[Swan] Issue with networkmanager and l2tp

Brian McKee raydude at gmail.com
Sun Oct 25 15:13:44 UTC 2020 

You are right. ipsec won't start because there is no service:
/usr/sbin/ipsec start
Redirecting to: rc-service ipsec start
* rc-service: service `ipsec' does not exist
I have to figure out how to create a service script for it.
Perhaps I can get some help from the libreswan ebuild maintainer.
I'll post in the bug report I created.

Thanks for your help.


On Sun, Oct 25, 2020 at 5:49 AM Douglas Kosovic <doug at uq.edu.au> wrote:

> Hi Brian,
>
>
> So the following doesn't work
>
>   sudo /sbin/ipsec restart
>
> and I suspect:
>
>   sudo /sbin/ipsec start
>
> the gentoo libreswan ebuild has both openrc and systemd, sorry I have no
> idea how the gentoo ebuild works with init script.
>
> If you are using systemd, running the following might give a hint as to
> what needs to be done or is missing.
>
>   sudo systemctl restart ipsec.service
>
>
> With systemd, I think it needs the following file to exist, but not sure
> with gentoo:
>   /lib/systemd/system/ipsec.service
>
>
> Sorry I'm not familiar with openrc or if gentoo is using some
> openrc/systemd hybrid setup, but your rcscript suspicion seems plausible.
>
>
>
> Cheers,
> Doug
>
> ------------------------------
> *From:* Brian McKee <raydude at gmail.com>
> *Sent:* Sunday, 25 October 2020 6:04 AM
> *To:* Paul Wouters <paul at nohats.ca>
> *Cc:* Douglas Kosovic <doug at uq.edu.au>; Swan at lists.libreswan.org <
> Swan at lists.libreswan.org>
> *Subject:* Re: [Swan] Issue with networkmanager and l2tp
>
> I have /sbin/ipsec.
>
> I rebooted to get networkmanager to restart with the latest version of
> libreswan.
>
> I'm still getting an error message:
>
> Oct 24 12:58:23 threads NetworkManager[6097]: <info>  [1603569503.8941]
> audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000
> result="success"
> Oct 24 12:58:27 threads NetworkManager[6097]: <info>  [1603569507.6586]
> audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0"
> name="wtec-SJ" pid=10312 uid=1000 resul
> t="success"
> Oct 24 12:58:27 threads NetworkManager[6097]: <info>  [1603569507.6708]
> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> Started the VPN service, PID 11786
> Oct 24 12:58:27 threads NetworkManager[6097]: <info>  [1603569507.6779]
> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> Saw the service appear; activating
> connection
> Oct 24 12:58:28 threads NetworkManager[6097]: <info>  [1603569508.6593]
> audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000
> result="success"
> Oct 24 12:58:32 threads /etc/init.d/NetworkManager[11800]: rc-service:
> service `ipsec' does not exist
> Oct 24 12:58:32 threads NetworkManager[6097]: <warn>  [1603569512.8038]
> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN connection: failed to connect:
> 'Could not restart the ipsec service.'
> Oct 24 12:58:32 threads NetworkManager[6097]: <info>  [1603569512.8063]
> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN plugin: state changed: stopped
> (6)
> Oct 24 12:58:32 threads NetworkManager[6097]: <info>  [1603569512.8081]
> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN service disappeared
>
> It's still looking for ipsec. I think it's looking for /etc/init.d/ipsecd
> or something like that based on the error message. Is an rcscript meant to
> be added by libreswan? So that something else is missing from the ebuild?
>
> Again, I really appreciate your patience with me. Thanks so much.
>
> On Sat, Oct 24, 2020 at 7:08 AM Paul Wouters <paul at nohats.ca> wrote:
>
> pluto[17294]: ignoring message from whack with bad magic 1869114160;
> should be 1869114159; Mismatched versions of userland tools.
>
> Sent
>
> It looks like either you have two installs (one in /usr and one in
> /usr/local or your pluto
> did not restart after installing a newer version ?
>
> Paul
>
>
>
> On Oct 23, 2020, at 23:26, Brian McKee <raydude at gmail.com> wrote:
>
> 
> Hi Paul and Doug,
>
> So I got libreswan 4.1 to install with the new folder by modifying the
> ebuild, but I'm still having problems. Here is the output of
> networkmanager:
>
> Oct 23 20:19:40 threads NetworkManager[4579]: <info>  [1603509580.7688]
> audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000
> result="success"
> Oct 23 20:19:42 threads NetworkManager[4579]: <info>  [1603509582.5025]
> audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0"
> name="wtec-SJ" pid=5647 uid=1000 result
> ="success"
> Oct 23 20:19:42 threads NetworkManager[4579]: <info>  [1603509582.5068]
> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> Started the VPN service, PID 28727
> Oct 23 20:19:42 threads NetworkManager[4579]: <info>  [1603509582.5115]
> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> Saw the service appear; activating
> connection
> Oct 23 20:19:43 threads NetworkManager[4579]: <info>  [1603509583.2001]
> audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000
> result="success"
> Oct 23 20:19:51 threads pluto[17294]: ignoring message from whack with bad
> magic 1869114160; should be 1869114159; Mismatched versions of userland
> tools.
> Oct 23 20:19:51 threads /etc/init.d/NetworkManager[28748]: rc-service: No
> such file or directory
> Oct 23 20:19:51 threads NetworkManager[4579]: <warn>  [1603509591.5840]
> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN connection: failed to connect:
> 'Could not restart the ipsec service.'
> Oct 23 20:19:51 threads NetworkManager[4579]: <info>  [1603509591.5851]
> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN plugin: state changed: stopped
> (6)
> Oct 23 20:19:51 threads NetworkManager[4579]: <info>  [1603509591.5875]
> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN service disappeared
>
> I'm guessing I'm having ipsec issues...
>
> Can you give me a shove in the right direction?
>
> On Fri, Oct 23, 2020 at 10:47 AM Paul Wouters <paul at nohats.ca> wrote:
>
> On Fri, 23 Oct 2020, Brian McKee wrote:
>
> > Thanks Doug!I'll open a ticket with the gentoo devs!
>
> They can compile with FINALNSSDIR=/etc/ipsec.d to keep the nss files at
> the same
> location if they prefer that.
>
> Note that libreswan-4.x also no longer builds support for DH2, and some
> NM-libreswan plugins tried to use dh2+dh5 for IKEv1. So you might also
> be running into that. That required a fix to NM-libreswan in fedora at
> least.
>
> Pau
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>


-- 
-- Consciousness moves everything.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20201025/f70eb58a/attachment.html>

More information about the Swan mailing list