[Swan] Issue with networkmanager and l2tp

Brian McKee raydude at gmail.com
Sun Oct 25 16:03:28 UTC 2020


Hi Doug,

I'm back again...

I found an ipsec init script produced by libreswan's compile in
${IPSEC_CONFDIR}/../ipsec
I modified the ebuild to move that script in /etc/init.d/ and it works.

But I still can't connect to work. Here is the output in /var/log/messages:

Oct 25 08:57:15 threads NetworkManager[6097]: <info>  [1603641435.8662]
audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000
result="success"
Oct 25 08:57:18 threads NetworkManager[6097]: <info>  [1603641438.4577]
audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0"
name="wtec-SJ" pid=10312 uid=1000 resul
t="success"
Oct 25 08:57:18 threads NetworkManager[6097]: <info>  [1603641438.4623]
vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
Started the VPN service, PID 24090
Oct 25 08:57:18 threads NetworkManager[6097]: <info>  [1603641438.4669]
vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
Saw the service appear; activating
connection
Oct 25 08:57:19 threads NetworkManager[6097]: <info>  [1603641439.0556]
audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000
result="success"
Oct 25 08:57:33 threads NetworkManager[6097]: <info>  [1603641453.8567]
vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
VPN plugin: state changed: stopped
(6)
Oct 25 08:57:33 threads NetworkManager[6097]: <info>  [1603641453.8597]
vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
VPN service disappeared
Oct 25 08:57:33 threads NetworkManager[6097]: <warn>  [1603641453.8607]
vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
VPN connection: failed to connect:
'Message recipient disconnected from message bus without replying'

/usr/sbin/ipsec start works now:
threads /etc/init.d # /usr/sbin/ipsec start
Redirecting to: rc-service ipsec start
* WARNING: ipsec has already been started

Thanks for your patience and help.

On Sun, Oct 25, 2020 at 8:13 AM Brian McKee <raydude at gmail.com> wrote:

