I am newbie to strongswan, but this is the only option to use both VPN with proxy server on my iPhone. Wireguard app doesnot support proxy settings.
I am following the guide
- https://openwrt.org/docs/guide-user/services/vpn/strongswan/roadwarrior
- https://docs.strongswan.org/docs/latest/config/quickstart.html
- https://openwrt.org/docs/guide-user/services/vpn/strongswan/configuration (Tried UCI approach, same error)
I use OpenWRT 23.5.05 on tp-link 8088, installed strongswan-full, ip-full, xfrm, packages. I encountered following error messages, I have no clue about it. Need your guide on what would be the next step?
CLI errors
root@OpenWrt-8088:/etc/swanctl/conf.d# /etc/init.d/swanctl start
root@OpenWrt-8088:/etc/swanctl/conf.d# swanctl --load-all
plugin 'wolfssl' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-wolfssl.so: wolfssl_ec_diffie_hellman_create: symbol not found
connecting to 'unix:///var/run/charon.vici' failed: Connection refused
Error: connecting to 'default' URI failed: Connection refused
strongSwan 5.9.11 swanctl
usage:
swanctl --load-all [--raw|--pretty] [--clear] [--noprompt]
--help (-h) show usage information
--clear (-c) clear previously loaded credentials
--noprompt (-n) do not prompt for passwords
--raw (-r) dump raw response message
--pretty (-P) dump raw response message in pretty print
--file (-f) custom path to swanctl.conf
--debug (-v) set debug level, default: 1
--options (-+) read command line options from file
--uri (-u) service URI to connect to
System log errors
Wed Jan 1 12:37:46 2025 daemon.info ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.11, Linux 5.15.167, aarch64)
Wed Jan 1 12:37:46 2025 daemon.info ipsec: 00[CFG] PKCS11 module '<name>' lacks library path
Wed Jan 1 12:37:46 2025 daemon.info ipsec: 00[LIB] providers loaded by OpenSSL: default
Wed Jan 1 12:37:46 2025 daemon.info ipsec: 00[LIB] plugin 'wolfssl' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-wolfssl.so: wolfssl_ec_diffie_hellman_create: symbol not found
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] disabling load-tester plugin, not configured
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[LIB] failed to open /dev/net/tun: No such file or directory
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[KNL] failed to create TUN device
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[LIB] plugin 'kernel-libipsec': failed to load - kernel_libipsec_plugin_create returned NULL
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] install DNS servers in '/etc/resolv.conf'
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[LIB] plugin 'uci' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-uci.so: uci_lookup: symbol not found
Wed Jan 1 12:37:47 2025 daemon.notice ttyd[3391]: [2025/01/01 12:37:47:2466] N: rops_handle_POLLIN_netlink: DELADDR
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[KNL] unable to create IPv4 routing table rule
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[KNL] unable to create IPv6 routing table rule
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] attr-sql plugin: database URI not set
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[NET] using forecast interface br-lan.10
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] expanding file expression '/var/ipsec/ipsec.secrets' failed
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] sql plugin: database URI not set
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] loaded 0 RADIUS server configurations
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] HA config misses local/remote address
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[CFG] coupling file path unspecified
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes des blowfish rc2 sha2 sha3 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 af-alg fips-prf gmp gmpdh curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm ntru drbg newhope bliss curl mysql sqlite attr kernel-netlink resolve socket-default socket-dynamic connmark forecast farp stroke vici smp updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap dhcp whitelist led duplicheck addrblock unity
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[DMN] removing pidfile '/var/run/charon.pid', process not running
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[JOB] spawning 16 worker threads
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 00[DMN] executing start script 'load-all' (/usr/sbin/swanctl --load-all --noprompt)
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 07[DMN] thread 7 received 7
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 07[LIB] no support for capturing backtraces
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 07[DMN] killing ourself, received critical signal
Wed Jan 1 12:37:47 2025 daemon.info ipsec: 06[DMN] thread 6 received 11
Wed Jan 1 12:37:52 2025 daemon.info ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.11, Linux 5.15.167, aarch64)
Wed Jan 1 12:37:52 2025 daemon.info ipsec: 00[CFG] PKCS11 module '<name>' lacks library path
Wed Jan 1 12:37:52 2025 daemon.info ipsec: 00[LIB] providers loaded by OpenSSL: default
Wed Jan 1 12:37:52 2025 daemon.info ipsec: 00[LIB] plugin 'wolfssl' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-wolfssl.so: wolfssl_ec_diffie_hellman_create: symbol not found
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] disabling load-tester plugin, not configured
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[LIB] failed to open /dev/net/tun: No such file or directory
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[KNL] failed to create TUN device
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[LIB] plugin 'kernel-libipsec': failed to load - kernel_libipsec_plugin_create returned NULL
