October 9, 2015

ubuntu 14.04 strongswan not logging

It turns out that ubuntu uses "AppArmor" to limit where strongswan can write files. You can install apparmor-utils and use the command "aa-complain" to turn strongswan binaries from "enforce" mode to "complain" mode:

# apt-get install apparmor-utils
# aa-status
# aa-complain /usr/lib/ipsec/charon
Setting /usr/lib/ipsec/charon to complain mode.

Just for reference,a strongswan conf file for logging:

charon {
    reuse_ikesa = no
        threads = 32

        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf

       filelog {
               /var/log/charon.log {
                time_format = %b %e %T
                append = yes
                default = 1

This link is where I got the inspiration:

No comments:

Post a Comment