Join Log in
Score:1
Iqbal Farabi avatar Ubuntu

Running ipsec start failed on Ubuntu 20.04 in WSL2

us flag
Iqbal Farabi

I set up a VPN connection to my office's network using StrongSwan. This is on Ubuntu 20.04, running on WSL2 with Windows 10 host.

The Steps

The following is the complete steps that I did.

  1. Install:
sudo apt install strongswan libstrongswan-extra-plugins libcharon-extra-plugins
  1. /etc/ipsec.conf:
conn office
    keyexchange=ikev2
    type=tunnel
    #ike=aes256-sha1-modp1024,3des-sha1-modp1024!
    #esp=aes256-sha1,3des-sha1!
    forceencaps=yes
    lifetime=1800
    rightsendcert=always
    rightsubnet=0.0.0.0/0
    #rightsubnet=%dynamic
    #rightsourceip=%config4
    #rightfirewall=yes
    rightauth=pubkey
    left=%defaultroute
    #leftsubnet=%dynamic
    leftsourceip=%config4
    leftid=any
    leftauth=eap-mschapv2
    eap_identity=user.name
    auto=add
include /etc/ipsec.conf.office
  1. /etc/ipsec.conf.office:
conn office-staging
    also=office
    right=office-staging.office.fqdn.here
    rightid=office-staging.office.fqdn.here
  1. /etc/ipsec.secrets:
# This file holds shared secrets or RSA private keys for authentication.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.

include /var/lib/strongswan/ipsec.secrets.inc
  1. /var/lib/strongswan/ipsec.secrets.inc:
user.name: EAP password

The Error

When I run sudo ipsec start, it does not work. Following is the log when I give --nofork argument:

Starting strongSwan 5.6.2 IPsec [starter]...
no netkey IPsec stack detected
no KLIPS IPsec stack detected
no known IPsec stack detected, ignoring!
00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.4.0-19041-Microsoft, x86_64)
00[CFG] PKCS11 module '<name>' lacks library path
00[CFG] disabling load-tester plugin, not configured
00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
00[NET] opening ARP packet socket failed: Address family not supported by protocol
00[LIB] plugin 'farp': failed to load - farp_plugin_create returned NULL
00[KNL] unable to create netlink socket: Protocol not supported (93)
00[NET] installing IKE bypass policy failed
00[NET] installing IKE bypass policy failed
00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
00[NET] installing IKE bypass policy failed
00[NET] installing IKE bypass policy failed
00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUSTOM:kernel-ipsec
00[CFG] dnscert plugin is disabled
00[CFG] ipseckey plugin is disabled
00[CFG] attr-sql plugin: database URI not set
00[KNL] netlink write error: Operation not supported
00[KNL] unable to create IPv4 routing table rule
00[KNL] netlink write error: Operation not supported
00[KNL] unable to create IPv6 routing table rule
00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
00[CFG]   loaded ca certificate "C=US, O=Internet Security Research Group, CN=ISRG Root X1" from '/etc/ipsec.d/cacerts/isrgrootx1.pem'
00[CFG]   loaded ca certificate "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3" from '/etc/ipsec.d/cacerts/letsencryptauthorityx3.pem'
00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
00[CFG] loading crls from '/etc/ipsec.d/crls'
00[CFG] loading secrets from '/etc/ipsec.secrets'
00[CFG] loading secrets from '/var/lib/strongswan/ipsec.secrets.inc'
00[CFG]   loaded EAP secret for user.name
00[CFG] sql plugin: database URI not set
00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
00[CFG] eap-simaka-sql database URI missing
00[CFG] loaded 0 RADIUS server configurations
00[NET] opening DHCP receive socket failed: Address family not supported by protocol
00[CFG] HA config misses local/remote address
00[CFG] no threshold configured for systime-fix, disabled
00[CFG] coupling file path unspecified
00[LIB] failed to load 1 critical plugin feature
00[DMN] initialization failed - aborting charon
00[KNL] netlink write error: Operation not supported
00[KNL] netlink write error: Operation not supported
charon has quit: initialization failed
charon refused to be started
ipsec starter stopped

Any idea what I might have missed? Thanks in advance.

527
0 + 0
vpn
Nmath avatar
ng flag
Nmath
I don't think this is possible with WSL since you are not running Ubuntu on bare metal. You should connect to your VPN in Windows. Windows shares its internet connection with WSL.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.