你好,当我使用 strongswan 启动 ipsec 时,我遇到了 Digi ccimx6ul(嵌入式 Linux - yocto 项目)的一些问题。我收到以下错误
p/s:我已经在 ubuntu 18.04 上成功运行了这样的 ipsec,但是 Digi ccimx6ul 与 linxu 4.14 出现错误,请帮帮我...谢谢。
Starting strongSwan 5.7.1 IPsec [starter]...
no netkey IPsec stack detected
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!
00[DMN] Starting IKE charon daemon (strongSwan 5.7.1, Linux 4.14.141-dey+g0f5a740ab5b8, armv7l)
00[KNL] unable to create netlink socket: Protocol not supported (93)
00[NET] installing IKE bypass policy failed
00[NET] installing IKE bypass policy failed
00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
00[NET] installing IKE bypass policy failed
00[NET] installing IKE bypass policy failed
00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUSTOM:kernel-ipsec
00[KNL] received netlink error: Operation not supported (95)
00[KNL] unable to create IPv4 routing table rule
00[KNL] received netlink error: Operation not supported (95)
00[KNL] unable to create IPv6 routing table rule
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
00[CFG] loaded ca certificate "CN=VPN root CA" from '/etc/ipsec.d/cacerts/ca-cert.pem'
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
00[CFG] loading crls from '/etc/ipsec.d/crls'
00[CFG] loading secrets from '/etc/ipsec.secrets'
00[CFG] loaded EAP secret for vpn
00[LIB] failed to load 1 critical plugin feature
00[DMN] initialization failed - aborting charon
00[KNL] received netlink error: Operation not supported (95)
00[KNL] received netlink error: Operation not supported (95)
charon has quit: initialization failed
charon refused to be started
ipsec starter stopped
文件 ipsec.conf
config setup
conn ikev2-rw
ike=aes256-sha1-modp1024,3des-sha1-modp1024!
esp=aes256-sha1,3des-sha1!
right=192.168.234.146
# This should match the `leftid` value on your server's configuration
rightid=192.168.234.146
rightsubnet=0.0.0.0/0
rightauth=pubkey
leftsourceip=%config
leftid=vpn
leftauth=eap-mschapv2
eap_identity=%identity
auto=start
文件 ipsec.secrets
vpn : EAP "vpn"
文件 /etc/strongswan.d/charon : ls
root@ccimx6ulstarter:/etc/strongswan.d/charon# ls
aes.conf md5.conf revocation.conf
attr.conf nonce.conf sha1.conf
cmac.conf openssl.conf sha2.conf
constraints.conf pem.conf socket-default.conf
curl.conf pgp.conf sqlite.conf
curve25519.conf pkcs1.conf sshkey.conf
des.conf pkcs12.conf stroke.conf
dnskey.conf pkcs7.conf updown.conf
gmp.conf pkcs8.conf vici.conf
hmac.conf pubkey.conf x509.conf
random.conf xauth-generic.conf resolve.conf
kernel-netlink.conf rc2.conf xcbc.conf
strongswan.conf
# strongswan.conf - strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should be made in the included files
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
标题
答案1
您的问题属于内核级别:
00[KNL] unable to create netlink socket: Protocol not supported (93)
00[KNL] received netlink error: Operation not supported (95)
可能是你缺少xfrm_*
内核模块。你可以尝试,例如:
modprobe xfrm_user
但它很可能会失败。
您需要使用以下命令重新编译内核所需内核模块列表来自 StrongSwan 的 wiki。