systemctl `strongswan.service` should be disabled (or [[ https://github.com/vyos/vyos-1x/commit/6857447bf6acba3537d5e5372cd320aef078b81e | not ]] ?)
https://github.com/vyos/vyos-build/blob/e62acee962eb857267047a5fffa8d3f182eab359/data/live-build-config/hooks/live/18-enable-disable_services.chroot#L53
https://github.com/strongswan/strongswan/discussions/1390
But we get it started/active.
```
vyos@r14:~$ sudo systemctl status strongswan.service
● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl
Loaded: loaded (/lib/systemd/system/strongswan.service; disabled; vendor preset: enabled)
Active: active (running) since Sun 2023-01-08 15:10:21 EET; 14min ago
Process: 5504 ExecStartPost=/usr/sbin/swanctl --load-all --noprompt (code=exited, status=0/SUCCESS)
Process: 5989 ExecReload=/usr/sbin/swanctl --reload (code=exited, status=0/SUCCESS)
Process: 5994 ExecReload=/usr/sbin/swanctl --load-all --noprompt (code=exited, status=0/SUCCESS)
Main PID: 5487 (charon-systemd)
Status: "charon-systemd running, strongSwan 5.9.8, Linux 5.15.86-amd64-vyos, x86_64"
Tasks: 17 (limit: 9401)
Memory: 4.1M
CPU: 101ms
CGroup: /system.slice/strongswan.service
└─5487 /usr/sbin/charon-systemd
```
It overlaps with our started service via CLI:
```
vyos@r14:~$ ps ax | grep charon
5487 ? Ssl 0:00 /usr/sbin/charon-systemd
7437 ? Ss 0:00 /usr/lib/ipsec/starter --daemon charon
7438 ? Ssl 0:00 /usr/lib/ipsec/charon --use-syslog
7482 pts/0 S+ 0:00 grep charon
```
It causes IPsec doesn't work and Phase1 cannot be established.
```
Jan 08 15:17:57 r14 ipsec_starter[7424]: Starting strongSwan 5.9.8 IPsec [starter]...
Jan 08 15:17:57 r14 sudo[7423]: pam_unix(sudo:session): session closed for user root
Jan 08 15:17:57 r14 charon[7438]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.8, Linux 5.15.86-amd64-vyos, x86_64)
Jan 08 15:17:57 r14 charon[7438]: 00[CFG] PKCS11 module '<name>' lacks library path
Jan 08 15:17:57 r14 charon[7438]: 00[PTS] TPM 2.0 - could not load "libtss2-tcti-tabrmd.so.0"
Jan 08 15:17:57 r14 charon[7438]: 00[LIB] plugin 'tpm': failed to load - tpm_plugin_create returned NULL
Jan 08 15:17:57 r14 charon[7438]: 00[NET] unable to bind socket: Address already in use
Jan 08 15:17:57 r14 charon[7438]: 00[NET] could not open IPv6 socket, IPv6 disabled
Jan 08 15:17:57 r14 charon[7438]: 00[NET] unable to bind socket: Address already in use
Jan 08 15:17:57 r14 charon[7438]: 00[NET] could not open IPv4 socket, IPv4 disabled
Jan 08 15:17:57 r14 charon[7438]: 00[NET] could not create any sockets
Jan 08 15:17:57 r14 charon[7438]: 00[NET] using forecast interface eth0
Jan 08 15:17:57 r14 charon[7438]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
Jan 08 15:17:57 r14 charon[7438]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jan 08 15:17:57 r14 charon[7438]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jan 08 15:17:57 r14 charon[7438]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jan 08 15:17:57 r14 charon[7438]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jan 08 15:17:57 r14 charon[7438]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jan 08 15:17:57 r14 charon[7438]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jan 08 15:17:57 r14 charon[7438]: 00[CFG] loaded 0 RADIUS server configurations
Jan 08 15:17:57 r14 charon[7438]: 00[CFG] HA config misses local/remote address
Jan 08 15:17:57 r14 charon[7438]: 00[LIB] loaded plugins: charon test-vectors pkcs11 aesni aes rc2 sha2 sha1 md5 mgf1 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm drbg curl attr kernel-netlink resolve socket-default connmark forecast stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire addrblock counters
Jan 08 15:17:57 r14 charon[7438]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Jan 08 15:17:57 r14 charon[7438]: 00[JOB] spawning 16 worker threads
