[Swan] klips + ipsec whack --shutdown causes lockup
Paul Wouters
paul at nohats.ca
Fri Sep 6 14:46:53 UTC 2019
ipsec klipsdebug —all
>
> Testing latest master branch 3d5516b1c. When trying to restart ipsec services using klips, I get a device lockup and/or reboot. Syslog seems to stop at different places (ssh connection).
>
> Is there other debugging that would help besides whack --debug all?
>
> Thanks!
>
> -Brian
>
>
> 1656 tmp]# ipsec barf
> Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Libreswan for the first time; alternatively, your log files have been emptied (ie, logrotate) or we do not understand your logging configuration.
> Unable to find Pluto messages, typically found in /var/log/secure or equivalent. You may need to run Libreswan for the first time; alternatively, your log files have been emptied (ie, logrotate) or we do not understand your logging configuration.
> DA70N-051656
> Fri Sep 6 09:20:15 CDT 2019
> + _________________________ version
> + ipsec --version
> Linux Libreswan 3.master-201936.git (netkey) on 4.9.119
It believes it is running XFRM, not KLIPS
> + _________________________ /proc/version
> + cat /proc/version
> Linux version 4.9.119 (captain at 784c3b036f31) (gcc version 7.4.0 (Ubuntu/Linaro 7.4.0-1ubuntu1~18.04) ) #1 PREEMPT Fri Sep 6 14:00:18 UTC 2019
> + _________________________ /proc/net/ipsec_eroute
> + '[' -r /proc/net/ipsec_eroute ']'
> + _________________________ /proc/net/ipsec_spi
> + '[' -r /proc/net/ipsec_spi ']'
> + _________________________ /proc/net/ipsec_spigrp
> + '[' -r /proc/net/ipsec_spigrp ']'
> + _________________________ /proc/net/ipsec_tncfg
> + '[' -r /proc/net/ipsec_tncfg ']'
> + '[' -r /proc/sys/net/core/xfrm_acq_expires ']'
> + _________________________ ip-xfrm-state
> + ip xfrm state
> + _________________________ ip-xfrm-policy
> + ip xfrm policy
> + _________________________ cat-proc-net-xfrm_stat
> + cat /proc/net/xfrm_stat
> XfrmInError 0
> XfrmInBufferError 0
You still have XFRM loaded or compiled in?
Paul
More information about the Swan
mailing list