[Swan] Need debugging pointer between libreswan and ASA5550

T.J. Yang tjyang2001 at gmail.com
Fri Mar 8 21:19:20 EET 2013


On Fri, Mar 8, 2013 at 12:54 PM, Paul Wouters <pwouters at redhat.com> wrote:

> On Fri, 8 Mar 2013, T.J. Yang wrote:
>
>        I know there was an SElinux policy with include files that Tuomo
>> ran into. You might want to run a test with SElinux in
>>       permissive mode for that.
>>
>>
>> My selinux indeed was at enforced mode(hmm, but his work with openwan),I
>> have it set as disabled now and "auto=start" still didn't bring
>> up the connection automatically.
>> A manual startup still needed.
>>
>> [root at mlab-centos6-01 ~]# grep ^SELINUX= /etc/selinux/config
>> SELINUX=disabled
>>
>
> That does not mean it is disabled. Run "getenforce" instead.
>
>
Sorry, I wasn't able to  hide my ignorance about SELinux.

[root at mlab-centos6-01 ~]# getenforce
Permissive
[root at mlab-centos6-01 ~]# setenforce Permissive
[root at mlab-centos6-01 ~]#

Once I set it to Permissive mode by setenforce, I am able to see the
connection log in /var/log/ipsec.log when restarting ipsec.

tj


>  [root at mlab-centos6-01 ~]# ipsec version
>> Linux Libreswan 3.0 (netkey) on 2.6.32-279.22.1.el6.x86_64
>>
>
> This might be fixed in the latest dr releases or git. I cannot tell what
> version this is?
>
> Paul
>



-- 
T.J. Yang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130308/dac85c27/attachment.html>


More information about the Swan mailing list