<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Dear Elison,<br>
<br>
Ensure you have this /etc/sysctl.conf configuration:<br>
[philippe@victor libreswan-3.0]$ sudo cat /etc/sysctl.conf<br>
# Kernel sysctl configuration file<br>
#<br>
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8)
and<br>
# sysctl.conf(5) for more details.<br>
<br>
# Controls IP packet forwarding<br>
#net.ipv4.ip_forward = 0<br>
<br>
# Controls source route verification<br>
#net.ipv4.conf.all.rp_filter = 0<br>
#net.ipv4.conf.default.rp_filter = 0<br>
#net.ipv4.conf.eth0.rp_filter = 0<br>
<br>
# Do not accept source routing<br>
#net.ipv4.conf.default.accept_source_route = 0<br>
<br>
#net.ipv4.conf.all.send_redirects = 0<br>
#net.ipv4.conf.default.send_redirects = 0<br>
#net.ipv4.conf.lo.send_redirects = 0<br>
#net.ipv4.conf.eth0.send_redirects = 0<br>
<br>
<b>#IPSec</b><b><br>
</b><b>net.ipv4.conf.default.rp_filter = 0</b><b><br>
</b><b>net.ipv4.conf.default.accept_redirects = 0</b><b><br>
</b><b>net.ipv4.conf.default.send_redirects = 0</b><b><br>
</b><b>net.ipv4.icmp_ignore_bogus_error_responses = 1</b><b><br>
</b><b>net.ipv4.conf.default.log_martians = 0</b><b><br>
</b><b>net.ipv4.ip_forward = 1</b><b><br>
</b><br>
# Controls the System Request debugging functionality of the
kernel<br>
kernel.sysrq = 0<br>
Afterwards the command should be # sysctl -p from a root account.<br>
<pre class="moz-signature" cols="72">Philippe Vouters (Fontainebleau/France)
URL: <a class="moz-txt-link-freetext" href="http://vouters.dyndns.org/">http://vouters.dyndns.org/</a>
SIP: <a class="moz-txt-link-abbreviated" href="mailto:sip:Vouters@sip.linphone.org">sip:Vouters@sip.linphone.org</a></pre>
Le 04/01/2013 15:04, Elison Niven a écrit :<br>
</div>
<blockquote cite="mid:50E6E164.2020607@cyberoam.com" type="cite">Thanks
for your support and time.
<br>
$ cat /etc/sysconfig/pluto
<br>
# Put extra pluto command line options you want here
<br>
PLUTO_OPTIONS=" "
<br>
<br>
$ ipsec addconn --autoall
<br>
$ echo $?
<br>
0
<br>
<br>
Verifying installed system and configuration files
<br>
<br>
Version check and ipsec on-path [OK]
<br>
Libreswan 3.0 (netkey) on 3.1.0-7.fc16.i686.PAE
<br>
Checking for IPsec support in kernel [OK]
<br>
NETKEY: Testing XFRM related proc values
<br>
ICMP default/send_redirects [NOT
DISABLED]
<br>
<br>
Disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will
cause act on or cause sending of bogus ICMP redirects!
<br>
<br>
ICMP default/accept_redirects [NOT
DISABLED]
<br>
<br>
Disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will
cause act on or cause sending of bogus ICMP redirects!
