[Swan] Need debugging pointer between libreswan and ASA5550
T.J. Yang
tjyang2001 at gmail.com
Fri Mar 8 21:27:52 EET 2013
On Fri, Mar 8, 2013 at 1:21 PM, Paul Wouters <pwouters at redhat.com> wrote:
> On Fri, 8 Mar 2013, T.J. Yang wrote:
>
> That does not mean it is disabled. Run "getenforce" instead.
>>
>> Sorry, I wasn't able to hide my ignorance about SELinux.
>>
>> [root at mlab-centos6-01 ~]# getenforce
>> Permissive
>> [root at mlab-centos6-01 ~]# setenforce Permissive
>> [root at mlab-centos6-01 ~]#
>>
>> Once I set it to Permissive mode by setenforce, I am able to see the
>> connection log in /var/log/ipsec.log when restarting ipsec.
>>
>
> Good. So that is a fix that went into the selinux-policy package, and
> should make it to your next fedora/rhel package update for
> selinux-policy.
>
>
For 3.1 release, do you have time to incorporate selinux checking into
"ipsec verify" command ?
Paul
>
--
T.J. Yang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130308/1c1e44ff/attachment.html>
More information about the Swan
mailing list