[Swan] SELinux labeled ipsec
Paul Wouters
paul at nohats.ca
Tue Feb 7 02:24:17 UTC 2017
On Sat, 4 Feb 2017, Jeff Becker wrote:
>> Spoke too soon. I reverted to the unlabeled tunnel to test something, then
>> restarted the labeled tunnel (successfully) . Once again I couldn't ping,
>> but now tracepath didn't work either. When I run ipsec status, the tail of
>> it shows:
>>
>> 000 198.9.7.199/32:8 -1-> 198.9.7.198/32:0 => %hold 0 %acquire-netlink
>> 000 198.9.7.199/32:8 -1-> 198.9.7.198/32:0 => %hold 0 %acquire-netlink
>>
>> Can this be fixed so I get my route back? Thanks.
>>
>> -jeff
>
> For some reason, the connection comes up after waiting a while. I guess
> that's the time to acquire netlink? Thanks.
It should not take a while. It is all instant. You might want to look at
the logs to see what happened? Look for "pluto" logs in /var/log/secure.
Paul
More information about the Swan
mailing list