<br>
<br>
XFRM larval drop [OK]
<br>
Pluto ipsec.conf syntax [OK]
<br>
Hardware random device [N/A]
<br>
Two or more interfaces found, checking IP forwarding [OK]
<br>
Checking rp_filter [ENABLED]
<br>
/proc/sys/net/ipv4/conf/default/rp_filter [ENABLED]
<br>
/proc/sys/net/ipv4/conf/p18p1/rp_filter [ENABLED]
<br>
/proc/sys/net/ipv4/conf/vmnet1/rp_filter [ENABLED]
<br>
/proc/sys/net/ipv4/conf/vmnet8/rp_filter [ENABLED]
<br>
/proc/sys/net/ipv4/conf/virbr0/rp_filter [ENABLED]
<br>
/proc/sys/net/ipv4/conf/virbr0-nic/rp_filter [ENABLED]
<br>
/proc/sys/net/ipv4/conf/ppp0/rp_filter [ENABLED]
<br>
rp_filter is not fully aware of IPsec and should be disabled
<br>
Checking that pluto is running [FAILED]
<br>
Checking NAT and MASQUERADEing [TEST
INCOMPLETE]
<br>
Checking 'ip' command [OK]
<br>
Checking 'iptables' command [OK]
<br>
Checking for obsolete ipsec.conf options [OK]
<br>
Opportunistic Encryption [DISABLED]
<br>
<br>
ipsec verify: encountered 19 errors - see 'man ipsec_verify' for
help
<br>
<br>
On Friday 04 January 2013 07:21:22 PM IST, Philippe Vouters wrote:
<br>
<blockquote type="cite">Dear Elison,
<br>
<br>
If # ipsec addconn --autoall fails, my guess is that you ought
to also
<br>
get the root cause of your problem with this line in bold:
<br>
[philippe@victor libreswan-3.0]$ sudo /usr/local/sbin/ipsec
verify
<br>
Verifying installed system and configuration files
<br>
<br>
Version check and ipsec on-path [OK]
<br>
Libreswan 3.0 (netkey) on 3.6.10-2.fc17.i686
<br>
Checking for IPsec support in kernel [OK]
<br>
NETKEY: Testing XFRM related proc values
<br>
ICMP default/send_redirects [OK]
<br>
ICMP default/accept_redirects [OK]
<br>
XFRM larval drop [OK]
<br>
*Pluto ipsec.conf syntax [OK]*
<br>
Hardware random device [N/A]
<br>
Checking rp_filter [OK]
<br>
Checking that pluto is running [OK]
<br>
Pluto listening for IKE on udp 500 [OK]
<br>
Pluto listening for IKE on tcp 500 [NOT
IMPLEMENTED]
<br>
Pluto listening for IKE/NAT-T on udp 4500 [OK]
<br>
Pluto listening for IKE/NAT-T on tcp 4500 [NOT
IMPLEMENTED]
<br>
Pluto listening for IKE on tcp 10000 (cisco) [NOT
IMPLEMENTED]
<br>
Pluto ipsec.secret syntax [OK]
<br>
Checking NAT and MASQUERADEing [TEST
INCOMPLETE]
<br>
Checking 'ip' command [OK]
<br>
Checking 'iptables' command [OK]
<br>
Checking for obsolete ipsec.conf options [OK]
<br>
Opportunistic Encryption
[DISABLED]
<br>
<br>
Philippe Vouters (Fontainebleau/France)
<br>
URL:<a class="moz-txt-link-freetext" href="http://vouters.dyndns.org/">http://vouters.dyndns.org/</a>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:SIP:sip:Vouters@sip.linphone.org">SIP:sip:Vouters@sip.linphone.org</a>
<br>
Le 04/01/2013 14:31, Philippe Vouters a écrit :
<br>
<blockquote type="cite">Dear Elison,
<br>
<br>
I queried Google with "systemctl status=203/EXEC" which is the
pluto
<br>
exit code you report us and found this discussion at
<br>
<a class="moz-txt-link-freetext" href="http://forums.fedoraforum.org/showthread.php?t=272075">http://forums.fedoraforum.org/showthread.php?t=272075</a> This is
<br>
specific to Fedora 16 but my guess is that it can also apply
to
<br>
Fedora 17.
<br>
<br>
It happens that the pluto code forks and exec's "addconn
--autoall".
<br>
From a root account or sudo'ing, can you also perform:
<br>
# ipsec addconn --autoall
<br>
# echo $?
<br>
On my side:
<br>
[philippe@victor libreswan-3.0]$ sudo /usr/local/sbin/ipsec
addconn
<br>
--autoall
<br>
002 "roadwarrior-l2tp-updatedwin": deleting connection
<br>
002 added connection description "roadwarrior-l2tp-updatedwin"
<br>
002 "roadwarrior-l2tp": deleting connection
<br>
002 added connection description "roadwarrior-l2tp"
<br>
002 "macintosh-l2tp": deleting connection
<br>
002 added connection description "macintosh-l2tp"
<br>
002 "roadwarrior": deleting connection
<br>
002 added connection description "roadwarrior"
<br>
[philippe@victor libreswan-3.0]$ echo $?
