[Swan] "systemctl stop ipsec" does not stop pluto
Paul Wouters
paul at nohats.ca
Fri May 19 15:22:22 UTC 2017
On Thu, 18 May 2017, Martin T wrote:
> I installed Libreswan 3.20 under OpenSUSE 42.1 and it has following
> options in ipsec.service unit file:
>
> ExecStart=/usr/lib/ipsec/pluto --leak-detective --config
> /etc/ipsec.conf --nofork
> ExecStop=/usr/lib/ipsec/whack --shutdown
>
>
> As I understand, this should mean that pluto should be stopped with
> "whack --shutdown" command. However, "systemctl stop ipsec.service"
> command hangs until watchdog kicks in and if I execute "whack
> --shutdown" manually using "strace -f", then following can be seen:
[hangs]
Odd, can you tell me what happens when you run: killall -SIGTERM pluto
That should do the same thing as whack --shutdown but won't use the
socket. Then we know if it is pluto that's failing to die, or something
weird with reading/writing the socket?
Is there any apparmor or selinux policies that you could temporarilly
disable to see if those are causing this?
Paul
More information about the Swan
mailing list