[Swan] Need debugging pointer between libreswan and ASA5550
T.J. Yang
tjyang2001 at gmail.com
Fri Mar 8 21:19:20 EET 2013
On Fri, Mar 8, 2013 at 12:54 PM, Paul Wouters <pwouters at redhat.com> wrote:
> On Fri, 8 Mar 2013, T.J. Yang wrote:
>
> I know there was an SElinux policy with include files that Tuomo
>> ran into. You might want to run a test with SElinux in
>> permissive mode for that.
>>
>>
>> My selinux indeed was at enforced mode(hmm, but his work with openwan),I
>> have it set as disabled now and "auto=start" still didn't bring
>> up the connection automatically.
>> A manual startup still needed.
>>
>> [root at mlab-centos6-01 ~]# grep ^SELINUX= /etc/selinux/config
>> SELINUX=disabled
>>
>
> That does not mean it is disabled. Run "getenforce" instead.
>
>
Sorry, I wasn't able to hide my ignorance about SELinux.
[root at mlab-centos6-01 ~]# getenforce
Permissive
[root at mlab-centos6-01 ~]# setenforce Permissive
[root at mlab-centos6-01 ~]#
Once I set it to Permissive mode by setenforce, I am able to see the
connection log in /var/log/ipsec.log when restarting ipsec.
tj
> [root at mlab-centos6-01 ~]# ipsec version
>> Linux Libreswan 3.0 (netkey) on 2.6.32-279.22.1.el6.x86_64
>>
>
> This might be fixed in the latest dr releases or git. I cannot tell what
> version this is?
>
> Paul
>
--
T.J. Yang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130308/dac85c27/attachment.html>
More information about the Swan
mailing list