[Swan] Ipsec auto --up

John Crisp jcrisp at safeandsoundit.co.uk
Thu Dec 3 20:31:03 UTC 2015



On 3 December 2015 18:55:20 CET, Paul Wouters <paul at nohats.ca> wrote:
>On Thu, 3 Dec 2015, John Crisp wrote:

>>
>> system("/usr/sbin/ipsec auto --up $ipsecprop");
>
>You can try:
>
>system("/usr/sbin/ipsec auto --asynchronous --up $ipsecprop");
>
>but you will not get any reporting on the command line (but it will be
>in the logs)
>

That might work... it's really like 'fire & forget' so 'add' just gets a 'start' connection chiselling away... my script shouldn't have to wait or report on it


>> But if I use it in a script, the script hangs when a connection
>cannot
>> be made. It also logs the first few lines of the connection attempt
>to
>> the system log :
>
>We did fix a bug that caused add or replace to take a very long time to
>fail. Can you try 3.16rc2 from download.libreswan.org/development/ ?
>

Ok, Will do. I have seen some inconsistent behaviour when testing if I replace/add etc several times in a short space of time either manually or via my script but assumed it was me being stupid... !


>> It then carries on logging in pluto.log but my perl scripts is just
>hung
>> there.
>
>I wonder if there is a leaking filedescriptor somewhere....
>

Uh oh.... now you are going to get me lost :-)

>> What I don't understand is why --replace works and --add doesn't.
>
>That is very strange because if you look in programs/auto/auto.in you
>can see that "add" and "replace" are actually both eaten up when it
>calls addconn. There cannot be a difference in behaviour between the
>two. (addconn implicitely treats add as replace)
>


Ok, I'll go browse thanks Paul. If I can get over this I have a nice simple (as simple as ipsec gets!l) workable solution.


B. Rgds
John
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.


More information about the Swan mailing list