Project

General

Profile

Bug #1168

Strongswan Manager FastCGI error

Added by Sarat Chandra about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Category:
manager
Target version:
Start date:
21.10.2015
Due date:
Estimated time:
Affected version:
5.3.2
Resolution:
Fixed

Description

Hello,

I have been trying to setup the Strongswan Manager (following the steps in the documentation).When I try to access the webpage, http://localhost/manager/status/ikesalist, I get a 500 Internal Server Error. The Apache error log depicts the following:

[:notice] [pid 10260:tid 140120419530624] FastCGI: process manager initialized (pid 10260)
[fastcgi:error] [pid 8231:tid 140548845336320] [client 127.0.0.1:43233] FastCGI: incomplete headers (0 bytes) received from server "/usr/libexec/ipsec/manager/manager.fcgi"

I am considerably new to this, and appreciate any help. Thanks!

Associated revisions

Revision 32ebb56c (diff)
Added by Tobias Brunner about 5 years ago

configure: Load sha1 and random plugins in manager by default

If the openssl plugin is not enabled we need these to generate session
IDs and to authenticate the users.

The md4 plugin is not needed in the manager.

Fixes #1168.

History

#1 Updated by Tobias Brunner about 5 years ago

This seems to be due to a missing random source (used to create HTTP session IDs). In the default configuration, i.e. without the openssl or gcrypt plugins, the random plugin is the only source for random data. However, this plugin is currently not loaded by the manager. The same applies to a SHA-1 implementation (later used for the login). You may load these plugins manually by setting manager.load to pkcs1 pkcs8 pem gmp sqlite sha1 random (that's the default plugin list with sha1 and random added). You could also enable the openssl plugin as the manager loads that if it was built (you need to run make clean if you decide to change the configure options). The attached patch fixes the defaults so this should work better in the future.

Just so you know, there hasn't been any work on the manager in years.

#2 Updated by Sarat Chandra about 5 years ago

Thank you for the patch. It works now!

On a different note, I have been trying to setup an API for strongswan daemon using the VICI protocol (https://wiki.strongswan.org/projects/strongswan/wiki/Vici. Can you provide me the details or documentation for the procedure on configuring the interface.

Thanks!

#3 Updated by Tobias Brunner about 5 years ago

On a different note, I have been trying to setup an API for strongswan daemon using the VICI protocol (https://wiki.strongswan.org/projects/strongswan/wiki/Vici. Can you provide me the details or documentation for the procedure on configuring the interface.

What do you mean? All the available documentation is found or linked on the page you referred to.

#4 Updated by Tobias Brunner about 5 years ago

  • Status changed from Feedback to Closed
  • Assignee set to Tobias Brunner
  • Resolution set to Fixed

Also available in: Atom PDF