[Swan] "systemctl stop ipsec" does not stop pluto

Paul Wouters paul at nohats.ca
Fri May 19 15:22:22 UTC 2017


On Thu, 18 May 2017, Martin T wrote:

> I installed Libreswan 3.20 under OpenSUSE 42.1 and it has following
> options in ipsec.service unit file:
>
> ExecStart=/usr/lib/ipsec/pluto --leak-detective --config
> /etc/ipsec.conf --nofork
> ExecStop=/usr/lib/ipsec/whack --shutdown
>
>
> As I understand, this should mean that pluto should be stopped with
> "whack --shutdown" command. However, "systemctl stop ipsec.service"
> command hangs until watchdog kicks in and if I execute "whack
> --shutdown" manually using "strace -f", then following can be seen:

[hangs]

Odd, can you tell me what happens when you run: killall -SIGTERM pluto
That should do the same thing as whack --shutdown but won't use the
socket. Then we know if it is pluto that's failing to die, or something
weird with reading/writing the socket?

Is there any apparmor or selinux policies that you could temporarilly
disable to see if those are causing this?

Paul


More information about the Swan mailing list