[FS#493] strongSwan no known IPsec stack detected since switch to kernel 4.9
LEDE Bugs
lede-bugs at lists.infradead.org
Thu Feb 9 16:11:01 PST 2017
A new Flyspray task has been opened. Details are below.
User who did this - KPapad (kpv)
Attached to Project - LEDE Project
Summary - strongSwan no known IPsec stack detected since switch to kernel 4.9
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To -
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - On a newly compiled LEDE r3374 trunk VM with kernel 4.9.8, strongSwan reports IPsec stack missing, possibly due to xfrm_* dependencies missing. My previous build with same config from 2 days ago (with kernel 4.4.x) seemed OK:
usyBox v1.26.2 () built-in shell (ash)
_________
/ /\ _ ___ ___ ___
/ LE / \ | | | __| \| __|
/ DE / \ | |__| _|| |) | _|
/________/ LE \ |____|___|___/|___| lede-project.org
\ \ DE /
\ LE \ / -----------------------------------------------------------
\ DE \ / Reboot (SNAPSHOT, r3374-fe1e362)
\________\/ -----------------------------------------------------------
root at LEDE:~#
root at LEDE:~# logread
...
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.858558] kmodloader: 8 modules could not be probed
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.860471] kmodloader: missing dependency xfrm_algo
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.872219] kmodloader: - af_key - 1
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.874243] kmodloader: missing dependency xfrm_algo
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.876215] kmodloader: - ah4 - 1
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.878142] kmodloader: missing dependency xfrm_algo
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.880019] kmodloader: - ah6 - 1
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.890067] kmodloader: missing dependency xfrm_algo
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.901452] kmodloader: - esp4 - 1
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.903455] kmodloader: missing dependency xfrm_algo
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.905392] kmodloader: - esp6 - 1
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.907195] kmodloader: missing dependency xfrm_ipcomp
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.910457] kmodloader: - ipcomp - 1
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.921727] kmodloader: missing dependency xfrm_ipcomp
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.923874] kmodloader: - ipcomp6 - 1
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.925643] kmodloader: missing dependency xfrm_algo
Thu Feb 9 20:18:52 2017 user.err kernel: [ 10.927613] kmodloader: - xfrm_user - 1
Thu Feb 9 20:18:53 2017 user.notice : Added device handler type: tunnel
Thu Feb 9 20:18:53 2017 user.notice : Added device handler type: Network device
Thu Feb 9 20:18:53 2017 user.notice : Added device handler type: bridge
Thu Feb 9 20:18:53 2017 user.notice : Added device handler type: macvlan
Thu Feb 9 20:18:53 2017 user.notice : Added device handler type: 8021ad
Thu Feb 9 20:18:53 2017 user.notice : Added device handler type: 8021q
Thu Feb 9 20:18:54 2017 kern.notice kernel: [ 14.764420] random: crng init done
Thu Feb 9 20:18:54 2017 authpriv.warn dropbear[1814]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
Thu Feb 9 20:18:54 2017 authpriv.info dropbear[1814]: Not backgrounding
Thu Feb 9 20:18:55 2017 kern.info kernel: [ 15.950825] 8021q: adding VLAN 0 to HW filter on device eth0
Thu Feb 9 20:18:55 2017 kern.info kernel: [ 15.953210] br-lan: port 1(eth0) entered blocking state
Thu Feb 9 20:18:55 2017 kern.info kernel: [ 15.957430] br-lan: port 1(eth0) entered disabled state
Thu Feb 9 20:18:55 2017 kern.info kernel: [ 15.959553] device eth0 entered promiscuous mode