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] install DNS servers in '/etc/resolv.conf'
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[LIB] plugin 'uci' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-uci.so: uci_lookup: symbol not found
Wed Jan 1 12:37:53 2025 daemon.notice ttyd[3391]: [2025/01/01 12:37:53:2669] N: rops_handle_POLLIN_netlink: DELADDR
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[KNL] unable to create IPv4 routing table rule
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[KNL] unable to create IPv6 routing table rule
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] attr-sql plugin: database URI not set
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[NET] using forecast interface br-lan.10
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] expanding file expression '/var/ipsec/ipsec.secrets' failed
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] sql plugin: database URI not set
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] loaded 0 RADIUS server configurations
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] HA config misses local/remote address
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[CFG] coupling file path unspecified
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes des blowfish rc2 sha2 sha3 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 af-alg fips-prf gmp gmpdh curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm ntru drbg newhope bliss curl mysql sqlite attr kernel-netlink resolve socket-default socket-dynamic connmark forecast farp stroke vici smp updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap dhcp whitelist led duplicheck addrblock unity
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[DMN] removing pidfile '/var/run/charon.pid', process not running
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[JOB] spawning 16 worker threads
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 00[DMN] executing start script 'load-all' (/usr/sbin/swanctl --load-all --noprompt)
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 06[DMN] thread 6 received 11
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 06[LIB] no support for capturing backtraces
Wed Jan 1 12:37:53 2025 daemon.info ipsec: 06[DMN] killing ourself, received critical signal
Wed Jan 1 12:37:58 2025 daemon.info ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.11, Linux 5.15.167, aarch64)
Wed Jan 1 12:37:58 2025 daemon.info ipsec: 00[CFG] PKCS11 module '<name>' lacks library path
Wed Jan 1 12:37:58 2025 daemon.info ipsec: 00[LIB] providers loaded by OpenSSL: default
Wed Jan 1 12:37:58 2025 daemon.info ipsec: 00[LIB] plugin 'wolfssl' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-wolfssl.so: wolfssl_ec_diffie_hellman_create: symbol not found
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] disabling load-tester plugin, not configured
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[LIB] failed to open /dev/net/tun: No such file or directory
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[KNL] failed to create TUN device
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[LIB] plugin 'kernel-libipsec': failed to load - kernel_libipsec_plugin_create returned NULL
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] install DNS servers in '/etc/resolv.conf'
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[LIB] plugin 'uci' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-uci.so: uci_lookup: symbol not found
Wed Jan 1 12:37:59 2025 daemon.notice ttyd[3391]: [2025/01/01 12:37:59:2911] N: rops_handle_POLLIN_netlink: DELADDR
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[KNL] unable to create IPv4 routing table rule
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[KNL] unable to create IPv6 routing table rule
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] attr-sql plugin: database URI not set
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[NET] using forecast interface br-lan.10
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] expanding file expression '/var/ipsec/ipsec.secrets' failed
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] sql plugin: database URI not set
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] loaded 0 RADIUS server configurations
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] HA config misses local/remote address
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[CFG] coupling file path unspecified
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes des blowfish rc2 sha2 sha3 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 af-alg fips-prf gmp gmpdh curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm ntru drbg newhope bliss curl mysql sqlite attr kernel-netlink resolve socket-default socket-dynamic connmark forecast farp stroke vici smp updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap dhcp whitelist led duplicheck addrblock unity
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[DMN] removing pidfile '/var/run/charon.pid', process not running
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[JOB] spawning 16 worker threads
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 00[DMN] executing start script 'load-all' (/usr/sbin/swanctl --load-all --noprompt)
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 06[DMN] thread 6 received 11
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 06[LIB] no support for capturing backtraces
Wed Jan 1 12:37:59 2025 daemon.info ipsec: 06[DMN] killing ourself, received critical signal
Wed Jan 1 12:38:04 2025 daemon.info ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.11, Linux 5.15.167, aarch64)
Wed Jan 1 12:38:04 2025 daemon.info ipsec: 00[CFG] PKCS11 module '<name>' lacks library path
Wed Jan 1 12:38:04 2025 daemon.info ipsec: 00[LIB] providers loaded by OpenSSL: default
Wed Jan 1 12:38:04 2025 daemon.info ipsec: 00[LIB] plugin 'wolfssl' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-wolfssl.so: wolfssl_ec_diffie_hellman_create: symbol not found
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] disabling load-tester plugin, not configured
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[LIB] failed to open /dev/net/tun: No such file or directory
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[KNL] failed to create TUN device
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[LIB] plugin 'kernel-libipsec': failed to load - kernel_libipsec_plugin_create returned NULL
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] install DNS servers in '/etc/resolv.conf'
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[LIB] plugin 'uci' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-uci.so: uci_lookup: symbol not found
Wed Jan 1 12:38:05 2025 daemon.notice ttyd[3391]: [2025/01/01 12:38:05:2828] N: rops_handle_POLLIN_netlink: DELADDR
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[KNL] unable to create IPv4 routing table rule
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[KNL] unable to create IPv6 routing table rule
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] attr-sql plugin: database URI not set
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[NET] using forecast interface br-lan.10
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] expanding file expression '/var/ipsec/ipsec.secrets' failed
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] sql plugin: database URI not set
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] loaded 0 RADIUS server configurations
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] HA config misses local/remote address
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[CFG] coupling file path unspecified
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes des blowfish rc2 sha2 sha3 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 af-alg fips-prf gmp gmpdh curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm ntru drbg newhope bliss curl mysql sqlite attr kernel-netlink resolve socket-default socket-dynamic connmark forecast farp stroke vici smp updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap dhcp whitelist led duplicheck addrblock unity
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[DMN] removing pidfile '/var/run/charon.pid', process not running
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[JOB] spawning 16 worker threads
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 00[DMN] executing start script 'load-all' (/usr/sbin/swanctl --load-all --noprompt)
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 06[DMN] thread 6 received 11
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 06[LIB] no support for capturing backtraces
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 09[DMN] thread 9 received 11
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 09[LIB] no support for capturing backtraces
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 06[DMN] killing ourself, received critical signal
Wed Jan 1 12:38:05 2025 daemon.info ipsec: 04[DMN] thread 4 received 7
Wed Jan 1 12:38:10 2025 daemon.info ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.11, Linux 5.15.167, aarch64)
Wed Jan 1 12:38:10 2025 daemon.info ipsec: 00[CFG] PKCS11 module '<name>' lacks library path
Wed Jan 1 12:38:10 2025 daemon.info ipsec: 00[LIB] providers loaded by OpenSSL: default
Wed Jan 1 12:38:10 2025 daemon.info ipsec: 00[LIB] plugin 'wolfssl' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-wolfssl.so: wolfssl_ec_diffie_hellman_create: symbol not found
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] disabling load-tester plugin, not configured
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[LIB] failed to open /dev/net/tun: No such file or directory
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[KNL] failed to create TUN device
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[LIB] plugin 'kernel-libipsec': failed to load - kernel_libipsec_plugin_create returned NULL
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] install DNS servers in '/etc/resolv.conf'
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[LIB] plugin 'uci' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-uci.so: uci_lookup: symbol not found
Wed Jan 1 12:38:11 2025 daemon.notice ttyd[3391]: [2025/01/01 12:38:11:2331] N: rops_handle_POLLIN_netlink: DELADDR
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[KNL] unable to create IPv4 routing table rule
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[KNL] unable to create IPv6 routing table rule
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] attr-sql plugin: database URI not set
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[NET] using forecast interface br-lan.10
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] expanding file expression '/var/ipsec/ipsec.secrets' failed
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] sql plugin: database URI not set
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] loaded 0 RADIUS server configurations
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] HA config misses local/remote address
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[CFG] coupling file path unspecified
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes des blowfish rc2 sha2 sha3 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 af-alg fips-prf gmp gmpdh curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm ntru drbg newhope bliss curl mysql sqlite attr kernel-netlink resolve socket-default socket-dynamic connmark forecast farp stroke vici smp updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap dhcp whitelist led duplicheck addrblock unity
