[Swan] I broke Libreswan with an SELINUX error
Paul Wouters
paul at nohats.ca
Sun Sep 22 04:39:27 EEST 2013
On Sat, 21 Sep 2013, Nick Howitt wrote:
> This is the working conn:
> conn PaulIn
> left=82.19.147.85
> right=%any
> and this one does not:
>
> conn PaulIn
> left=%defaultroute
> right=%any
In theory, we never "supposed" havng both endpoints dynamic, though it
apparently did work....
> 000 "MumIn": 172.17.2.0/24===82.19.147.85[@Nick]---82.19.147.1...82.30.103.217<82.30.103.217>===192.168.10.0/24; erouted; eroute owner:
> #4
> 000 "MumIn": oriented; my_ip=172.17.2.1; their_ip=unset;
> 000 "PaulIn": 172.17.2.0/24===82.19.147.85<82.19.147.85>[@Nick]...%any===192.168.30.0/24; unrouted; eroute owner: #0
> 000 "PaulIn": oriented; my_ip=172.17.2.1; their_ip=unset;
It seems MunIn and PaulIn are very similar connections and I think that
might have caused confusion. You could try using aggressive mode
(aggrmode=yes) and adding different leftid/rightid to those two conns.
> and FWIW, "service ipsec status" always gives:
>
> [root at server ~]# service ipsec status
> ipsec: pluto is stopped
>
> I thought we'd seen this one before and fixed it.
Hmmm. I'll check it out.
Paul
More information about the Swan
mailing list