New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ipsec: Not well-formed (invalid token) at line 1 in /tmp/strongswan_leases.xml error #139

Closed
fichtner opened this Issue Apr 13, 2015 · 8 comments

Comments

Projects
None yet
2 participants
@fichtner
Member

fichtner commented Apr 13, 2015

opnsense: /diag_ipsec_leases.php: XML error: Not well-formed (invalid token) at line 1 in /tmp/strongswan_leases.xml
opnsense: /index.php: XML error: Not well-formed (invalid token) at line 1 in /tmp/strongswan_leases.xml

@fichtner fichtner added the bug label Apr 13, 2015

@fichtner fichtner added this to the 15.7 milestone Apr 13, 2015

@fichtner

This comment has been minimized.

Member

fichtner commented Apr 13, 2015

From a production system -- found while skimming the logs.

@AdSchellevis

This comment has been minimized.

Member

AdSchellevis commented Apr 13, 2015

Another "nice" custom patch, /usr/local/sbin/ipsec stroke leases normally doesn't deliver xml output. Eventually we might need to look at https://wiki.strongswan.org/projects/strongswan/wiki/VICI to replace all the custom hooks and not very well supported process communication (smp) and handle the commands in the backend using configd.

@fichtner

This comment has been minimized.

Member

fichtner commented Apr 14, 2015

Agreed, that sounds a lot better...

@fichtner fichtner modified the milestones: 16.1, 15.7 Jul 1, 2015

AdSchellevis added a commit that referenced this issue Sep 4, 2015

(legacy) fix diag_ipsec.php to be able to connect multi phase2 IKEv1 …
…entries

We do need to rethink the interaction with ipsec, It looks like a strange mix of parts now.
Ideally we should ask ipsec about the connections that can be made instead of creating a strange mix of configuration and daemon entries.

related issue #139

AdSchellevis added a commit that referenced this issue Sep 9, 2015

(legacy) fix diag_ipsec.php to be able to connect multi phase2 IKEv1 …
…entries

We do need to rethink the interaction with ipsec, It looks like a strange mix of parts now.
Ideally we should ask ipsec about the connections that can be made instead of creating a strange mix of configuration and daemon entries.

related issue #139

AdSchellevis added a commit that referenced this issue Nov 5, 2015

(ipsec) add status call using vici, related to #139
First step is to switch the current status page away from legacy smp.
(work in progress)

AdSchellevis added a commit that referenced this issue Nov 10, 2015

(ipsec) add status call using vici, related to #139
First step is to switch the current status page away from legacy smp.
(work in progress)

(cherry picked from commit a876238)
@fichtner

This comment has been minimized.

Member

fichtner commented Nov 11, 2015

This is relevant ;)

pfsense/pfsense@796b765

@AdSchellevis

This comment has been minimized.

Member

AdSchellevis commented Nov 11, 2015

I think VICI delivers the same data also, but not 100%, will have to look at that... parsing of "ipsec leases" is also an option.

@fichtner

This comment has been minimized.

Member

fichtner commented Nov 11, 2015

Getting it all into VICI sounds like the best approach in the long run.

@AdSchellevis

This comment has been minimized.

Member

AdSchellevis commented Nov 11, 2015

I will look into that as soon as I have the time.

@fichtner

This comment has been minimized.

Member

fichtner commented Jan 8, 2016

Yay, you get one holiday well-deserved :)

AdSchellevis added a commit that referenced this issue Jan 8, 2016

AdSchellevis added a commit that referenced this issue Jan 8, 2016

(ipsec, legacy) add ipsec (mobile) leases to diag and widget, rename …
…"ipsec list_status" to "ipsec list status", closes #139

(cherry picked from commit c3135f5)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment