docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon strongX509

Unable to start the charon

Open herbertt12 opened this issue 4 years ago • 4 comments

Hello, when I follow the readme step by step to set up the strongswan, the following problem comes when I enter the docker and execute ./charon. Any advises for solving this problem. Thanks.

00[DMN] Starting IKE charon daemon (strongSwan 6.0dr10, Linux 3.10.0-1127.18.2.el7.x86_64, x86_64) 00[LIB] loaded plugins: charon random nonce x509 constraints pubkey pkcs1 pkcs8 pkcs12 pem openssl frodo oqs drbg kernel-netlink resolve socket-default vici updown 00[JOB] spawning 16 worker threads 00[DMN] executing start script 'creds' (swanctl --load-creds) 13[CFG] loaded certificate 'C=CH, O=Cyber, [email protected]' 05[DMN] thread 5 received 4 05[LIB] dumping 2 stack frame addresses: 05[LIB] /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f7e06253000 [0x7f7e062683c0] sh: 1: addr2line: not found 05[LIB] -> 05[LIB] /lib/liboqs.so.0 @ 0x7f7e04e49000 (KeccakP1600_Initialize+0x0) [0x7f7e057d4640] sh: 1: addr2line: not found 05[LIB] -> dumping 2 stack frame addresses: /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f7e06253000 [0x7f7e062683c0] sh: 1: addr2line: not found -> /lib/liboqs.so.0 @ 0x7f7e04e49000 (KeccakP1600_Initialize+0x0) [0x7f7e057d4640] sh: 1: addr2line: not found -> 05[DMN] killing ourself, received critical signal Aborted (core dumped)

herbertt12 avatar Oct 15 '21 09:10 herbertt12

Hello Herb,

there seems to be a problem with the liboqs library which crashes. I see that you are running strongSwan on a very old Linux 3.10 kernel which might cause the problem.

00[DMN] Starting IKE charon daemon (strongSwan 6.0dr10, Linux 3.10.0-1127.18.2.el7.x86_64, x86_64)

Best regards

Andreas

On 15.10.21 11:57, Herb wrote:

Hello, when I follow the readme step by step to set up the strongswan, the following problem comes when I enter the docker and execute ./charon. Any advises for solving this problem. Thanks.

00[DMN] Starting IKE charon daemon (strongSwan 6.0dr10, Linux 3.10.0-1127.18.2.el7.x86_64, x86_64) 00[LIB] loaded plugins: charon random nonce x509 constraints pubkey pkcs1 pkcs8 pkcs12 pem openssl frodo oqs drbg kernel-netlink resolve socket-default vici updown 00[JOB] spawning 16 worker threads 00[DMN] executing start script 'creds' (swanctl --load-creds) 13[CFG] loaded certificate 'C=CH, O=Cyber, @.*** @.***>' 05[DMN] thread 5 received 4 05[LIB] dumping 2 stack frame addresses: 05[LIB] /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f7e06253000 [0x7f7e062683c0] sh: 1: addr2line: not found 05[LIB] -> 05[LIB] /lib/liboqs.so.0 @ 0x7f7e04e49000 (KeccakP1600_Initialize+0x0) [0x7f7e057d4640] sh: 1: addr2line: not found 05[LIB] -> dumping 2 stack frame addresses: /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f7e06253000 [0x7f7e062683c0] sh: 1: addr2line: not found -> /lib/liboqs.so.0 @ 0x7f7e04e49000 (KeccakP1600_Initialize+0x0) [0x7f7e057d4640] sh: 1: addr2line: not found -> 05[DMN] killing ourself, received critical signal Aborted (core dumped)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/strongX509/docker/issues/1, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABFV775UUO36QVGCUSBUUK3UG73J3ANCNFSM5GBTJU4Q. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

--

Andreas Steffen @.*** strongSwan - the Open Source VPN Solution! www.strongswan.org strongSec GmbH, 8952 Schlieren (Switzerland)

strongX509 avatar Oct 15 '21 10:10 strongX509

hi,

trying to resurrect this topic as I am seeing the same problem with an up2date linux kernel (ubuntu 22.04) right now.

