Flannel with ipsec

#1

Was anybody lucky to get flannel with ipsec backend working?

I see the following error:

00[DMN] Starting IKE charon daemon (strongSwan 5.6.3, Linux 4.4.176-1.el7.elrepo.x86_64, x86_64)
00[CFG] attr-sql plugin: database URI not set
00[CFG] loading ca certificates from ‘/etc/ipsec.d/cacerts’
00[CFG] loading aa certificates from ‘/etc/ipsec.d/aacerts’
00[CFG] loading ocsp signer certificates from ‘/etc/ipsec.d/ocspcerts’
00[CFG] loading attribute certificates from ‘/etc/ipsec.d/acerts’
00[CFG] loading crls from ‘/etc/ipsec.d/crls’
00[CFG] loading secrets from ‘/etc/ipsec.secrets’
00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory
00[CFG] loaded 0 RADIUS server configurations
00[CFG] HA config misses local/remote address
00[LIB] loaded plugins: charon mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 xcbc cmac curl sqlite attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-mschapv2 eap-radius eap-tls xauth-generic xauth-eap dhcp unity counters
00[LIB] initializing supplementary groups for 100 failed
00[DMN] capability dropping failed - aborting charon

if I configure the charon to use root user, it works… any ideas?

0 Likes

#2

Found the solution: run flannel in unprivleged mode.

1 Like

#3

Thanks for sharing :slight_smile:

0 Likes