usr/lib/ipsec/charon & I got:
root@OpenWrt:~# 00[DMN] Starting IKE charon daemon (strongSwan 5.9.3, Linux 5.4.154, x86_64)
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: NONCE_GEN
00[LIB] feature CUSTOM:libcharon-receiver in critical plugin 'charon' has unmet dependency: HASHER:HASH_SHA1
00[LIB] feature CUSTOM:libcharon-sa-managers in critical plugin 'charon' has unmet dependency: HASHER:HASH_SHA1
00[LIB] failed to load 3 critical plugin features
00[DMN] initialization failed - aborting Charon
This is the configuration for swanctl.conf:
connections{
ue-server{
local_addrs=192.168.56.2
remote_addrs=192.168.56.111
send_certreq=yes
send_cert=ifasked
encap=yes
local{
auth=eap-aka
id=192.168.56.2
}
remote{
auth=rsa
id=n3iwf.free5gc.org
}
children{
net{
local_ts=10.0.0.9/32
remote_ts=10.0.0.10/32
updown=/usr/lib/ipsec/_updown iptables
rekey_time=5400
rekey_bytes=500000000
rekey_packets=1000000
mark_in=12
mark_out=67
}
}
version=2
mobike=no
reauth_time=10800
proposals=default
}
}
strongswan.config:
swanctl{
load=pem pkcsl x509 revocation constraints pubkey openssl random
}
charon-systemd{
load=random nonce aes sha1 sha2 hmac pem pkc1 x509 revocation curve25519 gmp crul kernel-netlink socket-default updown vici
plugins {
include strongswan.d/charon/*.conf
}
journal{
default = 1
ike = 4
knl = 4
}
# install_routes=no
}
include /var/ipsec/strongswan.conf
This the makefile I am using to cross-compile strongswan-charon:
include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan
PKG_VERSION:=5.9.2
PKG_RELEASE:=2
PKG_MOD_AVAILABLE:= \
addrblock \
aes \
af-alg \
agent \
attr \
attr-sql \
bliss \
blowfish \
ccm \
chapoly \
cmac \
constraints \
connmark \
coupling \
ctr \
curl \
curve25519 \
des \
dhcp \
dnskey \
duplicheck \
eap-identity \
eap-md5 \
eap-mschapv2 \
eap-radius \
eap-tls \
farp \
fips-prf \
forecast \
gcm \
gcrypt \
gmp \
gmpdh \
ha \
hmac \
kernel-libipsec \
kernel-netlink \
ldap \
led \
load-tester \
nonce \
md4 \
md5 \
mgf1 \
mysql \
newhope \
ntru \
openssl \
pem \
pgp \
pkcs1 \
pkcs7 \
pkcs8 \
pkcs11 \
pkcs12 \
pubkey \
random \
rc2 \
resolve \
revocation \
sha1 \
sha2 \
sha3 \
smp \
socket-default \
socket-dynamic \
sql \
sqlite \
sshkey \
stroke \
test-vectors \
unity \
uci \
updown \
vici \
whitelist \
x509 \
xauth-eap \
xauth-generic \
xcbc
PKG_CONFIG_DEPENDS:= \
CONFIG_STRONGSWAN_ROUTING_TABLE \
CONFIG_STRONGSWAN_ROUTING_TABLE_PRIO \
$(patsubst %,CONFIG_PACKAGE_strongswan-mod-%,$(PKG_MOD_AVAILABLE)) \
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
# strongswan-mod-mysql needs iconv
include $(INCLUDE_DIR)/nls.mk
define Package/strongswan/Default
SUBMENU:=VPN
SECTION:=net
CATEGORY:=Network
TITLE:=StrongSwan
URL:=http://www.strongswan.org/
endef
define Package/strongswan/description/Default
StrongSwan is an OpenSource IPsec implementation for the Linux operating system.
