Ubuntu
strongswan package

missing plugins (pkcs11, ctr, ccm)

Bug #771778 reported by Florian Daniel
30
This bug affects 5 people
Affects Status Importance Assigned to Milestone
strongswan (Debian)
Fix Released
Unknown
strongswan (Ubuntu)
Fix Released
Medium
Unassigned
Natty
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: openswan

Tried to create IPSec connections with network-manager-strongswan, strongwan service fails with missing plugins even so configured in debian/rules file of the package.

Apr 27 14:09:48 air charon: 00[LIB] plugin 'pkcs11' failed to load: /usr/lib/ipsec/plugins/libstrongswan-pkcs11.so: cannot open shared object file: No such file or directory
Apr 27 14:09:48 air charon: 00[LIB] plugin 'ctr' failed to load: /usr/lib/ipsec/plugins/libstrongswan-ctr.so: cannot open shared object file: No such file or directory
Apr 27 14:09:48 air charon: 00[LIB] plugin 'ccm' failed to load: /usr/lib/ipsec/plugins/libstrongswan-ccm.so: cannot open shared object file: No such file or directory
Apr 27 14:09:48 air charon: 00[LIB] plugin 'gcm' failed to load: /usr/lib/ipsec/plugins/libstrongswan-gcm.so: cannot open shared object file: No such file or directory

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: openswan (not installed)
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic 2.6.38.2
Uname: Linux 2.6.38-8-generic x86_64
NonfreeKernelModules: wl nvidia
Architecture: amd64
Date: Wed Apr 27 14:12:04 2011
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Beta amd64 (20110413)
ProcEnviron:
 LANGUAGE=en_US:en
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: openswan
UpgradeStatus: No upgrade log present (probably fresh install)

Florian Daniel (fd-noxa)
affects: openswan (Ubuntu) → network-manager-strongswan (Ubuntu)
Revision history for this message
Peter Winterer (peter-winterer) wrote :

I can confirm this issue! In Ubuntu 11.04, I can setup a vpn-connection within the NetworkManager. However, it is not possible to establish an ipsec network connection. It stops immediately after starting the vpn-connection, with the error message, "service doesn't start in time .."

In my opinion, in Ubuntu 11.04 the NetworkManager-Plugin "libstrongswan-nm.so" is missing in the package "strongswan-nm"

After building strongSwan NetworkManager-Plugin from source on a Ubuntu 11.04 box, I can again establish ipsec-connections without any errors!

Revision history for this message
Florian Daniel (fd-noxa) wrote : Re: [Bug 771778] Re: missing plugins (pkcs11, ctr, ccm)

Hi Peter,

danke fuer die Info, ich werde es gleich mal probieren.
Welche Sourcen hast Du verwendet? Mittels apt-get source oder clone aus
dem git?

Gruesse,
Florian
On 05/04/2011 01:38 PM, Peter Winterer wrote:
> I can confirm this issue! In Ubuntu 11.04, I can setup a vpn-connection
> within the NetworkManager. However, it is not possible to establish an
> ipsec network connection. It stops immediately after starting the vpn-
> connection, with the error message, "service doesn't start in time .."
>
> In my opinion, in Ubuntu 11.04 the NetworkManager-Plugin "libstrongswan-
> nm.so" is missing in the package "strongswan-nm"
>
> After building strongSwan NetworkManager-Plugin from source on a Ubuntu
> 11.04 box, I can again establish ipsec-connections without any errors!
>

Revision history for this message
Laurent Bigonville (bigon) wrote :

I've the same issue here

Changed in network-manager-strongswan (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Laurent Bigonville (bigon)
affects: network-manager-strongswan (Ubuntu) → strongswan (Ubuntu)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package strongswan - 4.5.0-1ubuntu2

---------------
strongswan (4.5.0-1ubuntu2) oneiric; urgency=low

  * Build and ship network-manager module (LP: #771778)
 -- Laurent Bigonville <email address hidden> Tue, 24 May 2011 15:24:15 +0200

Changed in strongswan (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Nonymus (nonymus) wrote :

libstrongswan-pkcs11.so is still missing.

"ipsec pki --gen" for instance still fails with mentioned error message.

Revision history for this message
Laurent Bigonville (bigon) wrote :

Hi,

Here a patch for natty, this add the missing modules.

For now strongswan-nm (network-manager integration) is not working due to a missing module, so I guess this is quite a good idea to fix it in natty.

Revision history for this message
Chris Halse Rogers (raof) wrote :

It looks like strongswan is still missing libstrongswan-pkcs11.so in oneiric. Please fix that first. After that the natty-proposed package looks good.

Chris Halse Rogers (raof)
Changed in strongswan (Ubuntu):
status: Fix Released → Triaged
Revision history for this message
Laurent Bigonville (bigon) wrote :

@Chris Well according to the oneiric buildlog, libstrongswan-pkcs11.so is present in libstrongswan package

Revision history for this message
Chris Halse Rogers (raof) wrote :

Hm. Quite true. There it is! I clearly need better tools.

Sorry for the noise.

Changed in strongswan (Ubuntu):
status: Triaged → Fix Released
Changed in strongswan (Ubuntu Natty):
status: New → Fix Committed
tags: added: verification-needed
Revision history for this message
Chris Halse Rogers (raof) wrote : Please test proposed package

Accepted strongswan into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Revision history for this message
Peter Winterer (peter-winterer) wrote :

on a fresh installed ubuntu natty. I upgraded the strongswan-nm package to proposed as described in documentation. however it is still broken. I can(!) setup a strongswan vpn-connection with the network-manager plugin and I can(!) establish a vpn-connection. one step more than before. however, it seems to me that the client doesn't answer to dpd-packets from the vpn-gateway, therefore the gateway deletes the vpn-connection after 5 unacknowledged dpd-packets. building strongswan network-manager-plugin from source works flawlessly.

Revision history for this message
Laurent Bigonville (bigon) wrote :

@Peter I guess you should open a new bug for this issue.

But can you confirm that the original problem described in this bug is fixed?

Revision history for this message
Peter Winterer (peter-winterer) wrote :

With the proposed strongswan packages installed, the missing strongswan libs are available. That means, I'm able to setup and start a strongswan vpn-connection. So, the bug described here, is fixed. Thanks for solving that issue!

Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package strongswan - 4.5.0-1ubuntu1.1

---------------
strongswan (4.5.0-1ubuntu1.1) natty-proposed; urgency=low

  * Add missing plugins (libstrongswan-addrblock.so, libstrongswan-led.so,
    libstrongswan-gcm.so, libstrongswan-ccm.so, libstrongswan-ctr.so,
    libstrongswan-pkcs11.so and libstrongswan-nm.so) LP: #771778
 -- Laurent Bigonville <email address hidden> Tue, 19 Jul 2011 10:55:14 +0200

Changed in strongswan (Ubuntu Natty):
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in strongswan (Debian):
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.