I installed Algovpn into AWS EC2 via the standard install script for version 2.0.1. I ran into an issue that strongswan-starter service failed with the error:
systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf.
systemd[445]: Failed to mount /run/systemd/unit-root/proc/445/net/pfkey to /run/systemd/unit-root/proc/445/net/pfkey: No such file or directory
systemd[445]: strongswan-starter.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc/445/net/pfkey: No such file or directory
systemd[445]: strongswan-starter.service: Failed at step NAMESPACE spawning /usr/sbin/ipsec: No such file or directory
systemd[1]: strongswan-starter.service: Main process exited, code=exited, status=226/NAMESPACE
systemd[1]: strongswan-starter.service: Failed with result 'exit-code'.
To overcome that I commented out "ReadOnlyPaths=/proc/net/pfkey" in /etc/systemd/system/strongswan-starter.service.d/100-CustomLimitations.conf
Then I ran into an issue with strongswan with this error:
Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf.
ipsec[436]: Starting strongSwan 5.9.5 IPsec [starter]...
ipsec[436]: charon (573) started after 240 ms
ipsec[436]: opening socket 'unix:///var/run/charon.ctl' failed: Address family not supported by protocol
ipsec[436]: failed to connect to stroke socket 'unix:///var/run/charon.ctl'\
To overcome that I added "AF_UNIX" to the end of the line for RestrictAddressFamilies ("RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_PACKET AF_UNIX")
That got it up an running for me, but I don't know if that was the best approach. Looking for any feedback
I installed Algovpn into AWS EC2 via the standard install script for version 2.0.1. I ran into an issue that strongswan-starter service failed with the error:
systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf.
systemd[445]: Failed to mount /run/systemd/unit-root/proc/445/net/pfkey to /run/systemd/unit-root/proc/445/net/pfkey: No such file or directory
systemd[445]: strongswan-starter.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc/445/net/pfkey: No such file or directory
systemd[445]: strongswan-starter.service: Failed at step NAMESPACE spawning /usr/sbin/ipsec: No such file or directory
systemd[1]: strongswan-starter.service: Main process exited, code=exited, status=226/NAMESPACE
systemd[1]: strongswan-starter.service: Failed with result 'exit-code'.
To overcome that I commented out "ReadOnlyPaths=/proc/net/pfkey" in /etc/systemd/system/strongswan-starter.service.d/100-CustomLimitations.conf
Then I ran into an issue with strongswan with this error:
Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf.
ipsec[436]: Starting strongSwan 5.9.5 IPsec [starter]...
ipsec[436]: charon (573) started after 240 ms
ipsec[436]: opening socket 'unix:///var/run/charon.ctl' failed: Address family not supported by protocol
ipsec[436]: failed to connect to stroke socket 'unix:///var/run/charon.ctl'\
To overcome that I added "AF_UNIX" to the end of the line for RestrictAddressFamilies ("RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_PACKET AF_UNIX")
That got it up an running for me, but I don't know if that was the best approach. Looking for any feedback