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[DMN] removing pidfile '/var/run/charon.pid', process not running
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[JOB] spawning 16 worker threads
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 00[DMN] executing start script 'load-all' (/usr/sbin/swanctl --load-all --noprompt)
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 09[DMN] thread 9 received 7
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 09[LIB] no support for capturing backtraces
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 08[DMN] thread 8 received 11
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 08[LIB] no support for capturing backtraces
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 10[DMN] thread 10 received 11
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 10[LIB] no support for capturing backtraces
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 08[DMN] killing ourself, received critical signal
Wed Jan 1 12:38:11 2025 daemon.info ipsec: 10[DMN] killing ourself, received critical signal
Wed Jan 1 12:38:16 2025 daemon.info ipsec: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.11, Linux 5.15.167, aarch64)
Wed Jan 1 12:38:16 2025 daemon.info ipsec: 00[CFG] PKCS11 module '<name>' lacks library path
Wed Jan 1 12:38:16 2025 daemon.info ipsec: 00[LIB] providers loaded by OpenSSL: default
Wed Jan 1 12:38:16 2025 daemon.info ipsec: 00[LIB] plugin 'wolfssl' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-wolfssl.so: wolfssl_ec_diffie_hellman_create: symbol not found
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] disabling load-tester plugin, not configured
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[LIB] failed to open /dev/net/tun: No such file or directory
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[KNL] failed to create TUN device
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[LIB] plugin 'kernel-libipsec': failed to load - kernel_libipsec_plugin_create returned NULL
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] install DNS servers in '/etc/resolv.conf'
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[LIB] plugin 'uci' failed to load: Error relocating /usr/lib/ipsec/plugins/libstrongswan-uci.so: uci_lookup: symbol not found
Wed Jan 1 12:38:17 2025 daemon.notice ttyd[3391]: [2025/01/01 12:38:17:3023] N: rops_handle_POLLIN_netlink: DELADDR
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[KNL] unable to create IPv4 routing table rule
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[KNL] unable to create IPv6 routing table rule
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] attr-sql plugin: database URI not set
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[NET] using forecast interface br-lan.10
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] expanding file expression '/var/ipsec/ipsec.secrets' failed
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] sql plugin: database URI not set
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] loaded 0 RADIUS server configurations
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] HA config misses local/remote address
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[CFG] coupling file path unspecified
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes des blowfish rc2 sha2 sha3 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 af-alg fips-prf gmp gmpdh curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm ntru drbg newhope bliss curl mysql sqlite attr kernel-netlink resolve socket-default socket-dynamic connmark forecast farp stroke vici smp updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap dhcp whitelist led duplicheck addrblock unity
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[DMN] removing pidfile '/var/run/charon.pid', process not running
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[JOB] spawning 16 worker threads
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 00[DMN] executing start script 'load-all' (/usr/sbin/swanctl --load-all --noprompt)
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 03[DMN] thread 3 received 11
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 03[LIB] no support for capturing backtraces
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 10[DMN] thread 10 received 11
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 08[DMN] thread 8 received 7
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 08[LIB] no support for capturing backtraces
Wed Jan 1 12:38:17 2025 daemon.info ipsec: 03[DMN] killing ourself, received critical signal
Wed Jan 1 12:38:17 2025 daemon.info procd: Instance swanctl::instance1 s in a crash loop 6 crashes, 1 seconds since last crash
my configuration
/etc/swanctl/conf.d/my.conf
connections {
rw-pubkeyios {
include ./common_conf
remote-pubkeyios {
auth = pubkey
cacert = root_ca.crt
certs = XXXXX
id = XXXXXX
}
send_certreq = no
send_cert = always
}
}
pools {
strongswanippool {
addrs = 192.168.162.0/24
netmask = 255.255.255.0
dns= 192.168.2.2, 192.168.2.1
}
}
authorities {
nstd {
cacert = root-ca.crt
}
}
/etc/swanctl/conf.d/common_conf
local_addrs = 0.0.0.0/0,::/0
remote_addrs = 0.0.0.0/0,::/0
local {
auth = pubkey
certs = XXXXX
id = XXXXXXX
}
children {
ikev2clients {
mode = tunnel
local_ts = 0.0.0.0/0;::/0
esp_proposals = default
rekey_time = 1h
start_action = none
close_action = none
dpd_action = clear
# if_id_in =357
# if_id_out = 357
}
}
pools = strongswanippool
vips = 0.0.0.0/0,::/0
unique = never
version = 2
mobike = yes
rekey_time = 3h
over_time = 18m
dpd_delays = 300s
keyingtries = 3
proposals = default