8392 questions

9870 answers

15658 comments

14140 members

0 votes
65 views 1 comments
by

Hi All:

Using FW 7.5, we have a modified /etc/init.d/ipsec file, the modified section is:

prepare_strongswan_config(){

echo "charon {" >"$File_strongswan"

if [ $KERNEL_LIB -eq 0 ]; then

echo " load = charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown vici xauth-generic" >>"$File_strongswan"

else

echo " load = charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic vici kernel-libipsec" >>"$File_strongswan"

fi

echo " i_dont_care_about_security_and_use_aggressive_mode_psk = yes" >>"$File_strongswan"

echo "  charon.make_before_break = yes" >>"$File_strongswan"

echo "}" >>"$File_strongswan"

The addition is the second last line. This works fine on FW 7.5.

On 8.3 strongswan throws this error when we issue a /etc/init.d/ipsec start:

root@CORS271:~# /etc/init.d/ipsec start                                                       

/etc/strongswan.conf:4: syntax error, unexpected ., expecting : or '{' or '=' [.]             

invalid config file '/etc/strongswan.conf'                                                    

abort initialization due to invalid configuration                                             

Starting strongSwan 5.8.4 IPsec [starter]...      

I need to change that /etc/init.d/ipsec file but have no idea what to adjust.

Any ideas?

Cheers,

John

by
Is anyone at TTNK going to answer this?

Every other problem I have you say to upgrade the FW to the latest, as you can see if I do that by vpn breaks.

Are you going to address this or not?

You have had 3 weeks.

Standing by.

Cheers,

John

1 Answer

0 votes
by

Ok, figured this out.

In the /etc/init.d/ipsec file, in the ok .74 and .75 FW I have this which worecho " i_dont_care_about_security_and_use_aggressive_mode_psk = yes" >>"$File_strongswan"

echo "  charon.make_before_break = yes" >>"$File_strongswan"

There is actually a mistake in there but it worked anyway. To make this work with 0.83 it needs to be changed to:

echo " i_dont_care_about_security_and_use_aggressive_mode_psk = yes" >>"$File_strongswan"

echo "  make_before_break = yes" >>"$File_strongswan"

Now it works fine.

Cheers,

John