<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Dear Elison,<br>
<br>
pluto fails to correctly start on your side on:<br>
/usr/bin/sh -c 'eval `/usr/local/libexec/ipsec/pluto
<br>
--config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`'<br>
whack failing on stop is just a consequence.<br>
<br>
Because $PLUTO_OPTIONS comes from:<br>
EnvironmentFile=-/etc/sysconfig/pluto
<br>
<br>
can you <b>$ cat /etc/sysconfig/pluto</b><br>
<br>
$ <b>export PLUTO_OPTIONS=</b><the right side of the
assignment in your PLUTO_OPTIONS in your /etc/sysconfig/pluto
file><br>
<br>
and manually perform:<br>
<br>
<b>/usr/bin/sh -c 'eval `/usr/local/libexec/ipsec/pluto
</b><b><br>
</b><b>
--config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`'</b><b><br>
</b><br>
from a root account ????<br>
<br>
You provide us the output of what you did and read.<br>
Thank you so much in advance.<br>
<pre class="moz-signature" cols="72">Philippe Vouters (Fontainebleau/France)
URL: <a class="moz-txt-link-freetext" href="http://vouters.dyndns.org/">http://vouters.dyndns.org/</a>
SIP: <a class="moz-txt-link-abbreviated" href="mailto:sip:Vouters@sip.linphone.org">sip:Vouters@sip.linphone.org</a></pre>
Le 04/01/2013 13:22, Elison Niven a écrit :<br>
</div>
<blockquote cite="mid:50E6C97E.8070504@cyberoam.com" type="cite">SELinux
is disabled.
<br>
$ getenforce
<br>
Disabled
<br>
$ ls /etc/rc.d/init.d/ipsec*
<br>
ls: cannot access /etc/rc.d/init.d/ipsec*: No such file or
directory
<br>
<br>
Thanks.
<br>
<br>
On Friday 04 January 2013 05:35 PM, Philippe Vouters wrote:
<br>
<blockquote type="cite">Dear Elison,
<br>
<br>
I am running Fedora 17 i686 with SELinux policy set to
permissive. I
<br>
just dowloaded
<a class="moz-txt-link-freetext" href="https://download.libreswan.org/libreswan-3.0.tar.gz">https://download.libreswan.org/libreswan-3.0.tar.gz</a>
<br>
and performed the following commands from my user account:
<br>
<br>
$ sudo yum remove libreswan
<br>
$ sudo mv /etc/ipsec.conf.rpmsave /etc/ipsec.conf
<br>
$ tar -zxvf download/libreswan-3.0.tar.gz
<br>
$ cd libreswan-3.0/
<br>
$ make programs
<br>
$ sudo make install
<br>
$ sudo systemctl start ipsec.service
<br>
[philippe@victor libreswan-3.0]$ sudo systemctl status
ipsec.service
<br>
ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for
IPsec
<br>
Loaded: loaded
(/usr/lib/systemd/system/ipsec.service; disabled)
<br>
Active: active (running) since Fri, 04 Jan 2013
12:42:54
<br>
+0100; 14s ago
<br>
Process: 2154
<br>
ExecStartPre=/usr/local/libexec/ipsec/_stackmanager start
(code=exited,
<br>
status=0/SUCCESS)
<br>
Process: 2150 ExecStartPre=/usr/local/sbin/ipsec
addconn
<br>
--config /etc/ipsec.conf --checkconfig (code=exited,
status=0/SUCCESS)
<br>
Main PID: 2215 (sh)
<br>
CGroup: name=systemd:/system/ipsec.service
<br>
2215 /usr/bin/sh -c eval
<br>
`/usr/local/libexec/ipsec/plut...
<br>
2216 /usr/bin/sh -c eval
<br>
`/usr/local/libexec/ipsec/plut...
<br>
2217 /usr/local/libexec/ipsec/pluto --config
<br>
/etc/ipsec...
<br>
2242 _pluto_adns
<br>
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
find_host_pair_conn ...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: added
connection
<br>
descr...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: | reaped
addconn
<br>
helpe...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
connect_to_host_pair...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
find_host_pair:
<br>
comp...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
connect_to_host_pair...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
find_host_pair:
<br>
comp...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
connect_to_host_pair...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
find_host_pair:
<br>
comp...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
connect_to_host_pair...
