[Swan] Cannot start ipsec service using systemd

Elison Niven elison.niven at cyberoam.com
Fri Jan 4 11:51:41 EET 2013 

Hi,

I downloaded libreswan and installed from source on Fedora 16.
# Install dependencies
$ yum install unbound-devel libcap-ng-devel xmto

# Remove openswan, racoon
$ yum remove openswan ipsec-tools

# Make and install libreswan
# make programs
$ make install

$ systemctl --system daemon-reload
$ systemctl enable ipsec.service
$ service ipsec start
Redirecting to /bin/systemctl  start ipsec.service

$ service ipsec status
Redirecting to /bin/systemctl  status ipsec.service
ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
	  Loaded: loaded (/lib/systemd/system/ipsec.service; enabled)
	  Active: failed since Fri, 04 Jan 2013 15:11:52 +0530; 2s ago
	 Process: 13445 ExecStopPost=/sbin/ip xfrm state flush (code=exited, 
status=0/SUCCESS)
	 Process: 13443 ExecStopPost=/sbin/ip xfrm policy flush (code=exited, 
status=0/SUCCESS)
	 Process: 13440 ExecStop=/usr/local/sbin/ipsec whack --shutdown 
(code=exited, status=1/FAILURE)
	 Process: 13438 ExecStart=/usr/bin/sh -c eval 
`/usr/local/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork 
$PLUTO_OPTIONS` (code=exited, status=203/EXEC)
	 Process: 13379 ExecStartPre=/usr/local/libexec/ipsec/_stackmanager 
start (code=exited, status=0/SUCCESS)
	 Process: 13376 ExecStartPre=/usr/local/sbin/ipsec addconn --config 
/etc/ipsec.conf --checkconfig (code=exited, status=0/SUCCESS)
	  CGroup: name=systemd:/system/ipsec.service


I can start pluto manually by executing the commands in the systemd unit 
file marked for ExecStartPre and ExecStart.

$ cat /etc/systemd/system/multi-user.target.wants/ipsec.service
[Unit]
Description=Internet Key Exchange (IKE) Protocol Daemon for IPsec
After=syslog.target
After=network.target
#After=remote-fs.target

[Service]
Type=simple
Restart=always
EnvironmentFile=-/etc/sysconfig/pluto
#Environment=IPSEC_LIBDIR=/usr/local/libexec/ipsec
#Environment=IPSEC_SBINDIR=/usr/local/sbin
#Environment=IPSEC_EXECDIR=/usr/local/libexec/ipsec/ipsec
#PIDFile=/var/run/pluto/pluto.pid
#
ExecStartPre=/usr/local/sbin/ipsec addconn --config /etc/ipsec.conf 
--checkconfig
ExecStartPre=/usr/local/libexec/ipsec/_stackmanager start
ExecStart=/usr/bin/sh -c 'eval `/usr/local/libexec/ipsec/pluto --config 
/etc/ipsec.conf --nofork $PLUTO_OPTIONS`'
ExecStop=/usr/local/sbin/ipsec whack --shutdown
ExecStopPost=/sbin/ip xfrm policy flush
ExecStopPost=/sbin/ip xfrm state flush
ExecReload=/usr/local/sbin/ipsec whack --listen

[Install]
WantedBy=multi-user.target
Alias=syslog.service

Any help?

-- 
Best Regards,
Elison Niven

More information about the Swan mailing list