Jan 08 15:17:57 r14 charon[7438]: 03[NET] no socket implementation registered, receiving failed
Jan 08 15:17:57 r14 ipsec_starter[7437]: charon (7438) started after 20 ms
Jan 08 15:18:00 r14 sudo[7456]: vyos : TTY=pts/1 ; PWD=/home/vyos ; USER=root ; COMMAND=/usr/sbin/swanctl -q
Jan 08 15:18:00 r14 sudo[7456]: pam_unix(sudo:session): session opened for user root(uid=0) by vyos(uid=1003)
Jan 08 15:18:00 r14 charon[7438]: 15[CFG] loaded IKE shared key with id 'ike_OFFICE-B' for: '192.0.2.1', '192.0.2.2', '192.0.2.1', '192.0.2.2'
Jan 08 15:18:00 r14 charon[7438]: 07[CFG] loaded IKE shared key with id 'ike_OFFICE-C' for: '203.0.113.1', '203.0.113.2', '203.0.113.1', '203.0.113.2'
Jan 08 15:18:00 r14 charon[7438]: 13[CFG] added vici connection: OFFICE-B
Jan 08 15:18:00 r14 charon[7438]: 13[CFG] initiating 'OFFICE-B-tunnel-0'
Jan 08 15:18:00 r14 charon[7438]: 13[IKE] <OFFICE-B|1> initiating Main Mode IKE_SA OFFICE-B[1] to 192.0.2.2
Jan 08 15:18:00 r14 charon[7438]: 13[ENC] <OFFICE-B|1> generating ID_PROT request 0 [ SA V V V V V ]
Jan 08 15:18:00 r14 charon[7438]: 13[NET] <OFFICE-B|1> sending packet: from 192.0.2.1 to 192.0.2.2[500] (180 bytes)
Jan 08 15:18:00 r14 charon[7438]: 04[NET] no socket implementation registered, sending failed
Jan 08 15:18:00 r14 charon[7438]: 16[CFG] added vici connection: OFFICE-C
Jan 08 15:18:00 r14 charon[7438]: 16[CFG] initiating 'OFFICE-C-tunnel-0'
Jan 08 15:18:00 r14 charon[7438]: 16[IKE] <OFFICE-C|2> initiating Main Mode IKE_SA OFFICE-C[2] to 203.0.113.2
Jan 08 15:18:00 r14 charon[7438]: 16[ENC] <OFFICE-C|2> generating ID_PROT request 0 [ SA V V V V V ]
Jan 08 15:18:00 r14 charon[7438]: 16[NET] <OFFICE-C|2> sending packet: from 203.0.113.1 to 203.0.113.2[500] (180 bytes)
Jan 08 15:18:00 r14 charon[7438]: 04[NET] no socket implementation registered, sending failed
Jan 08 15:18:00 r14 sudo[7456]: pam_unix(sudo:session): session closed for user root
Jan 08 15:18:04 r14 charon[7438]: 09[IKE] <OFFICE-B|1> sending retransmit 1 of request message ID 0, seq 1
Jan 08 15:18:04 r14 charon[7438]: 09[NET] <OFFICE-B|1> sending packet: from 192.0.2.1 to 192.0.2.2[500] (180 bytes)
Jan 08 15:18:04 r14 charon[7438]: 04[NET] no socket implementation registered, sending failed
Jan 08 15:18:04 r14 charon[7438]: 11[IKE] <OFFICE-C|2> sending retransmit 1 of request message ID 0, seq 1
Jan 08 15:18:04 r14 charon[7438]: 11[NET] <OFFICE-C|2> sending packet: from 203.0.113.1 to 203.0.113.2[500] (180 bytes)
Jan 08 15:18:04 r14 charon[7438]: 04[NET] no socket implementation registered, sending failed
```
Output:
```
vyos@r14:~$ show vpn ipsec sa
Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal
------------ ------- -------- -------------- ---------------- ---------------- ----------- ----------
vyos@r14:~$
vyos@r14:~$ show vpn ike sa
Peer ID / IP Local ID / IP
------------ -------------
203.0.113.2 203.0.113.1
State IKEVer Encrypt Hash D-H Group NAT-T A-Time L-Time
----- ------ ------- ---- --------- ----- ------ ------
down IKEv1 n/a n/a n/a no 0 0
Peer ID / IP Local ID / IP
------------ -------------
192.0.2.2 192.0.2.1
State IKEVer Encrypt Hash D-H Group NAT-T A-Time L-Time
----- ------ ------- ---- --------- ----- ------ ------
down IKEv1 n/a n/a n/a no 0 0
```
Stop service and fix the issue:
```
vyos@r14:~$ sudo systemctl stop strongswan.service
vyos@r14:~$ show vpn ipsec sa
Connection State Uptime Bytes In/Out Packets In/Out Remote address Remote ID Proposal
----------------- ------- -------- -------------- ---------------- ---------------- ----------- ---------------------------------------
OFFICE-B-tunnel-0 up 2s 0B/0B 0/0 192.0.2.2 192.0.2.2 AES_CBC_256/HMAC_SHA2_256_128/MODP_1024
OFFICE-C-tunnel-0 up 2s 0B/0B 0/0 203.0.113.2 203.0.113.2 AES_CBC_256/HMAC_SHA2_256_128/MODP_1024
vyos@r14:~$
```