endef
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
$(CP) ./strongswan-5.9.2/* $(PKG_BUILD_DIR)/
endef
define Package/strongswan
$(call Package/strongswan/Default)
MENU:=1
DEPENDS:=+libpthread +ip \
+kmod-crypto-authenc \
+kmod-ipsec +kmod-ipsec4 +IPV6:kmod-ipsec6 \
+kmod-ipt-ipsec +iptables-mod-ipsec
endef
define Package/strongswan/config
source "$(SOURCE)/Config.in"
endef
define Package/strongswan/description
$(call Package/strongswan/description/Default)
This package contains shared libraries and scripts.
endef
define Package/strongswan-charon
$(call Package/strongswan/Default)
TITLE+= IKEv1/IKEv2 keying daemon
DEPENDS:= strongswan
endef
define Package/strongswan-charon/description
$(call Package/strongswan/description/Default)
This package contains charon, an IKEv2 keying daemon.
endef
define Package/strongswan-charon-cmd
$(call Package/strongswan/Default)
TITLE+= charon-cmd utility
DEPENDS:= strongswan +strongswan-charon
endef
define Package/strongswan-charon-cmd/description
$(call Package/strongswan/description/Default)
This package contains the charon-cmd utility.
endef
CONFIGURE_ARGS+= \
--enable-monolithic \
--disable-scripts \
--disable-static \
--disable-fast \
--enable-mediation \
--with-systemdsystemunitdir=no \
$(if $(CONFIG_PACKAGE_strongswan-charon-cmd),--enable-cmd,--disable-cmd) \
$(if $(CONFIG_PACKAGE_strongswan-pki),--enable-pki,--disable-pki) \
$(if $(CONFIG_PACKAGE_strongswan-scepclient),--enable-scepclient,--disable-scepclient) \
--with-random-device=/dev/random \
--with-urandom-device=/dev/urandom \
--with-routing-table="$(call qstrip,$(CONFIG_STRONGSWAN_ROUTING_TABLE))" \
--with-routing-table-prio="$(call qstrip,$(CONFIG_STRONGSWAN_ROUTING_TABLE_PRIO))" \
$(foreach m,$(PKG_MOD_AVAILABLE), \
$(if $(CONFIG_PACKAGE_strongswan-mod-$(m)),--enable-$(m),--disable-$(m)) \
) \
ac_cv_search___atomic_load=no
EXTRA_LDFLAGS+= -Wl,-rpath-link,$(STAGING_DIR)/usr/lib
define Package/strongswan/conffiles
/etc/strongswan.conf
/etc/strongswan.d/
endef
define Package/strongswan/install
$(INSTALL_DIR) $(1)/etc
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/strongswan.conf $(1)/etc/
echo -e "\ninclude /var/ipsec/strongswan.conf" >> $(1)/etc/strongswan.conf
$(INSTALL_DIR) $(1)/usr/lib/ipsec
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libstrongswan.so.* $(1)/usr/lib/ipsec/
endef
define Package/strongswan-charon/install
$(INSTALL_DIR) $(1)/etc/strongswan.d
$(CP) $(PKG_INSTALL_DIR)/etc/strongswan.d/charon.conf $(1)/etc/strongswan.d
$(CP) $(PKG_INSTALL_DIR)/etc/strongswan.d/charon-logging.conf $(1)/etc/strongswan.d
$(INSTALL_DIR) $(1)/usr/lib/ipsec
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/ipsec/charon $(1)/usr/lib/ipsec/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/libcharon.so.* $(1)/usr/lib/ipsec/
endef
define Package/strongswan-charon-cmd/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/charon-cmd $(1)/usr/sbin/
endef
$(eval $(call BuildPackage,strongswan))
$(eval $(call BuildPackage,strongswan-charon))
$(eval $(call BuildPackage,strongswan-charon-cmd))
$(eval $(call BuildPlugin,sha1,SHA1 crypto,))
$(eval $(call BuildPlugin,nonce,nonce genereation,))
Any idea how to resolve this issue please.
Thanks