<br>
0
<br>
<br>
You may as well check your /var/log/secure so that we can get
more
<br>
information on the pluto failure.
<br>
<br>
Yours truly,
<br>
Philippe Vouters (Fontainebleau/France)
<br>
URL:<a class="moz-txt-link-freetext" href="http://vouters.dyndns.org/">http://vouters.dyndns.org/</a>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:SIP:sip:Vouters@sip.linphone.org">SIP:sip:Vouters@sip.linphone.org</a>
<br>
Le 04/01/2013 14:07, Philippe Vouters a écrit :
<br>
<blockquote type="cite">Dear Elison,
<br>
<br>
pluto fails to correctly start on your side on:
<br>
/usr/bin/sh -c 'eval `/usr/local/libexec/ipsec/pluto
<br>
--config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`'
<br>
whack failing on stop is just a consequence.
<br>
<br>
Because $PLUTO_OPTIONS comes from:
<br>
EnvironmentFile=-/etc/sysconfig/pluto
<br>
<br>
can you *$ cat /etc/sysconfig/pluto*
<br>
<br>
$ *export PLUTO_OPTIONS=*<the right side of the
assignment in your
<br>
PLUTO_OPTIONS in your /etc/sysconfig/pluto file>
<br>
<br>
and manually perform:
<br>
<br>
*/usr/bin/sh -c 'eval `/usr/local/libexec/ipsec/pluto **
<br>
**--config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`'**
<br>
*
<br>
from a root account ????
<br>
<br>
You provide us the output of what you did and read.
<br>
Thank you so much in advance.
<br>
Philippe Vouters (Fontainebleau/France)
<br>
URL:<a class="moz-txt-link-freetext" href="http://vouters.dyndns.org/">http://vouters.dyndns.org/</a>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:SIP:sip:Vouters@sip.linphone.org">SIP:sip:Vouters@sip.linphone.org</a>
<br>
Le 04/01/2013 13:22, Elison Niven a écrit :
<br>
<blockquote type="cite">SELinux is disabled.
<br>
$ getenforce
<br>
Disabled
<br>
$ ls /etc/rc.d/init.d/ipsec*
<br>
ls: cannot access /etc/rc.d/init.d/ipsec*: No such file or
directory
<br>
<br>
Thanks.
<br>
<br>
On Friday 04 January 2013 05:35 PM, Philippe Vouters
wrote:
<br>
<blockquote type="cite">Dear Elison,
<br>
<br>
I am running Fedora 17 i686 with SELinux policy set to
permissive. I
<br>
just dowloaded
<a class="moz-txt-link-freetext" href="https://download.libreswan.org/libreswan-3.0.tar.gz">https://download.libreswan.org/libreswan-3.0.tar.gz</a>
<br>
and performed the following commands from my user
account:
<br>
<br>
$ sudo yum remove libreswan
<br>
$ sudo mv /etc/ipsec.conf.rpmsave /etc/ipsec.conf
<br>
$ tar -zxvf download/libreswan-3.0.tar.gz
<br>
$ cd libreswan-3.0/
<br>
$ make programs
<br>
$ sudo make install
<br>
$ sudo systemctl start ipsec.service
<br>
[philippe@victor libreswan-3.0]$ sudo systemctl status
ipsec.service
<br>
ipsec.service - Internet Key Exchange (IKE) Protocol
Daemon for IPsec
<br>
Loaded: loaded
(/usr/lib/systemd/system/ipsec.service;
<br>
disabled)
<br>
Active: active (running) since Fri, 04 Jan
2013 12:42:54
<br>
+0100; 14s ago
<br>
Process: 2154
<br>
ExecStartPre=/usr/local/libexec/ipsec/_stackmanager
start
<br>
(code=exited,
<br>
status=0/SUCCESS)
<br>
Process: 2150
ExecStartPre=/usr/local/sbin/ipsec addconn
<br>
--config /etc/ipsec.conf --checkconfig (code=exited,
<br>
status=0/SUCCESS)
<br>
Main PID: 2215 (sh)
<br>
CGroup: name=systemd:/system/ipsec.service
<br>
2215 /usr/bin/sh -c eval
<br>
`/usr/local/libexec/ipsec/plut...
