Привет, у меня проблема с Digi ccimx6ul (встроенный Linux - проект yocto), когда я запускаю ipsec с помощью strongswan. Я получаю следующую ошибку
Starting strongSwan 5.7.1 IPsec [starter]...
no netkey IPsec stack detected
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!
00[DMN] Starting IKE charon daemon (strongSwan 5.7.1, Linux 4.14.141-dey+g0f5a740ab5b8, armv7l)
00[KNL] unable to create netlink socket: Protocol not supported (93)
00[NET] installing IKE bypass policy failed
00[NET] installing IKE bypass policy failed
00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
00[NET] installing IKE bypass policy failed
00[NET] installing IKE bypass policy failed
00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUSTOM:kernel-ipsec
00[KNL] received netlink error: Operation not supported (95)
00[KNL] unable to create IPv4 routing table rule
00[KNL] received netlink error: Operation not supported (95)
00[KNL] unable to create IPv6 routing table rule
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
00[CFG] loaded ca certificate "CN=VPN root CA" from '/etc/ipsec.d/cacerts/ca-cert.pem'
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
00[CFG] loading crls from '/etc/ipsec.d/crls'
00[CFG] loading secrets from '/etc/ipsec.secrets'
00[CFG] loaded EAP secret for vpn
00[LIB] failed to load 1 critical plugin feature
00[DMN] initialization failed - aborting charon
00[KNL] received netlink error: Operation not supported (95)
00[KNL] received netlink error: Operation not supported (95)
charon has quit: initialization failed
charon refused to be started
ipsec starter stopped
config setup
conn ikev2-rw
ike=aes256-sha1-modp1024,3des-sha1-modp1024!
esp=aes256-sha1,3des-sha1!
right=192.168.234.146
# This should match the `leftid` value on your server's configuration
rightid=192.168.234.146
rightsubnet=0.0.0.0/0
rightauth=pubkey
leftsourceip=%config
leftid=vpn
leftauth=eap-mschapv2
eap_identity=%identity
auto=start
vpn : EAP "vpn"
root@ccimx6ulstarter:/etc/strongswan.d/charon# ls
aes.conf md5.conf revocation.conf
attr.conf nonce.conf sha1.conf
cmac.conf openssl.conf sha2.conf
constraints.conf pem.conf socket-default.conf
curl.conf pgp.conf sqlite.conf
curve25519.conf pkcs1.conf sshkey.conf
des.conf pkcs12.conf stroke.conf
dnskey.conf pkcs7.conf updown.conf
gmp.conf pkcs8.conf vici.conf
hmac.conf pubkey.conf x509.conf
random.conf xauth-generic.conf resolve.conf
kernel-netlink.conf rc2.conf xcbc.conf
# strongswan.conf - strongSwan configuration file
#
# Refer to the strongswan.conf(5) manpage for details
#
# Configuration changes should be made in the included files
charon {
load_modular = yes
plugins {
include strongswan.d/charon/*.conf
}
}
Ваша проблема на уровне ядра:
00[KNL] unable to create netlink socket: Protocol not supported (93)
00[KNL] received netlink error: Operation not supported (95)
Возможно, вам не хватает xfrm_* модули ядра. Вы можете попробовать, например:
modprobe xfrm_user
но, вероятно, это не удастся.
Вам нужно перекомпилировать ядро с список необходимых модулей ядра из вики StrongSwan.