[Swan] New machine, getting libreswan working
John Serink
jserink2004 at yahoo.com
Fri May 18 03:55:39 UTC 2018
Hi all:
I shifted laptops a few months back after a Video card failure and mirrored everything over.I've just today set aside some time to get my IPsec stuff up and running and ma having a few problems.
Version:jserinki7 /usr/src/linux # ipsec --versionLinux Libreswan 3.23 (netkey) on 4.15.5-gentoo
I can't get past ipsec verify:jserinki7 /usr/src/linux # ipsec verifyVerifying installed system and configuration files
Version check and ipsec on-path [OK]Libreswan 3.23 (netkey) on 4.15.5-gentooChecking for IPsec support in kernel [OK] NETKEY: Testing XFRM related proc values ICMP default/send_redirects [OK] ICMP default/accept_redirects [OK] XFRM larval drop [OK]Pluto ipsec.conf syntax [OK]Two or more interfaces found, checking IP forwarding [OK]Checking rp_filter [ENABLED] /proc/sys/net/ipv4/conf/all/rp_filter [ENABLED] /proc/sys/net/ipv4/conf/default/rp_filter [ENABLED] /proc/sys/net/ipv4/conf/erspan0/rp_filter [ENABLED] /proc/sys/net/ipv4/conf/gre0/rp_filter [ENABLED] /proc/sys/net/ipv4/conf/gretap0/rp_filter [ENABLED] /proc/sys/net/ipv4/conf/ip_vti0/rp_filter [ENABLED] rp_filter is not fully aware of IPsec and should be disabledChecking that pluto is running [FAILED]Checking 'ip' command [OK]Checking 'iptables' command [OK]Checking 'prelink' command does not interfere with FIPS [OK]Checking for obsolete ipsec.conf options [OBSOLETE KEYWORD]Traceback (most recent call last): File "/usr/libexec/ipsec/verify", line 426, in <module> main() File "/usr/libexec/ipsec/verify", line 417, in main configsetupcheck() File "/usr/libexec/ipsec/verify", line 398, in configsetupcheck err = err.replace("Warning"," Warning")TypeError: a bytes-like object is required, not 'str'
So, I get to the OBSOLETE keywords warning and then the verify script burps.
Any tips on getting verify to complete?
Cheers,john
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180518/49e6de57/attachment.html>
More information about the Swan
mailing list