[FS#493] strongSwan no known IPsec stack detected since switch to kernel 4.9

LEDE Bugs lede-bugs at lists.infradead.org
Fri Feb 10 13:23:54 PST 2017 

The following task has a new comment added:

FS#493 - strongSwan no known IPsec stack detected since switch to kernel 4.9
User who did this - KPapad (kpv)

----------
I'm attaching some more info, after re-building latest git trunk:

BusyBox v1.26.2 () built-in shell (ash)

     _________
    /        /\      _    ___ ___  ___
   /  LE    /  \    | |  | __|   \| __|
  /    DE  /    \   | |__| _|| |) | _|
 /________/  LE  \  |____|___|___/|___|                      lede-project.org
 \        \   DE /
  \    LE  \    /  -----------------------------------------------------------
   \  DE    \  /    Reboot (SNAPSHOT, r3383-0bf85ef)
    \________\/    -----------------------------------------------------------

root at LEDE:~# uname -a
Linux LEDE 4.9.8 #0 SMP Fri Feb 10 10:05:57 2017 i686 GNU/Linux

root at LEDE:~# opkg list-installed|fgrep -i ipsec
iptables-mod-ipsec - 1.4.21-2
kmod-ipsec - 4.9.8-1
kmod-ipsec4 - 4.9.8-1
kmod-ipsec6 - 4.9.8-1
kmod-ipt-ipsec - 4.9.8-1
root at LEDE:~# opkg files kmod-ipsec
Package kmod-ipsec (4.9.8-1) is installed on root and has the following files:
/lib/modules/4.9.8/af_key.ko
/lib/modules/4.9.8/xfrm_ipcomp.ko
/etc/modules.d/30-ipsec
/lib/modules/4.9.8/xfrm_user.ko
/lib/modules/4.9.8/xfrm_algo.ko
root at LEDE:~# opkg files kmod-ipsec4
Package kmod-ipsec4 (4.9.8-1) is installed on root and has the following files:
/lib/modules/4.9.8/xfrm4_tunnel.ko
/lib/modules/4.9.8/xfrm4_mode_transport.ko
/lib/modules/4.9.8/esp4.ko
/lib/modules/4.9.8/xfrm4_mode_beet.ko
/lib/modules/4.9.8/xfrm4_mode_tunnel.ko
/etc/modules.d/32-ipsec4
/lib/modules/4.9.8/ipcomp.ko
/lib/modules/4.9.8/ah4.ko
root at LEDE:~# opkg files kmod-ipsec6
Package kmod-ipsec6 (4.9.8-1) is installed on root and has the following files:
/lib/modules/4.9.8/ah6.ko
/lib/modules/4.9.8/xfrm6_mode_beet.ko
/lib/modules/4.9.8/xfrm6_mode_transport.ko
/lib/modules/4.9.8/xfrm6_mode_tunnel.ko
/lib/modules/4.9.8/esp6.ko
/lib/modules/4.9.8/ipcomp6.ko
/etc/modules.d/32-ipsec6
/lib/modules/4.9.8/xfrm6_tunnel.ko
root at LEDE:~# 
root at LEDE:~# logread |tail -100
Fri Feb 10 21:12:40 2017 user.notice : Added device handler type: bridge
Fri Feb 10 21:12:40 2017 user.notice : Added device handler type: macvlan
Fri Feb 10 21:12:40 2017 user.notice : Added device handler type: 8021ad
Fri Feb 10 21:12:40 2017 user.notice : Added device handler type: 8021q
Fri Feb 10 21:12:41 2017 authpriv.warn dropbear[1811]: Failed loading /etc/dropbear/dropbear_ecdsa_host_key
Fri Feb 10 21:12:41 2017 authpriv.info dropbear[1811]: Not backgrounding
Fri Feb 10 21:12:41 2017 kern.info kernel: [   13.426312] 8021q: adding VLAN 0 to HW filter on device eth0
Fri Feb 10 21:12:41 2017 kern.info kernel: [   13.428770] br-lan: port 1(eth0) entered blocking state
Fri Feb 10 21:12:41 2017 kern.info kernel: [   13.430726] br-lan: port 1(eth0) entered disabled state
Fri Feb 10 21:12:41 2017 kern.info kernel: [   13.433021] device eth0 entered promiscuous mode
Fri Feb 10 21:12:41 2017 kern.info kernel: [   13.455357] br-lan: port 1(eth0) entered blocking state
Fri Feb 10 21:12:41 2017 kern.info kernel: [   13.457423] br-lan: port 1(eth0) entered forwarding state
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'lan' is enabled
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'lan' is setting up now
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'lan' is now up
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'loopback' is enabled
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'loopback' is setting up now
