[Swan] Pluto not running?
Charles Van Dusen
charlie at imdgn.com
Wed Oct 25 14:35:18 UTC 2017
Hi All,
I have another new install on a raspberry pi (Raspbian stretch). With Version 3.22 I am unable to start ipsec:
The results of a verify for ipsec:
root at rpiOnboardSK:~# /usr/local/sbin/ipsec verify
Verifying installed system and configuration files
Version check and ipsec on-path [OK]
Libreswan 3.22 (netkey) on 4.9.41-v7+
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [NOT DISABLED]
Disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will act on or cause sending of bogus ICMP redirects!
ICMP default/accept_redirects [NOT DISABLED]
Disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will act on or cause sending of bogus ICMP redirects!
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [FAILED]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPS [OK]
Checking for obsolete ipsec.conf options [OK]
ipsec verify: encountered 4 errors - see 'man ipsec_verify' for help
When I try to start ipsec:
root at rpiOnboardSK:~# /usr/local/sbin/ipsec start
Redirecting to: systemctl start ipsec.service
Job for ipsec.service failed because a fatal signal was delivered to the control process.
See "systemctl status ipsec.service" and "journalctl -xe" for details.
root at rpiOnboardSK:~# systemctl status ipsec.service
● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
Loaded: loaded (/lib/systemd/system/ipsec.service; enabled; vendor preset: enabled)
Active: failed (Result: signal) since Wed 2017-10-25 10:30:23 EDT; 6s ago
Docs: man:ipsec(8)
man:pluto(8)
man:ipsec.conf(5)
Process: 3419 ExecStopPost=/usr/local/sbin/ipsec --stopnflog (code=exited, status=0/SUCCESS)
Process: 3416 ExecStopPost=/sbin/ip xfrm state flush (code=exited, status=0/SUCCESS)
Process: 3413 ExecStopPost=/sbin/ip xfrm policy flush (code=exited, status=0/SUCCESS)
Process: 3410 ExecStop=/usr/local/libexec/ipsec/whack --shutdown (code=exited, status=1/FAILURE)
Process: 3407 ExecStart=/usr/local/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork (code=killed, signal=SEGV)
Process: 3395 ExecStartPre=/usr/local/sbin/ipsec --checknflog (code=exited, status=0/SUCCESS)
Process: 3391 ExecStartPre=/usr/local/sbin/ipsec --checknss (code=exited, status=0/SUCCESS)
Process: 3224 ExecStartPre=/usr/local/libexec/ipsec/_stackmanager start (code=exited, status=0/SUCCESS)
Process: 3222 ExecStartPre=/usr/local/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig (code=exited, status=0/SUCCESS)
Main PID: 3407 (code=killed, signal=SEGV)
Oct 25 10:30:23 rpiOnboardSK systemd[1]: ipsec.service: Unit entered failed state.
Oct 25 10:30:23 rpiOnboardSK systemd[1]: ipsec.service: Failed with result 'signal'.
Oct 25 10:30:23 rpiOnboardSK systemd[1]: ipsec.service: Service hold-off time over, scheduling restart.
Oct 25 10:30:23 rpiOnboardSK systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Oct 25 10:30:23 rpiOnboardSK systemd[1]: ipsec.service: Start request repeated too quickly.
Oct 25 10:30:23 rpiOnboardSK systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Oct 25 10:30:23 rpiOnboardSK systemd[1]: ipsec.service: Unit entered failed state.
Oct 25 10:30:23 rpiOnboardSK systemd[1]: ipsec.service: Failed with result 'signal'.
How can I troubleshoot?
TIA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20171025/0dfd9aeb/attachment.html>
More information about the Swan
mailing list