> You are right. ipsec won't start because there is no service:
> /usr/sbin/ipsec start
> Redirecting to: rc-service ipsec start
> * rc-service: service `ipsec' does not exist
> I have to figure out how to create a service script for it.
> Perhaps I can get some help from the libreswan ebuild maintainer.
> I'll post in the bug report I created.
>
> Thanks for your help.
>
>
> On Sun, Oct 25, 2020 at 5:49 AM Douglas Kosovic <doug at uq.edu.au> wrote:
>
>> Hi Brian,
>>
>>
>> So the following doesn't work
>>
>>   sudo /sbin/ipsec restart
>>
>> and I suspect:
>>
>>   sudo /sbin/ipsec start
>>
>> the gentoo libreswan ebuild has both openrc and systemd, sorry I have no
>> idea how the gentoo ebuild works with init script.
>>
>> If you are using systemd, running the following might give a hint as to
>> what needs to be done or is missing.
>>
>>   sudo systemctl restart ipsec.service
>>
>>
>> With systemd, I think it needs the following file to exist, but not sure
>> with gentoo:
>>   /lib/systemd/system/ipsec.service
>>
>>
>> Sorry I'm not familiar with openrc or if gentoo is using some
>> openrc/systemd hybrid setup, but your rcscript suspicion seems plausible.
>>
>>
>>
>> Cheers,
>> Doug
>>
>> ------------------------------
>> *From:* Brian McKee <raydude at gmail.com>
>> *Sent:* Sunday, 25 October 2020 6:04 AM
>> *To:* Paul Wouters <paul at nohats.ca>
>> *Cc:* Douglas Kosovic <doug at uq.edu.au>; Swan at lists.libreswan.org <
>> Swan at lists.libreswan.org>
>> *Subject:* Re: [Swan] Issue with networkmanager and l2tp
>>
>> I have /sbin/ipsec.
>>
>> I rebooted to get networkmanager to restart with the latest version of
>> libreswan.
>>
>> I'm still getting an error message:
>>
>> Oct 24 12:58:23 threads NetworkManager[6097]: <info>  [1603569503.8941]
>> audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000
>> result="success"
>> Oct 24 12:58:27 threads NetworkManager[6097]: <info>  [1603569507.6586]
>> audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0"
>> name="wtec-SJ" pid=10312 uid=1000 resul
>> t="success"
>> Oct 24 12:58:27 threads NetworkManager[6097]: <info>  [1603569507.6708]
>> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
>> Started the VPN service, PID 11786
>> Oct 24 12:58:27 threads NetworkManager[6097]: <info>  [1603569507.6779]
>> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
>> Saw the service appear; activating
>> connection
>> Oct 24 12:58:28 threads NetworkManager[6097]: <info>  [1603569508.6593]
>> audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000
>> result="success"
>> Oct 24 12:58:32 threads /etc/init.d/NetworkManager[11800]: rc-service:
>> service `ipsec' does not exist
>> Oct 24 12:58:32 threads NetworkManager[6097]: <warn>  [1603569512.8038]
>> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
>> VPN connection: failed to connect:
>> 'Could not restart the ipsec service.'
>> Oct 24 12:58:32 threads NetworkManager[6097]: <info>  [1603569512.8063]
>> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
>> VPN plugin: state changed: stopped
>> (6)
>> Oct 24 12:58:32 threads NetworkManager[6097]: <info>  [1603569512.8081]
>> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
>> VPN service disappeared
>>
>> It's still looking for ipsec. I think it's looking for /etc/init.d/ipsecd
>> or something like that based on the error message. Is an rcscript meant to
>> be added by libreswan? So that something else is missing from the ebuild?
>>
>> Again, I really appreciate your patience with me. Thanks so much.
>>
>> On Sat, Oct 24, 2020 at 7:08 AM Paul Wouters <paul at nohats.ca> wrote:
>>
>> pluto[17294]: ignoring message from whack with bad magic 1869114160;
>> should be 1869114159; Mismatched versions of userland tools.
>>
>> Sent
>>
>> It looks like either you have two installs (one in /usr and one in
>> /usr/local or your pluto
>> did not restart after installing a newer version ?
>>
>> Paul
>>
>>
>>
>> On Oct 23, 2020, at 23:26, Brian McKee <raydude at gmail.com> wrote:
>>
>> 
>> Hi Paul and Doug,
>>
>> So I got libreswan 4.1 to install with the new folder by modifying the
>> ebuild, but I'm still having problems. Here is the output of
>> networkmanager:
>>
>> Oct 23 20:19:40 threads NetworkManager[4579]: <info>  [1603509580.7688]
>> audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000
>> result="success"
>> Oct 23 20:19:42 threads NetworkManager[4579]: <info>  [1603509582.5025]
>> audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0"
>> name="wtec-SJ" pid=5647 uid=1000 result
>> ="success"
>> Oct 23 20:19:42 threads NetworkManager[4579]: <info>  [1603509582.5068]
>> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
>> Started the VPN service, PID 28727
>> Oct 23 20:19:42 threads NetworkManager[4579]: <info>  [1603509582.5115]
>> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
>> Saw the service appear; activating
>> connection
>> Oct 23 20:19:43 threads NetworkManager[4579]: <info>  [1603509583.2001]
>> audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000
>> result="success"
>> Oct 23 20:19:51 threads pluto[17294]: ignoring message from whack with
>> bad magic 1869114160; should be 1869114159; Mismatched versions of userland
>> tools.
>> Oct 23 20:19:51 threads /etc/init.d/NetworkManager[28748]: rc-service: No
>> such file or directory
>> Oct 23 20:19:51 threads NetworkManager[4579]: <warn>  [1603509591.5840]
>> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
>> VPN connection: failed to connect:
>> 'Could not restart the ipsec service.'
>> Oct 23 20:19:51 threads NetworkManager[4579]: <info>  [1603509591.5851]
>> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
>> VPN plugin: state changed: stopped
>> (6)
>> Oct 23 20:19:51 threads NetworkManager[4579]: <info>  [1603509591.5875]
>> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
>> VPN service disappeared
>>
>> I'm guessing I'm having ipsec issues...
>>
>> Can you give me a shove in the right direction?
>>
>> On Fri, Oct 23, 2020 at 10:47 AM Paul Wouters <paul at nohats.ca> wrote:
>>
>> On Fri, 23 Oct 2020, Brian McKee wrote:
>>
>> > Thanks Doug!I'll open a ticket with the gentoo devs!
>>
>> They can compile with FINALNSSDIR=/etc/ipsec.d to keep the nss files at
>> the same
>> location if they prefer that.
>>
>> Note that libreswan-4.x also no longer builds support for DH2, and some
>> NM-libreswan plugins tried to use dh2+dh5 for IKEv1. So you might also
>> be running into that. That required a fix to NM-libreswan in fedora at
>> least.
>>
>> Pau
>>
>> _______________________________________________
>> Swan mailing list
>> Swan at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan
>>
>
>
> --
> -- Consciousness moves everything.
>


-- 
-- Consciousness moves everything.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20201025/ea03185a/attachment-0001.html>


More information about the Swan mailing list