[Swan] Need support for IPSEC
Paul Wouters
paul at nohats.ca
Sun Apr 1 17:16:19 UTC 2018
On Thu, 29 Mar 2018, Sriram Yarlagadda wrote:
> $systemctl status ipsec.service
> ● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
> Loaded: loaded (/lib/systemd/system/ipsec.service; enabled; vendor preset: en
> Active: activating (start-pre) since Thu 2018-03-29 04:31:49 UTC; 1s ago
> Docs: man:ipsec(8)
> man:pluto(8)
> man:ipsec.conf(5)
> Process: 17567 ExecStopPost=/usr/local/sbin/ipsec --stopnflog (code=exited, st
> Process: 17564 ExecStopPost=/sbin/ip xfrm state flush (code=exited, status=0/S
> Process: 17561 ExecStopPost=/sbin/ip xfrm policy flush (code=exited, status=0/
> Process: 17536 ExecStart=/usr/local/libexec/ipsec/pluto --leak-detective --con
> Process: 17523 ExecStartPre=/usr/local/sbin/ipsec --checknflog (code=exited, s
> Process: 17520 ExecStartPre=/usr/local/sbin/ipsec --checknss (code=exited, sta
> Process: 17575 ExecStartPre=/usr/local/libexec/ipsec/addconn --config /etc/ips
> Main PID: 17536 (code=exited, status=9); Control PID: 17578 (_stackmanager)
> Tasks: 3 (limit: 4915)
> CGroup: /system.slice/ipsec.service
> └─control
> ├─17578 /bin/sh /usr/local/libexec/ipsec/_stackmanager start
> └─17746 modprobe --quiet --use-blacklist esp4
It looks here that your modprobe command is hanging, resulting in
"ipsec _stackmanager" hanging, and therefor pluto not starting properly.
I don't know what is causing that though. you can try and run this
manually to see what it tells you (on console and in dmesg):
modprobe --use-blacklist esp4
It's odd that systemd does not see this as a failed startup. It did not
even try to run the Start command as it is stuck in an ExecStartPre job.
It should have marked this clearly as failed start.
Paul
More information about the Swan
mailing list