Bug #1168
Strongswan Manager FastCGI error
Description
Hello,
I have been trying to setup the Strongswan Manager (following the steps in the documentation).When I try to access the webpage, http://localhost/manager/status/ikesalist, I get a 500 Internal Server Error. The Apache error log depicts the following:
[:notice] [pid 10260:tid 140120419530624] FastCGI: process manager initialized (pid 10260)
[fastcgi:error] [pid 8231:tid 140548845336320] [client 127.0.0.1:43233] FastCGI: incomplete headers (0 bytes) received from server "/usr/libexec/ipsec/manager/manager.fcgi"
I am considerably new to this, and appreciate any help. Thanks!
Associated revisions
History
#1 Updated by Tobias Brunner almost 6 years ago
- File 0001-configure-Load-sha1-and-random-plugins-in-manager-by.patch 0001-configure-Load-sha1-and-random-plugins-in-manager-by.patch added
- Tracker changed from Issue to Bug
- Category set to manager
- Status changed from New to Feedback
- Target version set to 5.3.4
This seems to be due to a missing random source (used to create HTTP session IDs). In the default configuration, i.e. without the openssl or gcrypt plugins, the random plugin is the only source for random data. However, this plugin is currently not loaded by the manager. The same applies to a SHA-1 implementation (later used for the login). You may load these plugins manually by setting manager.load to pkcs1 pkcs8 pem gmp sqlite sha1 random (that's the default plugin list with sha1 and random added). You could also enable the openssl plugin as the manager loads that if it was built (you need to run make clean if you decide to change the configure options). The attached patch fixes the defaults so this should work better in the future.
Just so you know, there hasn't been any work on the manager in years.
#2 Updated by Sarat Chandra almost 6 years ago
Thank you for the patch. It works now!
On a different note, I have been trying to setup an API for strongswan daemon using the VICI protocol (https://wiki.strongswan.org/projects/strongswan/wiki/Vici. Can you provide me the details or documentation for the procedure on configuring the interface.
Thanks!
#3 Updated by Tobias Brunner almost 6 years ago
On a different note, I have been trying to setup an API for strongswan daemon using the VICI protocol (https://wiki.strongswan.org/projects/strongswan/wiki/Vici. Can you provide me the details or documentation for the procedure on configuring the interface.
What do you mean? All the available documentation is found or linked on the page you referred to.
#4 Updated by Tobias Brunner over 5 years ago
- Status changed from Feedback to Closed
- Assignee set to Tobias Brunner
- Resolution set to Fixed
configure: Load sha1 and random plugins in manager by default
If the openssl plugin is not enabled we need these to generate session
IDs and to authenticate the users.
The md4 plugin is not needed in the manager.
Fixes #1168.