[Swan] Issue with networkmanager and l2tp

Brian McKee raydude at gmail.com
Sun Oct 25 20:27:09 UTC 2020 

I don't use systemd. I use openrc.

On Sun, Oct 25, 2020 at 10:45 AM Paul Wouters <paul at nohats.ca> wrote:

> On Sun, 25 Oct 2020, Brian McKee wrote:
>
> Maybe explicitely build with INITSYSTEM=systemd and see if that fixes
> things?
>
> Paul
>
> > Date: Sun, 25 Oct 2020 12:20:53
> > From: Brian McKee <raydude at gmail.com>
> > Cc: "Swan at lists.libreswan.org" <Swan at lists.libreswan.org>
> > To: Douglas Kosovic <doug at uq.edu.au>
> > Subject: Re: [Swan] Issue with networkmanager and l2tp
> >
> > I found another beginner mistake in the ebuild and reinstalled libreswan.
> > The messages I'm getting now are:
> >
> > Oct 25 09:17:49 threads NetworkManager[6124]: <info>  [1603642669.8190]
> audit: op="statistics"
> > arg="refresh-rate-ms" pid=10301 uid=1000 result="success"
> > Oct 25 09:17:58 threads NetworkManager[6124]: <info>  [1603642678.4519]
> audit: op="connection-activate"
> > uuid="9a088450-2a7b-4012-befe-facf564c77e0" name="wtec-SJ" pid=10301
> uid=1000 result="success"
> > Oct 25 09:17:58 threads NetworkManager[6124]: <info>  [1603642678.4627]
> >
> vpn-connection[0x562e3e1ca100,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> Started the VPN service, PID
> > 12655
> > Oct 25 09:17:58 threads NetworkManager[6124]: <info>  [1603642678.4691]
> >
> vpn-connection[0x562e3e1ca100,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> Saw the service appear;
> > activating connection
> > Oct 25 09:17:59 threads NetworkManager[6124]: <info>  [1603642679.1184]
> audit: op="statistics"
> > arg="refresh-rate-ms" pid=10301 uid=1000 result="success"
> > Oct 25 09:18:05 threads kernel: Initializing XFRM netlink socket
> > Oct 25 09:18:05 threads kernel: IPv4 over IPsec tunneling driver
> > Oct 25 09:18:05 threads NetworkManager[6124]: <info>  [1603642685.7716]
> manager: (ip_vti0): new Generic device
> > (/org/freedesktop/NetworkManager/Devices/6)
> > Oct 25 09:18:05 threads kernel: IPsec XFRM device driver
> > Oct 25 09:18:15 threads NetworkManager[6124]: <info>  [1603642695.8344]
> >
> vpn-connection[0x562e3e1ca100,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN plugin: state changed:
> > stopped (6)
> > Oct 25 09:18:15 threads NetworkManager[6124]: <info>  [1603642695.8375]
> >
> vpn-connection[0x562e3e1ca100,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN service disappeared
> > Oct 25 09:18:15 threads NetworkManager[6124]: <warn>  [1603642695.8385]
> >
> vpn-connection[0x562e3e1ca100,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN connection: failed to
> > connect: 'Message recipient disconnected from message bus without
> replying'
> >
> > On Sun, Oct 25, 2020 at 9:03 AM Brian McKee <raydude at gmail.com> wrote:
> >       Hi Doug,
> >
> > I'm back again...
> > I found an ipsec init script produced by libreswan's compile
> in ${IPSEC_CONFDIR}/../ipsec
> > I modified the ebuild to move that script in /etc/init.d/ and it works.
> > But I still can't connect to work. Here is the output in
> /var/log/messages:
> >
> > Oct 25 08:57:15 threads NetworkManager[6097]: <info>  [1603641435.8662]
> audit: op="statistics"
> > arg="refresh-rate-ms" pid=10312 uid=1000 result="success"
> > Oct 25 08:57:18 threads NetworkManager[6097]: <info>  [1603641438.4577]
> audit: op="connection-activate"
> > uuid="9a088450-2a7b-4012-befe-facf564c77e0" name="wtec-SJ" pid=10312
> uid=1000 resul
> > t="success"
> > Oct 25 08:57:18 threads NetworkManager[6097]: <info>  [1603641438.4623]
> >
> vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> Started the VPN service,
> > PID 24090
> > Oct 25 08:57:18 threads NetworkManager[6097]: <info>  [1603641438.4669]
> >
> vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> Saw the service appear;
> > activating
> > connection
> > Oct 25 08:57:19 threads NetworkManager[6097]: <info>  [1603641439.0556]
> audit: op="statistics"
> > arg="refresh-rate-ms" pid=10312 uid=1000 result="success"
> > Oct 25 08:57:33 threads NetworkManager[6097]: <info>  [1603641453.8567]
> >
> vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN plugin: state
> > changed: stopped
> > (6)
> > Oct 25 08:57:33 threads NetworkManager[6097]: <info>  [1603641453.8597]
> >
> vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN service disappeared
> > Oct 25 08:57:33 threads NetworkManager[6097]: <warn>  [1603641453.8607]
> >
> vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN connection: failed
> > to connect:
> > 'Message recipient disconnected from message bus without replying'
> >
> > /usr/sbin/ipsec start works now:
> > threads /etc/init.d # /usr/sbin/ipsec start
> > Redirecting to: rc-service ipsec start
> > * WARNING: ipsec has already been started
> >
> > Thanks for your patience and help.
> >
> > On Sun, Oct 25, 2020 at 8:13 AM Brian McKee <raydude at gmail.com> wrote:
> >       You are right. ipsec won't start because there is no
> service:/usr/sbin/ipsec start
> >       Redirecting to: rc-service ipsec start
> >       * rc-service: service `ipsec' does not exist
> > I have to figure out how to create a service script for it.
> > Perhaps I can get some help from the libreswan ebuild maintainer.
> > I'll post in the bug report I created.
> >
> > Thanks for your help.
> >
> >
> > On Sun, Oct 25, 2020 at 5:49 AM Douglas Kosovic <doug at uq.edu.au> wrote:
> >       Hi Brian,
> >
> >
> > So the following doesn't work
> >
> >   sudo /sbin/ipsec restart
> >
> > and I suspect:
> >
> >   sudo /sbin/ipsec start
> >
> > the gentoo libreswan ebuild has both openrc and systemd, sorry I have no
> idea how the gentoo
> > ebuild works with init script.
> >
> > If you are using systemd, running the following might give a hint as to
> what needs to be done
> > or is missing.
> >
> >   sudo systemctl restart ipsec.service
> >
> >
> > With systemd, I think it needs the following file to exist, but not sure
> with gentoo:
> >   /lib/systemd/system/ipsec.service
> >
> >
> > Sorry I'm not familiar with openrc or if gentoo is using some
> openrc/systemd hybrid setup,
> > but your rcscript suspicion seems plausible.
> >
> >
> >
> > Cheers,
> > Doug
> >
> >
> _______________________________________________________________________________________________________________
> > From: Brian McKee <raydude at gmail.com>
> > Sent: Sunday, 25 October 2020 6:04 AM
> > To: Paul Wouters <paul at nohats.ca>
> > Cc: Douglas Kosovic <doug at uq.edu.au>; Swan at lists.libreswan.org <
> Swan at lists.libreswan.org>
> > Subject: Re: [Swan] Issue with networkmanager and l2tp
> > I have /sbin/ipsec.
> > I rebooted to get networkmanager to restart with the latest version of
> libreswan.
> >
> > I'm still getting an error message:
> >
> > Oct 24 12:58:23 threads NetworkManager[6097]: <info>  [1603569503.8941]
> audit:
> > op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000 result="success"
> > Oct 24 12:58:27 threads NetworkManager[6097]: <info>  [1603569507.6586]
> audit:
> > op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0"
> name="wtec-SJ" pid=10312
> > uid=1000 resul
> > t="success"
> > Oct 24 12:58:27 threads NetworkManager[6097]: <info>  [1603569507.6708]
> >
> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> Started the
> > VPN service, PID 11786
> > Oct 24 12:58:27 threads NetworkManager[6097]: <info>  [1603569507.6779]
> >
> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> Saw the
> > service appear; activating
> > connection
> > Oct 24 12:58:28 threads NetworkManager[6097]: <info>  [1603569508.6593]
> audit:
> > op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000 result="success"
> > Oct 24 12:58:32 threads /etc/init.d/NetworkManager[11800]: rc-service:
> service `ipsec' does
> > not exist
> > Oct 24 12:58:32 threads NetworkManager[6097]: <warn>  [1603569512.8038]
> >
> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN
> > connection: failed to connect:
> > 'Could not restart the ipsec service.'
> > Oct 24 12:58:32 threads NetworkManager[6097]: <info>  [1603569512.8063]
> >
> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN plugin:
> > state changed: stopped
> > (6)
> > Oct 24 12:58:32 threads NetworkManager[6097]: <info>  [1603569512.8081]
