Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipsec: Not well-formed (invalid token) at line 1 in /tmp/strongswan_leases.xml error #139

Closed
fichtner opened this issue Apr 13, 2015 · 8 comments
Closed

ipsec: Not well-formed (invalid token) at line 1 in /tmp/strongswan_leases.xml error #139

fichtner opened this issue Apr 13, 2015 · 8 comments
Assignees
@AdSchellevis
Labels
bug Production bug
Milestone
16.1

Comments

@fichtner
Copy link
Member 

opnsense: /diag_ipsec_leases.php: XML error: Not well-formed (invalid token) at line 1 in /tmp/strongswan_leases.xml
opnsense: /index.php: XML error: Not well-formed (invalid token) at line 1 in /tmp/strongswan_leases.xml
@fichtner fichtner added the bug Production bug label Apr 13, 2015
@fichtner fichtner added this to the 15.7 milestone Apr 13, 2015
@fichtner
Copy link
Member Author

From a production system -- found while skimming the logs.

@AdSchellevis
Copy link
Member

Another "nice" custom patch, /usr/local/sbin/ipsec stroke leases normally doesn't deliver xml output. Eventually we might need to look at https://wiki.strongswan.org/projects/strongswan/wiki/VICI to replace all the custom hooks and not very well supported process communication (smp) and handle the commands in the backend using configd.

@fichtner
Copy link
Member Author

Agreed, that sounds a lot better...

@fichtner fichtner mentioned this issue Apr 15, 2015
Closed
@fichtner fichtner modified the milestones: 16.1, 15.7 Jul 1, 2015
AdSchellevis added a commit that referenced this issue Sep 4, 2015
@AdSchellevis
(legacy) fix diag_ipsec.php to be able to connect multi phase2 IKEv1 …
9b0c071 
…entries

We do need to rethink the interaction with ipsec, It looks like a strange mix of parts now.
Ideally we should ask ipsec about the connections that can be made instead of creating a strange mix of configuration and daemon entries.

related issue #139
AdSchellevis added a commit that referenced this issue Sep 9, 2015
@AdSchellevis @fichtner
(legacy) fix diag_ipsec.php to be able to connect multi phase2 IKEv1 …
30a0fc4 
…entries

We do need to rethink the interaction with ipsec, It looks like a strange mix of parts now.
Ideally we should ask ipsec about the connections that can be made instead of creating a strange mix of configuration and daemon entries.

related issue #139
AdSchellevis added a commit that referenced this issue Nov 5, 2015
@AdSchellevis
(ipsec) add status call using vici, related to #139
a876238 
First step is to switch the current status page away from legacy smp.
(work in progress)
AdSchellevis added a commit that referenced this issue Nov 10, 2015
@AdSchellevis @fichtner
(ipsec) add status call using vici, related to #139
d03698d 
First step is to switch the current status page away from legacy smp.
(work in progress)

(cherry picked from commit a876238)
@fichtner
Copy link
Member Author

This is relevant ;)

pfsense/pfsense@796b765

@AdSchellevis
Copy link
Member

I think VICI delivers the same data also, but not 100%, will have to look at that... parsing of "ipsec leases" is also an option.

@fichtner
Copy link
Member Author

Getting it all into VICI sounds like the best approach in the long run.

@AdSchellevis
Copy link
Member

I will look into that as soon as I have the time.

AdSchellevis added a commit that referenced this issue Jan 8, 2016
@AdSchellevis
(ipsec) add list pool leases script (#139)
1d1c2c6
@fichtner
Copy link
Member Author

fichtner commented Jan 8, 2016

Yay, you get one holiday well-deserved :)

AdSchellevis added a commit that referenced this issue Jan 8, 2016
@AdSchellevis @fichtner
(ipsec) add list pool leases script (#139)
8205810 
(cherry picked from commit 1d1c2c6)
AdSchellevis added a commit that referenced this issue Jan 8, 2016
@AdSchellevis @fichtner
(ipsec, legacy) add ipsec (mobile) leases to diag and widget, rename …
99f780c 
…"ipsec list_status" to "ipsec list status", closes #139

(cherry picked from commit c3135f5)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AdSchellevis AdSchellevis

Labels
bug Production bug
Milestone
16.1
Development

No branches or pull requests
2 participants
@fichtner @AdSchellevis