[Swan] ipsec won't stay running
Mike Johnston
mjohnston at wiktel.com
Wed Jun 11 16:59:07 EEST 2014
Paul,
I appreciate all of the help you have provided to me.
I guess I'm not sure exactly what package you are asking me to install.
I didn't find any packages provided by apt-get that are by that name.
libnss3 is the best match I could find, which I already had. I also
tried installing libnss3-tools with the same result.
Anyways, I had a co-worker sanity check what I am doing and he suggested
that I try installing by doing this instead:
tar -xvf libreswan-3.8.tar.gz
mv libreswan-3.8.tar.gz libreswan-3.8.orig.tar.gz
cd libreswan-3.8
debuild -uc -us
cd ../
sudo dpkg --install *.deb
I still had the same problem where ipsec wouldn't stay running, but at
least "ipsec initnss" worked this time. Once I ran through "ipsec
initnss" I started ipsec and found that it stayed running this time. My
VPN is working again.
So I don't know if it was simply that a dependency was resolved by using
the dpkg method or what...but the problem is solved now. And I have
been enlightened that this method plays much nicer with the package
manager and future updates, including those that may one day come from
apt-get and including kernel updates. So I am a lot happier with this
solution.
Thanks again!
-Mike
This appeared in my logs whenever I attempted to start ipsec:
pluto[24733]: nss directory plutomain: /etc/ipsec.d
pluto[24733]: NSS readonly initialization failed (err -8015)
Running this command is the fix, but as you can see, it wasn't working:
# ipsec initnss
Initializing NSS database
If you want to ensure the IPsec subsystem can start unattended,
use an empty password
/usr/local/sbin/ipsec: 171: /usr/local/sbin/ipsec: certutil: not found
More information about the Swan
mailing list