> >
> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> VPN service
> > disappeared
> >
> > It's still looking for ipsec. I think it's looking for
> /etc/init.d/ipsecd or something like
> > that based on the error message. Is an rcscript meant to be added by
> libreswan? So that
> > something else is missing from the ebuild?
> >
> > Again, I really appreciate your patience with me. Thanks so much.
> >
> > On Sat, Oct 24, 2020 at 7:08 AM Paul Wouters <paul at nohats.ca> wrote:
> >       pluto[17294]: ignoring message from whack with bad
> magic 1869114160; should
> >       be 1869114159; Mismatched versions of userland tools.
> >       Sent
> >
> > It looks like either you have two installs (one in /usr and one in
> /usr/local or your
> > pluto
> > did not restart after installing a newer version ?
> >
> > Paul
> >
> >
> >
> >       On Oct 23, 2020, at 23:26, Brian McKee <raydude at gmail.com> wrote:
> >
> >       Hi Paul and Doug,
> >
> > So I got libreswan 4.1 to install with the new folder by modifying the
> ebuild,
> > but I'm still having problems. Here is the output of networkmanager:
> > Oct 23 20:19:40 threads NetworkManager[4579]: <info>  [1603509580.7688]
> audit:
> > op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 result="success"
> > Oct 23 20:19:42 threads NetworkManager[4579]: <info>  [1603509582.5025]
> audit:
> > op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0"
> > name="wtec-SJ" pid=5647 uid=1000 result
> > ="success"
> > Oct 23 20:19:42 threads NetworkManager[4579]: <info>  [1603509582.5068]
> >
> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> > Started the VPN service, PID 28727
> > Oct 23 20:19:42 threads NetworkManager[4579]: <info>  [1603509582.5115]
> >
> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> > Saw the service appear; activating
> > connection
> > Oct 23 20:19:43 threads NetworkManager[4579]: <info>  [1603509583.2001]
> audit:
> > op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 result="success"
> > Oct 23 20:19:51 threads pluto[17294]: ignoring message from whack with
> bad magic
> > 1869114160; should be 1869114159; Mismatched versions of userland tools.
> > Oct 23 20:19:51 threads /etc/init.d/NetworkManager[28748]: rc-service:
> No such
> > file or directory
> > Oct 23 20:19:51 threads NetworkManager[4579]: <warn>  [1603509591.5840]
> >
> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> > VPN connection: failed to connect:
> > 'Could not restart the ipsec service.'
> > Oct 23 20:19:51 threads NetworkManager[4579]: <info>  [1603509591.5851]
> >
> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> > VPN plugin: state changed: stopped
> > (6)
> > Oct 23 20:19:51 threads NetworkManager[4579]: <info>  [1603509591.5875]
> >
> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]:
> > VPN service disappeared
> >
> > I'm guessing I'm having ipsec issues...
> >
> > Can you give me a shove in the right direction?
> >
> > On Fri, Oct 23, 2020 at 10:47 AM Paul Wouters <paul at nohats.ca> wrote:
> >       On Fri, 23 Oct 2020, Brian McKee wrote:
> >
> >       > Thanks Doug!I'll open a ticket with the gentoo devs!
> >
> >       They can compile with FINALNSSDIR=/etc/ipsec.d to keep the nss
> files
> >       at the same
> >       location if they prefer that.
> >
> >       Note that libreswan-4.x also no longer builds support for DH2, and
> >       some
> >       NM-libreswan plugins tried to use dh2+dh5 for IKEv1. So you might
> >       also
> >       be running into that. That required a fix to NM-libreswan in fedora
> >       at
> >       least.
> >
> >       Pau
> >
> > _______________________________________________
> > Swan mailing list
> > Swan at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan
> >
> >
> >
> > --
> > -- Consciousness moves everything.
> >
> >
> >
> > --
> > -- Consciousness moves everything.
> >
> >
> >
> > --
> > -- Consciousness moves everything.
> >
> >
>


-- 
-- Consciousness moves everything.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20201025/2de830fd/attachment-0001.html>

More information about the Swan mailing list