[Swan] Need debugging pointer between libreswan and ASA5550

T.J. Yang tjyang2001 at gmail.com
Fri Mar 8 21:27:52 EET 2013


On Fri, Mar 8, 2013 at 1:21 PM, Paul Wouters <pwouters at redhat.com> wrote:

> On Fri, 8 Mar 2013, T.J. Yang wrote:
>
>  That does not mean it is disabled. Run "getenforce" instead.
>>
>> Sorry, I wasn't able to  hide my ignorance about SELinux.
>>
>> [root at mlab-centos6-01 ~]# getenforce
>> Permissive
>> [root at mlab-centos6-01 ~]# setenforce Permissive
>> [root at mlab-centos6-01 ~]#
>>
>> Once I set it to Permissive mode by setenforce, I am able to see the
>> connection log in /var/log/ipsec.log when restarting ipsec.
>>
>
> Good. So that is a fix that went into the selinux-policy package, and
> should make it to your next fedora/rhel package update for
> selinux-policy.
>
>
For 3.1 release, do you have time to incorporate selinux checking into
"ipsec verify" command ?


Paul
>



-- 
T.J. Yang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130308/1c1e44ff/attachment.html>


More information about the Swan mailing list