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'lan' is enabled
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'lan' is setting up now
Thu Feb 9 20:18:55 2017 kern.info kernel: [ 15.989534] br-lan: port 1(eth0) entered blocking state
Thu Feb 9 20:18:55 2017 kern.info kernel: [ 15.991689] br-lan: port 1(eth0) entered forwarding state
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'lan' is now up
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'loopback' is enabled
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'loopback' is setting up now
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'loopback' is now up
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'wan' is enabled
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'wan6' is enabled
Thu Feb 9 20:18:55 2017 daemon.notice netifd: bridge 'br-lan' link is up
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'lan' has link connectivity
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Network device 'eth0' link is up
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Network device 'lo' link is up
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'loopback' has link connectivity
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Network device 'eth1' link is up
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'wan' has link connectivity
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'wan' is setting up now
Thu Feb 9 20:18:55 2017 kern.info kernel: [ 16.042670] 8021q: adding VLAN 0 to HW filter on device eth1
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'wan6' has link connectivity
Thu Feb 9 20:18:55 2017 daemon.notice netifd: Interface 'wan6' is setting up now
Thu Feb 9 20:18:55 2017 daemon.info odhcpd[1766]: Raising SIGUSR1 due to address change on br-lan
Thu Feb 9 20:18:55 2017 daemon.notice netifd: wan (1954): udhcpc: started, v1.26.2
Thu Feb 9 20:18:55 2017 daemon.notice netifd: wan (1954): udhcpc: sending discover
Thu Feb 9 20:18:56 2017 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Thu Feb 9 20:18:56 2017 daemon.notice netifd: wan (1954): udhcpc: sending select for 10.0.3.105
Thu Feb 9 20:18:56 2017 daemon.notice netifd: wan (1954): udhcpc: lease of 10.0.3.105 obtained, lease time 3600
Thu Feb 9 20:18:56 2017 daemon.info odhcpd[1766]: Initial RA router lifetime 0, 1 address(es) available on br-lan
Thu Feb 9 20:18:56 2017 daemon.notice odhcpd[1766]: Failed to send to ff02::1%br-lan (Address not available)
Thu Feb 9 20:18:56 2017 daemon.err odhcp6c[1953]: Failed to send DHCPV6 message to ff02::1:2 (Address not available)
Thu Feb 9 20:18:56 2017 daemon.notice netifd: Interface 'wan' is now up
Thu Feb 9 20:18:56 2017 user.notice : no files found matching '/etc/strongswan.d/*.conf'
Thu Feb 9 20:18:56 2017 user.notice : Starting strongSwan 5.5.1 IPsec [starter]...
Thu Feb 9 20:18:56 2017 authpriv.info ipsec_starter[2068]: Starting strongSwan 5.5.1 IPsec [starter]...
Thu Feb 9 20:18:56 2017 daemon.err modprobe: failed to find dependency xfrm_algo
Thu Feb 9 20:18:56 2017 daemon.err modprobe: 1 module could not be probed
Thu Feb 9 20:18:56 2017 daemon.err modprobe: - af_key
Thu Feb 9 20:18:56 2017 authpriv.info ipsec_starter[2068]: no netkey IPsec stack detected
Thu Feb 9 20:18:56 2017 user.notice : no netkey IPsec stack detected
Thu Feb 9 20:18:56 2017 user.notice : modprobe: unrecognized option: v
Thu Feb 9 20:18:56 2017 daemon.info modprobe: Usage:
modprobe [-q] filename
Thu Feb 9 20:18:56 2017 authpriv.info ipsec_starter[2068]: no KLIPS IPsec stack detected
Thu Feb 9 20:18:56 2017 authpriv.info ipsec_starter[2068]: no known IPsec stack detected, ignoring!
Thu Feb 9 20:18:56 2017 user.notice : no KLIPS IPsec stack detected
Thu Feb 9 20:18:56 2017 user.notice : no known IPsec stack detected, ignoring!
