[Openswan Users] Running Openswan in systemd container

Lionel H lionel_dell24 at hotmail.be
Fri Jul 8 08:05:49 EDT 2016 

Hi guys,


I am trying to deploy a VPN server (I choose Openswan flavor) into a systemd-nspawn container on a raspberry pi running Arch Linux. For now I can login into the container, ping, goes outside from within the container (I managed to bring Internet in it).


Here is my systemd config file for my container. (override.conf)

[Service]
ExecStart=
ExecStart=/usr/bin/systemd-nspawn \
    --quiet --keep-unit --boot --link-journal=try-guest \
    -D /usr/lib/machines/%I \
    --machine=%I

And here my openswan.nspawn file:

[Exec]

Capability=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Network]
Private=yes
VirtualEthernet=yes
Port=udp:500:500
Port=udp:4500:4500
Port=udp:1701:1701
Port=tcp:500:500
Port=tcp:4500:4500

From this part, I can successfully launch openswan and forward traffic from the host (raspberry-pi) into the container.

But, once I launch the VPN establishment using my smartphone, pluto is crashing with the following message.

"L2TP-PSK-NAT"[1] 178.50.79.197 #1: ABORT at /build/openswan/src/openswan-2.6.47/programs/pluto/keys.c:488
"L2TP-PSK-NAT"[1] 178.50.79.197 #1: ABORT at /build/openswan/src/openswan-2.6.47/programs/pluto/keys.c:488

So, my question is: is Openswan able to run into a systemd-container ? I know that strongswan can, but I don't want to use it...

You will find all related openswan configuration's files attached to this mail. I give you also a tcpdump capture run into the container.

My version of Openswan:  Linux Openswan U2.6.47/K4.4.13-2-ARCH (netkey)


Thanks a lot for support.[😊]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160708/ab6de399/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OutlookEmoji-😊.png
Type: image/png
Size: 488 bytes
Desc: OutlookEmoji-😊.png
URL: <http://lists.openswan.org/pipermail/users/attachments/20160708/ab6de399/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pluto.log
Type: text/x-log
Size: 12408 bytes
Desc: pluto.log
URL: <http://lists.openswan.org/pipermail/users/attachments/20160708/ab6de399/attachment-0001.bin>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipsec.conf.txt
URL: <http://lists.openswan.org/pipermail/users/attachments/20160708/ab6de399/attachment-0002.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ipsec.secrets.txt
URL: <http://lists.openswan.org/pipermail/users/attachments/20160708/ab6de399/attachment-0003.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vpn_connection.pcap
Type: application/vnd.tcpdump.pcap
Size: 6468 bytes
Desc: vpn_connection.pcap
URL: <http://lists.openswan.org/pipermail/users/attachments/20160708/ab6de399/attachment-0001.pcap>

More information about the Users mailing list