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'loopback' is now up
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'wan' is enabled
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'wan6' is enabled
Fri Feb 10 21:12:41 2017 daemon.notice netifd: bridge 'br-lan' link is up
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'lan' has link connectivity 
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Network device 'eth0' link is up
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Network device 'lo' link is up
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'loopback' has link connectivity 
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Network device 'eth1' link is up
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'wan' has link connectivity 
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'wan' is setting up now
Fri Feb 10 21:12:41 2017 kern.info kernel: [   13.494624] 8021q: adding VLAN 0 to HW filter on device eth1
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'wan6' has link connectivity 
Fri Feb 10 21:12:41 2017 daemon.info odhcpd[1766]: Raising SIGUSR1 due to address change on br-lan
Fri Feb 10 21:12:41 2017 daemon.notice netifd: Interface 'wan6' is setting up now
Fri Feb 10 21:12:42 2017 daemon.notice netifd: wan (1945): udhcpc: started, v1.26.2
Fri Feb 10 21:12:42 2017 daemon.notice netifd: wan (1945): udhcpc: sending discover
Fri Feb 10 21:12:42 2017 daemon.notice netifd: wan (1945): udhcpc: sending select for 10.0.3.105
Fri Feb 10 21:12:42 2017 daemon.notice netifd: wan (1945): udhcpc: lease of 10.0.3.105 obtained, lease time 3600
Fri Feb 10 21:12:42 2017 daemon.notice netifd: Interface 'wan' is now up
Fri Feb 10 21:12:42 2017 daemon.err odhcp6c[1954]: Failed to send DHCPV6 message to ff02::1:2 (Address not available)
Fri Feb 10 21:12:42 2017 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Fri Feb 10 21:12:43 2017 kern.notice kernel: [   14.572176] random: crng init done
Fri Feb 10 21:12:43 2017 user.notice : no files found matching '/etc/strongswan.d/*.conf'
Fri Feb 10 21:12:43 2017 user.notice : Starting strongSwan 5.5.1 IPsec [starter]...
Fri Feb 10 21:12:43 2017 authpriv.info ipsec_starter[2060]: Starting strongSwan 5.5.1 IPsec [starter]...
Fri Feb 10 21:12:43 2017 daemon.err modprobe: failed to find dependency xfrm_algo
Fri Feb 10 21:12:43 2017 daemon.err modprobe: 1 module could not be probed
Fri Feb 10 21:12:43 2017 daemon.err modprobe: - af_key
Fri Feb 10 21:12:43 2017 authpriv.info ipsec_starter[2060]: no netkey IPsec stack detected
Fri Feb 10 21:12:43 2017 user.notice : no netkey IPsec stack detected
Fri Feb 10 21:12:43 2017 user.notice : modprobe: unrecognized option: v
Fri Feb 10 21:12:43 2017 daemon.info modprobe: Usage:
	modprobe [-q] filename
Fri Feb 10 21:12:43 2017 authpriv.info ipsec_starter[2060]: no KLIPS IPsec stack detected
Fri Feb 10 21:12:43 2017 authpriv.info ipsec_starter[2060]: no known IPsec stack detected, ignoring!
Fri Feb 10 21:12:43 2017 user.notice : no KLIPS IPsec stack detected
Fri Feb 10 21:12:43 2017 user.notice : no known IPsec stack detected, ignoring!
Fri Feb 10 21:12:43 2017 daemon.info : 00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 4.9.8, i686)
Fri Feb 10 21:12:43 2017 daemon.err modprobe: failed to find dependency xfrm_algo
Fri Feb 10 21:12:43 2017 daemon.err modprobe: 1 module could not be probed
Fri Feb 10 21:12:43 2017 daemon.err modprobe: - xfrm_user
Fri Feb 10 21:12:43 2017 daemon.info : 00[KNL] unable to create netlink socket: Protocol not supported (93)
Fri Feb 10 21:12:43 2017 daemon.info : 00[NET] installing IKE bypass policy failed
