OpenWrt 19.07.0, install Strongswan

Today I installed the new OpenWrt 19.07.0 on my Linksys EA4500 (previously ran 18.06.04) and ran into a weird problem.
I started with a clean install (“Keep settings” unchecked), installed all required packages via the LuCI GUI and then modified the config files accordingly.
After everything was setup I found out that Strongswan wasn't working. It took me a while until I noticed that no entries related to Strongswan were actually listed under "System -> Software -> Installed", even though the "Free space" had decreased by the anticipated amount (about 5 - 6 MB) after the installation.
I tried the whole installation again from scratch again, with the same result.

Executing "opkg list-installed" on the command line also showed no Strongswan installed.

In the end I got Strongswan properly installed via command line ("opkg install strongswan-full") and it now also shows up in LuCI under "Installed" packages.

So perhaps it's a good idea to install large packages that are several MB in size via command line and not via the LuCI GUI.

Maybe too late to ask that question, but did you get any error message or success message when installing strongswan via LuCI?

There are no messages in this particular case.
The installation of the "strongswan-full" package takes about 100 seconds on my Linksys EA4500 and because of the large package size or long install duration the LuCI GUI webpage stops responding way before the installation completes.
It's actually been like that in earlier versions of OpenWrt and LEDE, but up to version 18 the installation of the "strongswan-full" package still completed successfully in the background (it must have, since I never had any problems with Strongswan) and therefore I never bothered installing it via command line.

If strongswan tries to start itself as part of the postinst installation (I haven't checked if that is the case), you might run into a timeout.

src/starter/invokecharon.c waits 10s to consider a startup succesful, but if you have many plugins installed (such as with strongswan-full) and are running on slow hardware (tl-wr1043nd v1 in my case), that's by far not enough for the dæmon to initialize (I've locally patched src/starter/invokecharon.c to wait 45s instead - but even more might be necessary for strongswan-full). As a result, the dæmon tries to reload in a short busy loop, getting killed after the timeout over and over again, until it finally succeeds sometime.

strongswan: wait up to 45 seconds to start charon

Starting strongswan can take quite a while on embedded devices,
especially during system boot, this can lead to charon being
killed before it actually has a chance to start up.

TL-WR1043ND v1 (400 MHz mips 74Kc): 23.6 s on an idle system
TL-WDR4300 (560 MHz mip 74Kc):       6.4 s on an idle system

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>

--- /dev/null
+++ b/net/strongswan/patches/212-wait-up-to-45-seconds-to-start.patch
@@ -0,0 +1,21 @@
+--- a/src/starter/invokecharon.c
++++ b/src/starter/invokecharon.c
+@@ -210,14 +210,14 @@ int starter_start_charon (starter_config
+ 					return 0;
+ 				}
+ 			}
+-			for (i = 0; i < 500 && _charon_pid; i++)
++			for (i = 0; i < 900 && _charon_pid; i++)
+ 			{
+-				/* wait for charon for a maximum of 500 x 20 ms = 10 s */
+-				usleep(20000);
++				/* wait for charon for a maximum of 900 x 50 ms = 45 s */
++				usleep(50000);
+ 				if (stat(pid_file, &stb) == 0)
+ 				{
+ 					DBG1(DBG_APP, "%s (%d) started after %d ms", daemon_name,
+-						 _charon_pid, 20*(i+1));
++						 _charon_pid, 50*(i+1));
+ 					return 0;
+ 				}
+ 			}

Thanks. Whatever it is, since I installed Strongswan via the command "opkg install strongswan-full" it's been running fine and I am happy.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.