<br>
[philippe@victor libreswan-3.0]$ sudo systemctl stop
ipsec.service
<br>
[philippe@victor libreswan-3.0]$ sudo systemctl status
ipsec.service
<br>
ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for
IPsec
<br>
Loaded: loaded
(/usr/lib/systemd/system/ipsec.service; disabled)
<br>
Active: inactive (dead) since Fri, 04 Jan 2013
12:50:26
<br>
+0100; 2s ago
<br>
Process: 2580 ExecStopPost=/sbin/ip xfrm state flush
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 2576 ExecStopPost=/sbin/ip xfrm policy flush
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 2572 ExecStop=/usr/local/sbin/ipsec whack
--shutdown
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 2215 ExecStart=/usr/bin/sh -c eval
<br>
`/usr/local/libexec/ipsec/pluto --config /etc/ipsec.conf
--nofork
<br>
$PLUTO_OPTIONS` (code=exited, status=0/SUCCESS)
<br>
Process: 2154
<br>
ExecStartPre=/usr/local/libexec/ipsec/_stackmanager start
(code=exited,
<br>
status=0/SUCCESS)
<br>
Process: 2150 ExecStartPre=/usr/local/sbin/ipsec
addconn
<br>
--config /etc/ipsec.conf --checkconfig (code=exited,
status=0/SUCCESS)
<br>
CGroup: name=systemd:/system/ipsec.service
<br>
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]: shutting
down
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]: |
processing
<br>
connectio...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]:
"roadwarrior":
<br>
deletin...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]: |
processing
<br>
connectio...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]:
"macintosh-l2tp":
<br>
dele...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]: |
processing
<br>
connectio...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]:
<br>
"roadwarrior-l2tp": de...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]: |
processing
<br>
connectio...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]:
<br>
"roadwarrior-l2tp-upda...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]: | crl
fetch
<br>
request li...
<br>
<br>
So would it happen you still have /etc/rc.d/init.d/ipsec* ?
<br>
On my side:
<br>
[philippe@victor libreswan-3.0]$ ls /etc/rc.d/init.d/ipsec*
<br>
ls: cannot access /etc/rc.d/init.d/ipsec*: No such file or
directory
<br>
Would it also happen but it looks at first glance unlikely that
you are
<br>
facing some SELinux issue ?
<br>
Can you give us the output of the following:
<br>
[philippe@victor libreswan-3.0]$ sudo getenforce
<br>
Permissive
<br>
If getenforce returns Enforcing, can you perform the following
commands:
<br>
[philippe@victor libreswan-3.0]$ sudo restorecon /usr/local/sbin
-Rv
<br>
[philippe@victor libreswan-3.0]$ sudo restorecon
<br>
/usr/local/libexec/ipsec -Rv
<br>
[philippe@victor libreswan-3.0]$
<br>
<br>
Once the above points clean,
<br>
<br>
[philippe@victor libreswan-3.0]$ sudo systemctl --system
daemon-reload
<br>
[philippe@victor libreswan-3.0]$ sudo systemctl restart
ipsec.service
<br>
[philippe@victor libreswan-3.0]$ sudo systemctl status
ipsec.service
<br>
ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for
IPsec
<br>
Loaded: loaded
(/usr/lib/systemd/system/ipsec.service; disabled)
<br>
Active: active (running) since Fri, 04 Jan 2013
12:58:55
<br>
+0100; 6s ago
<br>
Process: 2580 ExecStopPost=/sbin/ip xfrm state flush
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 2576 ExecStopPost=/sbin/ip xfrm policy flush
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 2572 ExecStop=/usr/local/sbin/ipsec whack
--shutdown
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 2947
<br>
ExecStartPre=/usr/local/libexec/ipsec/_stackmanager start
(code=exited,
<br>
status=0/SUCCESS)
<br>
Process: 2942 ExecStartPre=/usr/local/sbin/ipsec
addconn
<br>
--config /etc/ipsec.conf --checkconfig (code=exited,
status=0/SUCCESS)
<br>
Main PID: 3011 (sh)
<br>
CGroup: name=systemd:/system/ipsec.service
<br>
3011 /usr/bin/sh -c eval
<br>
`/usr/local/libexec/ipsec/plut...
<br>
3012 /usr/bin/sh -c eval
<br>
`/usr/local/libexec/ipsec/plut...
<br>
3013 /usr/local/libexec/ipsec/pluto --config
<br>
/etc/ipsec...
<br>
3038 _pluto_adns
<br>
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
find_host_pair_conn ...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: added
connection
<br>
descr...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: | reaped
addconn
<br>
helpe...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
connect_to_host_pair...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
find_host_pair:
<br>
comp...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
connect_to_host_pair...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
find_host_pair:
<br>
comp...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
connect_to_host_pair...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
find_host_pair:
<br>
comp...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
connect_to_host_pair...
