# Strongswan configuration on FreeBSD 8.1



## INE (Oct 13, 2010)

Hi all,

I have some troubles with using Strongswan 4.4.0 on FreeBSD 8.1. I've already recompiled the kernel with 

```
options IPSEC
device  crypto
```

Yet I cannot start the daemon because the system cannot identify any IPsec stack.

The actual console messages are:


```
Starting strongSwan 4.4.0 IPsec [starter]...
charon is already running (/var/run/charon.pid exists) -- skipping charon start
no netkey IPsec stack detected
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!
starter is already running (/var/run/starter.pid exists) -- no fork done
```

Hope experienced users can help me solve this problem.

Thanks a lot in advance.


----------



## dulemars (Oct 15, 2010)

I think you need to enable FreeBSD-specific IPSEC stack support for StrongSWAN, check this out:

http://wiki.strongswan.org/wiki/1/FreeBSD


----------



## Al-ndr (Nov 7, 2010)

Hi,

I have the same problem with strongSwan 4.5.0.

Can you explain how to "enable FreeBSD-specific IPSEC stack support"?


----------



## dulemars (Nov 8, 2010)

Build custom kernel, as described here: 

http://www.freebsd.org/doc/handbook/kernelconfig-building.html

and during its configuration enable options mentioned in a link I previously posted.


----------



## INE (Nov 9, 2010)

Hi, if you are not limited to using the Freebsd as the OS, you can choose to use opensuse, because they have the binary code there which is easy to install. and can be started with no problem.


----------



## dulemars (Nov 9, 2010)

And if you are not limited with money, you can take Windows server, because it has the binary code there which is easy to install. and can be started with no problem.

Geez.x(


----------



## DutchDaemon (Nov 9, 2010)

Right, instead of throwing non-solutions around, why not test, and report back on, the solution that was gracefully posted by dulemars, people?


----------



## Al-ndr (Nov 9, 2010)

Thank you for answers. I compiled kernel with following options:

```
options IPSEC
device crypto
```
Then I typed command: [cmd=]/sbin/sysctl -a | grep ipsec[/cmd]:

```
net.inet.ipsec.def_policy: 1
net.inet.ipsec.esp_trans_deflev: 1
net.inet.ipsec.esp_net_deflev: 1
net.inet.ipsec.ah_trans_deflev: 1
net.inet.ipsec.ah_net_deflev: 1
net.inet.ipsec.ah_cleartos: 1
net.inet.ipsec.ah_offsetmask: 0
net.inet.ipsec.dfbit: 0
net.inet.ipsec.ecn: 0
net.inet.ipsec.debug: 0
net.inet.ipsec.filtertunnel: 0
net.inet.ipsec.crypto_support: 50331648
net.inet6.ipsec6.def_policy: 1
net.inet6.ipsec6.esp_trans_deflev: 1
net.inet6.ipsec6.esp_net_deflev: 1
net.inet6.ipsec6.ah_trans_deflev: 1
net.inet6.ipsec6.ah_net_deflev: 1
net.inet6.ipsec6.ecn: 0
net.inet6.ipsec6.debug: 0
net.inet6.ipsec6.filtertunnel: 0
```

Then [cmd=]ipsec start[/cmd]:

```
Starting strongSwan 4.5.0 IPsec [starter]...
no netkey IPsec stack detected
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!
```

I have tried precompiled package strongswan-4.4.0.tbz and I compiled strongswan-4.5.0.tar.gz with options from http://wiki.strongswan.org/wiki/1/FreeBSD.

It doesn't work.

Does anybody have any new suggestions?


----------



## dulemars (Nov 10, 2010)

Maybe you should try StrongSwan 4.4.0 from FreeBSD ports, if there isn't any particular reason why you have to use 4.5.0 ? I can't test your setup at the moment, but I'll try it in a few days, when my job allows me...


----------



## dulemars (Nov 10, 2010)

Ah, sorry, you've tried it... My mistake...


----------



## Al-ndr (Nov 10, 2010)

Thank you. Waiting for results.


----------



## CmdLnKid (Mar 3, 2012)

Little old but in-case someone finds this like me...

Known Problems

    Starter does not yet use the modular kernel interfaces, thus, when it tries to detect an IPsec stack it fails:

    Starting strongSwan 4.x.x IPsec [starter]...
    no netkey IPsec stack detected
    no KLIPS IPsec stack detected
    no known IPsec stack detected, ignoring!

Fortunately, this detection is not really needed on FreeBSD so simply ignore this message

http://wiki.strongswan.org/projects/strongswan/wiki/FreeBSD


----------