Fri Feb 10 21:12:43 2017 daemon.info : 00[NET] installing IKE bypass policy failed
Fri Feb 10 21:12:43 2017 daemon.info : 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
Fri Feb 10 21:12:43 2017 daemon.info : 00[NET] installing IKE bypass policy failed
Fri Feb 10 21:12:43 2017 daemon.info : 00[NET] installing IKE bypass policy failed
Fri Feb 10 21:12:43 2017 daemon.info : 00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed
Fri Feb 10 21:12:43 2017 daemon.info : 00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUSTOM:kernel-ipsec
Fri Feb 10 21:12:43 2017 daemon.info : 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Fri Feb 10 21:12:43 2017 daemon.info : 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Fri Feb 10 21:12:43 2017 daemon.info : 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Fri Feb 10 21:12:43 2017 daemon.info : 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Fri Feb 10 21:12:43 2017 daemon.info : 00[CFG] loading crls from '/etc/ipsec.d/crls'
Fri Feb 10 21:12:43 2017 daemon.info : 00[CFG] loading secrets from '/etc/ipsec.secrets'
Fri Feb 10 21:12:43 2017 daemon.info : 00[LIB] failed to load 1 critical plugin feature
Fri Feb 10 21:12:43 2017 daemon.info : 00[DMN] initialization failed - aborting charon
Fri Feb 10 21:12:43 2017 authpriv.info ipsec_starter[2081]: charon has quit: initialization failed
Fri Feb 10 21:12:43 2017 authpriv.info ipsec_starter[2081]: charon refused to be started
Fri Feb 10 21:12:43 2017 authpriv.info ipsec_starter[2081]: ipsec starter stopped
Fri Feb 10 21:12:43 2017 daemon.info odhcpd[1766]: Initial RA router lifetime 0, 1 address(es) available on br-lan
Fri Feb 10 21:12:43 2017 daemon.err odhcp6c[1954]: Failed to send DHCPV6 message to ff02::1:2 (Address not available)
Fri Feb 10 21:12:44 2017 daemon.info procd: - init complete -
Fri Feb 10 21:12:44 2017 daemon.info urandom_seed[2177]: Seed saved (/etc/urandom.seed)
Fri Feb 10 21:12:50 2017 user.notice firewall: Reloading firewall due to ifup of wan (eth1)
Fri Feb 10 21:12:50 2017 daemon.info dnsmasq[1]: started, version 2.77test1 cachesize 150
Fri Feb 10 21:12:50 2017 daemon.info dnsmasq[1]: DNS service limited to local subnets
Fri Feb 10 21:12:50 2017 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP conntrack ipset no-auth no-DNSSEC no-ID loop-detect inotify
Fri Feb 10 21:12:50 2017 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Fri Feb 10 21:12:50 2017 daemon.info dnsmasq[1]: using local addresses only for domain lan
Fri Feb 10 21:12:50 2017 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.auto
Fri Feb 10 21:12:50 2017 daemon.info dnsmasq[1]: using local addresses only for domain lan
Fri Feb 10 21:12:50 2017 daemon.info dnsmasq[1]: using nameserver 10.0.3.1#53
Fri Feb 10 21:12:50 2017 daemon.info dnsmasq[1]: read /etc/hosts - 4 addresses
Fri Feb 10 21:12:50 2017 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg02411c - 2 addresses
Fri Feb 10 21:12:50 2017 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Fri Feb 10 21:12:51 2017 user.notice ddns-scripts[2689]: myddns_ipv4: PID '2689' started at 2017-02-10 21:12
Fri Feb 10 21:12:51 2017 user.warn ddns-scripts[2689]: myddns_ipv4: Service section disabled! - TERMINATE
Fri Feb 10 21:12:51 2017 user.warn ddns-scripts[2689]: myddns_ipv4: PID '2689' exit WITH ERROR '1' at 2017-02-10 21:12
Fri Feb 10 21:14:03 2017 authpriv.info dropbear[2980]: Child connection from 10.0.3.1:58973
Fri Feb 10 21:14:06 2017 authpriv.notice dropbear[2980]: Password auth succeeded for 'root' from 10.0.3.1:58973
----------

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=493#comment1694

More information about the lede-bugs mailing list