I have pulled the pq-strongswan docker images from docker hub as instructed in the README of https://github.com/strongX509/docker/tree/master/pq-strongswan

when I try to start the daemon in docker "moon" I get the follow errors

root@5c7516ada6bf:/# ./charon 00[DMN] Starting IKE charon daemon (strongSwan 6.0.0beta3, Linux 5.19.0-43-generic, x86_64) 00[LIB] providers loaded by OpenSSL: legacy default 00[CFG] install DNS servers in '/etc/resolv.conf' 00[KNL] unable to create IPv4 routing table rule 00[KNL] unable to create IPv6 routing table rule 00[LIB] loaded plugins: charon random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pgp dnskey sshkey pem openssl pkcs8 xcbc cmac kdf frodo oqs drbg attr kernel-netlink resolve socket-default vici updown 00[DMN] removing pidfile '/var/run/charon.pid', process not running 00[JOB] spawning 16 worker threads 00[DMN] executing start script 'creds' (swanctl --load-creds) 03[CFG] loaded certificate 'C=CH, O=Cyber, CN=moon.strongswan.org' 09[DMN] thread 9 received 4 09[LIB] dumping 19 stack frame addresses: 09[LIB] /lib/x86_64-linux-gnu/libc.so.6 @ 0x7f14ee839000 [0x7f14ee87b520] sh: 1: addr2line: not found 09[LIB] -> 09[LIB] /lib/x86_64-linux-gnu/liboqs.so.2 @ 0x7f14ed801000 [0x7f14ede559aa] sh: 1: addr2line: not found 09[LIB] -> 09[LIB] /lib/x86_64-linux-gnu/liboqs.so.2 @ 0x7f14ed801000 [0x7f14ede734e2] sh: 1: addr2line: not found

. . .

/lib/x86_64-linux-gnu/libc.so.6 @ 0x7f14ee839000 [0x7f14ee95fa00] sh: 1: addr2line: not found -> 09[DMN] killing ourself, received critical signal load-cert request failed: Connection reset by peer Aborted (core dumped) root@5c7516ada6bf:/# load-key request failed: Broken pipe unsupported key type in '/etc/swanctl/pkcs8/moonKey.pem' load-key request failed: Broken pipe

root@5c7516ada6bf:/#

does anybody have some advice? this does sound too basic and I wonder what I am doing wrong

Christian

cschmutzer avatar Jun 15 '23 12:06 cschmutzer

The problem is stated in the following error message:

unsupported key type in '/etc/swanctl/pkcs8/moonKey.pem

Did you take the existing moonKey.pem File from the docker distro or did you regenerate the key with the gen_certs.sh script?

strongX509 avatar Jun 18 '23 15:06 strongX509

hi,

I took the one included in the docker distro. i.e just followed the instructions from https://github.com/strongX509/docker/tree/master/pq-strongswan#create-docker-containers-and-local-networks

I suspect some issue with pki on the 6.0beta version. here an example of trying to create a key. error messages are spit out but a key is created and can also be printed

root@5c7516ada6bf:/etc/swanctl# pki --gen --type ecdsa --size 384 --outform pem > test_ecdsa_384.pem plugin 'plugins:': failed to load - plugins:_plugin_create not found and no plugin file available plugin 'pkcs12': failed to load - pkcs12_plugin_create not found and no plugin file available root@5c7516ada6bf:/etc/swanctl#

root@5c7516ada6bf:/etc/swanctl# ls | grep test test_ecdsa_384.pem

root@5c7516ada6bf:/etc/swanctl# pki --print --in test_ecdsa_384.pem --type ecdsa plugin 'plugins:': failed to load - plugins:_plugin_create not found and no plugin file available plugin 'pkcs12': failed to load - pkcs12_plugin_create not found and no plugin file available privkey: ECDSA 384 bits keyid: d1:03:61:81:69:6b:70:56:d4:3b:3c:2b:6f:70:16:e1:a0:00:36:63 subjkey: e7:88:55:f1:02:91:f4:79:50:1e:64:83:1f:ef:ab:c8:77:fc:8e:c4 root@5c7516ada6bf:/etc/swanctl#

on 5.9 creating the same key does not show the error messages

root@94658b516ca8:/etc/swanctl# pki --gen --type ecdsa --size 384 --outform pem > test2_ecdsa_384.pem

root@94658b516ca8:/etc/swanctl# pki --print --in test2_ecdsa_384.pem --type ecdsa privkey: ECDSA 384 bits keyid: 13:40:12:e6:b0:40:00:e9:d7:bc:b7:83:16:56:e8:b3:c3:91:1e:6c subjkey: 3b:59:4a:39:2c:62:ac:2d:03:38:9f:a6:1e:1d:06:d6:11:7f:27:96 root@94658b516ca8:/etc/swanctl#

Christian

cschmutzer avatar Jun 19 '23 07:06 cschmutzer