Hi Guys,
Trying to get strongswan working on an Ubuntu box. I have configured the ipsec.conf file as follows:
Code:
config setup
plutodebug=all
charonstart=yes
plutostart=yes
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=secret
conn net-net
left=125.xxx.xxx.70
leftsubnet=192.168.21.170/32
leftid=@luca
leftfirewall=yes
right=121.xxx.xxx.28
rightsubnet=10.80.50.104/32
rightid=@home
ike=3des-md5,3des-sha
esp=3des-md5,3des-sha1
auto=add
The 'left' configuration is the Ubuntu box and the 'right' config is the remote site which is a Cisco router. I can see from the Cisco that it is trying to establish the connection but nothing happens. TCPDUMP shows the traffic hitting the ubuntu box.
Looking through the 'auth.log' file i see lots of errors about something called pluto... specifically this one -
Code:
ipsec_starter[26671]: FATAL ERROR: pluto cannot run without a SHA-1 hasher.
ipsec_starter[26671]: pluto has died -- restart scheduled (5sec)
ipsec_starter[26671]: pluto refused to be started
pluto[30852]: Starting IKEv1 pluto daemon (strongSwan 4.3.2) THREADS SMARTCARD VENDORID CISCO_QUIRKS
pluto[30852]: loading plugin 'aes' failed: /usr/lib/ipsec/plugins/libstrongswan-aes.so: cannot open shared object file: No such file or directory
pluto[30852]: loading plugin 'des' failed: /usr/lib/ipsec/plugins/libstrongswan-des.so: cannot open shared object file: No such file or directory
pluto[30852]: loading plugin 'sha1' failed: /usr/lib/ipsec/plugins/libstrongswan-sha1.so: cannot open shared object file: No such file or directory
pluto[30852]: loading plugin 'md5' failed: /usr/lib/ipsec/plugins/libstrongswan-md5.so: cannot open shared object file: No such file or directory
pluto[30852]: loading plugin 'sha2' failed: /usr/lib/ipsec/plugins/libstrongswan-sha2.so: cannot open shared object file: No such file or directory
Any thoughts on this? It looks like the pluto service can't start due to some missing files.... I can't find any info on this though.