Thu Feb 9 20:18:56 2017 daemon.info : 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 4.9.8, i686)
Thu Feb 9 20:18:57 2017 daemon.err modprobe: failed to find dependency xfrm_algo
Thu Feb 9 20:18:57 2017 daemon.err modprobe: 1 module could not be probed
Thu Feb 9 20:18:57 2017 daemon.err modprobe: - xfrm_user
Thu Feb 9 20:18:57 2017 daemon.info : 00[KNL] unable to create netlink socket: Protocol not supported (93)
Thu Feb 9 20:18:57 2017 daemon.info : 00[NET] installing IKE bypass policy failed
Thu Feb 9 20:18:57 2017 daemon.info : 00[NET] installing IKE bypass policy failed
Thu Feb 9 20:18:57 2017 daemon.info : 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
Thu Feb 9 20:18:57 2017 daemon.info : 00[NET] installing IKE bypass policy failed
Thu Feb 9 20:18:57 2017 daemon.info : 00[NET] installing IKE bypass policy failed
Thu Feb 9 20:18:57 2017 daemon.info : 00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed
Thu Feb 9 20:18:57 2017 daemon.info : 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUSTOM:kernel-ipsec
Thu Feb 9 20:18:57 2017 daemon.info : 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Thu Feb 9 20:18:57 2017 daemon.info : 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Thu Feb 9 20:18:57 2017 daemon.info : 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Thu Feb 9 20:18:57 2017 daemon.info : 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Thu Feb 9 20:18:57 2017 daemon.info : 00[CFG] loading crls from '/etc/ipsec.d/crls'
Thu Feb 9 20:18:57 2017 daemon.info : 00[CFG] loading secrets from '/etc/ipsec.secrets'
Thu Feb 9 20:18:57 2017 daemon.info : 00[LIB] failed to load 1 critical plugin feature
Thu Feb 9 20:18:57 2017 daemon.info : 00[DMN] initialization failed - aborting charon
Thu Feb 9 20:18:57 2017 authpriv.info ipsec_starter[2091]: charon has quit: initialization failed
Thu Feb 9 20:18:57 2017 authpriv.info ipsec_starter[2091]: charon refused to be started
Thu Feb 9 20:18:57 2017 authpriv.info ipsec_starter[2091]: ipsec starter stopped
Thu Feb 9 20:18:57 2017 daemon.info odhcpd[1766]: Initial RA router lifetime 0, 1 address(es) available on br-lan
Thu Feb 9 20:18:57 2017 daemon.info procd: - init complete -
Thu Feb 9 20:18:57 2017 daemon.info urandom_seed[2169]: Seed saved (/etc/urandom.seed)
Thu Feb 9 20:19:01 2017 user.notice mwan3: ifup interface wan (eth1)
Thu Feb 9 20:19:03 2017 user.notice firewall: Reloading firewall due to ifup of wan (eth1)
Thu Feb 9 20:19:04 2017 daemon.info dnsmasq[1]: started, version 2.77test1 cachesize 150
Thu Feb 9 20:19:04 2017 daemon.info dnsmasq[1]: DNS service limited to local subnets
Thu Feb 9 20:19:04 2017 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP conntrack ipset no-auth no-DNSSEC no-ID loop-detect inotify
Thu Feb 9 20:19:04 2017 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Thu Feb 9 20:19:04 2017 daemon.info dnsmasq[1]: using local addresses only for domain lan
Thu Feb 9 20:19:04 2017 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.auto
Thu Feb 9 20:19:04 2017 daemon.info dnsmasq[1]: using local addresses only for domain lan
Thu Feb 9 20:19:04 2017 daemon.info dnsmasq[1]: using nameserver 10.0.3.1#53
Thu Feb 9 20:19:04 2017 daemon.info dnsmasq[1]: read /etc/hosts - 4 addresses
Thu Feb 9 20:19:04 2017 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg02411c - 2 addresses
Thu Feb 9 20:19:04 2017 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Thu Feb 9 20:19:05 2017 user.notice ddns-scripts[2665]: myddns_ipv4: PID '2665' started at 2017-02-09 20:19
Thu Feb 9 20:19:05 2017 user.warn ddns-scripts[2665]: myddns_ipv4: Service section disabled! - TERMINATE
Thu Feb 9 20:19:05 2017 user.warn ddns-scripts[2665]: myddns_ipv4: PID '2665' exit WITH ERROR '1' at 2017-02-09 20:19
Thu Feb 9 20:19:34 2017 daemon.info dnsmasq[1]: read /etc/hosts - 4 addresses
Thu Feb 9 20:19:34 2017 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg02411c - 2 addresses
Thu Feb 9 20:19:34 2017 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Thu Feb 9 20:25:51 2017 authpriv.info dropbear[3948]: Child connection from 10.0.3.1:56843
Thu Feb 9 20:25:56 2017 authpriv.notice dropbear[3948]: Password auth succeeded for 'root' from 10.0.3.1:56843
More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=493
More information about the lede-bugs
mailing list