<div dir="ltr"><div dir="ltr">Hi , <div><br></div><div>With libreswan upgrade to 4.5.x, I've noticed changes in the output of 'ipsec whack --status' command. I relied on 'IPsec SA established' to verify the active tunnels. With the upgraded version this string is not present in the output. I rather notice 'STATE_V2_ESTABLISHED_CHILD_SA (established Child SA)' and 'STATE_V2_ESTABLISHED_IKE_SA (established IKE SA)'. </div><div><br></div><div>What are your thoughts? What is the best string pattern (needle) one can use from whack status output to find the active tunnel information?</div><div><br></div><div>Also, please share details on different states for the tunnels ( STATE_V2_ESTABLISHED_CHILD_SA , STATE_V2_ESTABLISHED_IKE_SA etc etc ). </div><div><br></div><div>Thanks,</div><div>Praveen</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 22, 2022 at 12:50 PM Praveen Chavan <<a href="mailto:prawin219@gmail.com">prawin219@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi, <div><br></div><div>I'm using the Libreswan 4.5 binary package to start 'pluto' on a linux (RedHat based, customized version) machine. Moving to Binaries from source to avoid unnecessary build requirements. </div><div><br></div><div>Pluto fails to start with error, </div><div><br></div><div>Aug 22 14:48:02.318450: <b>FATAL ERROR: bind(<a href="http://0.0.0.0:500" target="_blank">0.0.0.0:500</a>) failed in find_raw_ifaces4()Address already in use</b> (errno 98)<br>Aug 22 14:48:02.318478: ABORT: ASSERTION FAILED: nr_helper_threads == 0 (free_server_helper_jobs() +595 programs/pluto/server_pool.c)<br></div><div><br></div><div>However, when using the source rpm, locally built binaries instead, this error can be resolved with following change,</div><div><br></div><div> /* in pluto/kernel_linux.c */<br> if (0){<br> ip_address any = address_any(&ipv4_info);<br> ip_endpoint any_ep = endpoint(&any, pluto_port);<br> ip_sockaddr any_sa;<br> size_t any_sa_size = endpoint_to_sockaddr(&any_ep, &any_sa);<br> if (bind(master_sock, &<a href="http://any_sa.sa" target="_blank">any_sa.sa</a>, any_sa_size) < 0)<br> EXIT_LOG_ERRNO(errno, "bind() failed in %s()", __func__);<br> }<br></div><div><br></div><div>I would like to know how one can achieve the same using the binary packages directly. I came across '--interface' and '--listen' options but didn't help. </div><div><br></div><div>Assistance would be truly appreciated. </div><div><br></div><div>Thanks,</div><div>Praveen</div></div>
</blockquote></div></div>