[SOLVED] Strongswan: failed to load 1 critical plugin feature

As explained here, I'm trying to setup strongswan on my openwrt router to connect to my pfsense firewall, so that I can use openwrt as a travel router with encrypted traffic through my home connection.

I have used the config files suggested in the strongswan wiki for road warrior, with openwrt as the initiator. No further changes to the openwrt strongswan-full package as installed.

When I boot openwrt, I get the following messages related to strongswan:

Sun Apr 28 14:10:55 2019 authpriv.info ipsec_starter[2289]: Starting strongSwan 5.7.2 IPsec [starter]...
Sun Apr 28 14:10:55 2019 daemon.err modprobe: failed to find a module named af_key
Sun Apr 28 14:10:55 2019 authpriv.info ipsec_starter[2289]: no netkey IPsec stack detected
Sun Apr 28 14:10:55 2019 daemon.info modprobe: Usage:   modprobe [-q] filename
Sun Apr 28 14:10:55 2019 authpriv.info ipsec_starter[2289]: no KLIPS IPsec stack detected
Sun Apr 28 14:10:55 2019 authpriv.info ipsec_starter[2289]: no known IPsec stack detected, ignoring!
Sun Apr 28 14:10:55 2019 daemon.info : 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 4.14.109, mips)
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] PKCS11 module '<name>' lacks library path
Sun Apr 28 14:10:55 2019 daemon.info : 00[LIB] curl SSL backend 'mbedTLS/2.16.1' not supported, https:// disabled
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] disabling load-tester plugin, not configured
Sun Apr 28 14:10:55 2019 daemon.info : 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Sun Apr 28 14:10:55 2019 daemon.info : 00[LIB] plugin 'uci' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-uci.so: uci_lookup: symbol not found
Sun Apr 28 14:10:55 2019 daemon.info : 00[KNL] unable to create netlink socket: Protocol not supported (120)
Sun Apr 28 14:10:55 2019 daemon.info : 00[NET] installing IKE bypass policy failed
Sun Apr 28 14:10:55 2019 daemon.info : 00[NET] installing IKE bypass policy failed
Sun Apr 28 14:10:55 2019 daemon.info : 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
Sun Apr 28 14:10:55 2019 daemon.info : 00[NET] installing IKE bypass policy failed
Sun Apr 28 14:10:55 2019 daemon.info : 00[NET] installing IKE bypass policy failed
Sun Apr 28 14:10:55 2019 daemon.info : 00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed
Sun Apr 28 14:10:55 2019 daemon.info : 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUSTOM:kernel-ipsec
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] attr-sql plugin: database URI not set
Sun Apr 28 14:10:55 2019 daemon.info : 00[NET] using forecast interface br-lan
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] loading crls from '/etc/ipsec.d/crls'
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] loading secrets from '/etc/ipsec.secrets'
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG]   loaded RSA private key from '/etc/swanctl/cacerts/openwrt.key'
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] sql plugin: database URI not set
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] loaded 0 RADIUS server configurations
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] HA config misses local/remote address
Sun Apr 28 14:10:55 2019 daemon.info : 00[CFG] coupling file path unspecified
Sun Apr 28 14:10:55 2019 daemon.info : 00[LIB] failed to load 1 critical plugin feature
Sun Apr 28 14:10:55 2019 daemon.info : 00[DMN] initialization failed - aborting charon
Sun Apr 28 14:10:55 2019 authpriv.info ipsec_starter[2289]: charon has quit: initialization failed
Sun Apr 28 14:10:55 2019 authpriv.info ipsec_starter[2289]: charon refused to be started
Sun Apr 28 14:10:55 2019 authpriv.info ipsec_starter[2289]: ipsec starter stopped

I see that the plugins "load-tester" and "uci" are failing to load. But even if I disable them, charon doesn't start. So I guess the important part is:

Sun Apr 28 14:10:55 2019 daemon.info : 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUSTOM:kernel-ipsec

I found a similar problem in the forum archive, but with no solution.

Any idea what I should do to correct this error?

cat /proc/net/pf_key
CONFIG_NET_KEY

af_key.ko is in the package kmod-ipsec anyway.

1 Like

Ok, that was strange. I ended up reflashing the firmware and re-installing the packages. Now the error appears to be gone...

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.