<br>
<br>
Thank you so much in advance to keep us informed.
<br>
Best regards,
<br>
<br>
Philippe Vouters (Fontainebleau/France)
<br>
URL: <a class="moz-txt-link-freetext" href="http://vouters.dyndns.org/">http://vouters.dyndns.org/</a>
<br>
SIP: <a class="moz-txt-link-abbreviated" href="mailto:sip:Vouters@sip.linphone.org">sip:Vouters@sip.linphone.org</a>
<br>
<br>
Le 04/01/2013 10:51, Elison Niven a écrit :
<br>
<blockquote type="cite">Hi,
<br>
<br>
I downloaded libreswan and installed from source on Fedora 16.
<br>
# Install dependencies
<br>
$ yum install unbound-devel libcap-ng-devel xmto
<br>
<br>
# Remove openswan, racoon
<br>
$ yum remove openswan ipsec-tools
<br>
<br>
# Make and install libreswan
<br>
# make programs
<br>
$ make install
<br>
<br>
$ systemctl --system daemon-reload
<br>
$ systemctl enable ipsec.service
<br>
$ service ipsec start
<br>
Redirecting to /bin/systemctl start ipsec.service
<br>
<br>
$ service ipsec status
<br>
Redirecting to /bin/systemctl status ipsec.service
<br>
ipsec.service - Internet Key Exchange (IKE) Protocol Daemon
for IPsec
<br>
Loaded: loaded (/lib/systemd/system/ipsec.service;
enabled)
<br>
Active: failed since Fri, 04 Jan 2013 15:11:52 +0530; 2s
ago
<br>
Process: 13445 ExecStopPost=/sbin/ip xfrm state flush
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 13443 ExecStopPost=/sbin/ip xfrm policy flush
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 13440 ExecStop=/usr/local/sbin/ipsec whack
--shutdown
<br>
(code=exited, status=1/FAILURE)
<br>
Process: 13438 ExecStart=/usr/bin/sh -c eval
<br>
`/usr/local/libexec/ipsec/pluto --config /etc/ipsec.conf
--nofork
<br>
$PLUTO_OPTIONS` (code=exited, status=203/EXEC)
<br>
Process: 13379
<br>
ExecStartPre=/usr/local/libexec/ipsec/_stackmanager start
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 13376 ExecStartPre=/usr/local/sbin/ipsec addconn
<br>
--config /etc/ipsec.conf --checkconfig (code=exited,
status=0/SUCCESS)
<br>
CGroup: name=systemd:/system/ipsec.service
<br>
<br>
<br>
I can start pluto manually by executing the commands in the
systemd
<br>
unit file marked for ExecStartPre and ExecStart.
<br>
<br>
$ cat
/etc/systemd/system/multi-user.target.wants/ipsec.service
<br>
[Unit]
<br>
Description=Internet Key Exchange (IKE) Protocol Daemon for
IPsec
<br>
After=syslog.target
<br>
After=network.target
<br>
#After=remote-fs.target
<br>
<br>
[Service]
<br>
Type=simple
<br>
Restart=always
<br>
EnvironmentFile=-/etc/sysconfig/pluto
<br>
#Environment=IPSEC_LIBDIR=/usr/local/libexec/ipsec
<br>
#Environment=IPSEC_SBINDIR=/usr/local/sbin
<br>
#Environment=IPSEC_EXECDIR=/usr/local/libexec/ipsec/ipsec
<br>
#PIDFile=/var/run/pluto/pluto.pid
<br>
#
<br>
ExecStartPre=/usr/local/sbin/ipsec addconn --config
/etc/ipsec.conf
<br>
--checkconfig
<br>
ExecStartPre=/usr/local/libexec/ipsec/_stackmanager start
<br>
ExecStart=/usr/bin/sh -c 'eval `/usr/local/libexec/ipsec/pluto
<br>
--config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`'
<br>
ExecStop=/usr/local/sbin/ipsec whack --shutdown
<br>
ExecStopPost=/sbin/ip xfrm policy flush
<br>
ExecStopPost=/sbin/ip xfrm state flush
<br>
ExecReload=/usr/local/sbin/ipsec whack --listen
<br>
<br>
[Install]
<br>
WantedBy=multi-user.target
<br>
Alias=syslog.service
<br>
<br>
Any help?
<br>
<br>
</blockquote>
<br>
<br>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>