pfSense

Some users on 2.4.4 and 2.4.5 snapshots with strongSwan 5.7.1 have found that IPsec is not working.
strongSwan will not start, and the IPsec log shows the following error:

charon has quit: integrity test of libstrongswan failed

See also: https://forum.netgate.com/post/803624

Still gathering information about what this might be. The strongSwan code has a few clues, but we need someone who can reproduce it to increase their logging/debug for "strongSwan lib" to find the specific cause, it appears.

• It could be a file/filesystem issue where it cannot find the checksum for libstrongswan, or the file size/checksum does not match the expected value ().
• It could be that it cannot find the libstrongswan library, which means we might need to run ldconfig when starting charon

So far we don't have any systems in our labs that can reproduce this condition. If anyone else can reproduce it, please take the following steps:

• Go to VPN > IPsec, Advanced tab.
• Under IPsec Logging Controls set strongSwan Lib to Highest, then Save
• Try to restart IPsec
• Look in Status > System Logs, IPsec tab for a message about why it failed. Alternately, check clog /var/log/ipsec.log from the shell.

Someone could also try killing charon and then running it again with --debug-lib=3

Keeping this assigned to me in a Feedback state since we need more information before anything can be done to work on a solution.