I set up a VPN connection to my office's network using StrongSwan. This is on Ubuntu 20.04, running on WSL2 with Windows 10 host.
The Steps
The following is the complete steps that I did.
- Install:
sudo apt install strongswan libstrongswan-extra-plugins libcharon-extra-plugins
- /etc/ipsec.conf:
conn office
keyexchange=ikev2
type=tunnel
forceencaps=yes
lifetime=1800
rightsendcert=always
rightsubnet=0.0.0.0/0
rightauth=pubkey
left=%defaultroute
leftsourceip=%config4
leftid=any
leftauth=eap-mschapv2
eap_identity=user.name
auto=add
include /etc/ipsec.conf.office
- /etc/ipsec.conf.office:
conn office-staging
also=office
right=office-staging.office.fqdn.here
rightid=office-staging.office.fqdn.here
- /etc/ipsec.secrets:
include /var/lib/strongswan/ipsec.secrets.inc
- /var/lib/strongswan/ipsec.secrets.inc:
user.name: EAP password
The Error
When I run sudo ipsec start
, it does not work. Following is the log when I give --nofork
argument:
Starting strongSwan 5.6.2 IPsec [starter]...
no netkey IPsec stack detected
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!
00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.4.0-19041-Microsoft, x86_64)
00[CFG] PKCS11 module
00[CFG] disabling load-tester plugin, not configured
00[LIB] plugin
00[NET] opening ARP packet socket failed: Address family not supported by protocol
00[LIB] plugin
00[KNL] unable to create netlink socket: Protocol not supported (93)
00[NET] installing IKE bypass policy failed
00[NET] installing IKE bypass policy failed
00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
00[NET] installing IKE bypass policy failed
00[NET] installing IKE bypass policy failed
00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed
00[LIB] feature CUSTOM:libcharon in critical plugin
00[CFG] dnscert plugin is disabled
00[CFG] ipseckey plugin is disabled
00[CFG] attr-sql plugin: database URI not set
00[KNL] netlink write error: Operation not supported
00[KNL] unable to create IPv4 routing table rule
00[KNL] netlink write error: Operation not supported
00[KNL] unable to create IPv6 routing table rule
00[CFG] loading ca certificates from
00[CFG] loaded ca certificate "C=US, O=Internet Security Research Group, CN=ISRG Root X1" from
00[CFG] loaded ca certificate "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3" from
00[CFG] loading aa certificates from
00[CFG] loading ocsp signer certificates from
00[CFG] loading attribute certificates from
00[CFG] loading crls from
00[CFG] loading secrets from
00[CFG] loading secrets from
00[CFG] loaded EAP secret for user.name
00[CFG] sql plugin: database URI not set
00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
00[CFG] eap-simaka-sql database URI missing
00[CFG] loaded 0 RADIUS server configurations
00[NET] opening DHCP receive socket failed: Address family not supported by protocol
00[CFG] HA config misses local/remote address
00[CFG] no threshold configured for systime-fix, disabled
00[CFG] coupling file path unspecified
00[LIB] failed to load 1 critical plugin feature
00[DMN] initialization failed - aborting charon
00[KNL] netlink write error: Operation not supported
00[KNL] netlink write error: Operation not supported
charon has quit: initialization failed
charon refused to be started
ipsec starter stopped
Any idea what I might have missed? Thanks in advance.