<br>
2216 /usr/bin/sh -c eval
<br>
`/usr/local/libexec/ipsec/plut...
<br>
2217 /usr/local/libexec/ipsec/pluto
--config
<br>
/etc/ipsec...
<br>
2242 _pluto_adns
<br>
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
find_host_pair_conn ...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]:
added
<br>
connection
<br>
descr...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
reaped
<br>
addconn
<br>
helpe...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
connect_to_host_pair...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
find_host_pair:
<br>
comp...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
connect_to_host_pair...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
find_host_pair:
<br>
comp...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
connect_to_host_pair...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
find_host_pair:
<br>
comp...
<br>
Jan 04 12:42:56 victor.vouters.dyndns.org pluto[2217]: |
<br>
connect_to_host_pair...
<br>
[philippe@victor libreswan-3.0]$ sudo systemctl stop
ipsec.service
<br>
[philippe@victor libreswan-3.0]$ sudo systemctl status
ipsec.service
<br>
ipsec.service - Internet Key Exchange (IKE) Protocol
Daemon for IPsec
<br>
Loaded: loaded
(/usr/lib/systemd/system/ipsec.service;
<br>
disabled)
<br>
Active: inactive (dead) since Fri, 04 Jan
2013 12:50:26
<br>
+0100; 2s ago
<br>
Process: 2580 ExecStopPost=/sbin/ip xfrm state
flush
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 2576 ExecStopPost=/sbin/ip xfrm
policy flush
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 2572 ExecStop=/usr/local/sbin/ipsec
whack
<br>
--shutdown
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 2215 ExecStart=/usr/bin/sh -c eval
<br>
`/usr/local/libexec/ipsec/pluto --config /etc/ipsec.conf
--nofork
<br>
$PLUTO_OPTIONS` (code=exited, status=0/SUCCESS)
<br>
Process: 2154
<br>
ExecStartPre=/usr/local/libexec/ipsec/_stackmanager
start
<br>
(code=exited,
<br>
status=0/SUCCESS)
<br>
Process: 2150
ExecStartPre=/usr/local/sbin/ipsec addconn
<br>
--config /etc/ipsec.conf --checkconfig (code=exited,
<br>
status=0/SUCCESS)
<br>
CGroup: name=systemd:/system/ipsec.service
<br>
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]:
shutting down
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]: |
processing
<br>
connectio...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]:
"roadwarrior":
<br>
deletin...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]: |
processing
<br>
connectio...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]:
<br>
"macintosh-l2tp":
<br>
dele...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]: |
processing
<br>
connectio...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]:
<br>
"roadwarrior-l2tp": de...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]: |
processing
<br>
connectio...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]:
<br>
"roadwarrior-l2tp-upda...
<br>
Jan 04 12:50:26 victor.vouters.dyndns.org pluto[2217]: |
crl fetch
<br>
request li...
<br>
<br>
So would it happen you still have
/etc/rc.d/init.d/ipsec* ?
<br>
On my side:
<br>
[philippe@victor libreswan-3.0]$ ls
/etc/rc.d/init.d/ipsec*
<br>
ls: cannot access /etc/rc.d/init.d/ipsec*: No such file
or directory
<br>
Would it also happen but it looks at first glance
unlikely that
<br>
you are
<br>
facing some SELinux issue ?
<br>
Can you give us the output of the following:
<br>
[philippe@victor libreswan-3.0]$ sudo getenforce
<br>
Permissive
<br>
If getenforce returns Enforcing, can you perform the
following
<br>
commands:
<br>
[philippe@victor libreswan-3.0]$ sudo restorecon
/usr/local/sbin -Rv
<br>
[philippe@victor libreswan-3.0]$ sudo restorecon
<br>
/usr/local/libexec/ipsec -Rv
<br>
[philippe@victor libreswan-3.0]$
<br>
<br>
Once the above points clean,
<br>
<br>
[philippe@victor libreswan-3.0]$ sudo systemctl --system
<br>
daemon-reload
<br>
[philippe@victor libreswan-3.0]$ sudo systemctl restart
ipsec.service
<br>
[philippe@victor libreswan-3.0]$ sudo systemctl status
ipsec.service
<br>
ipsec.service - Internet Key Exchange (IKE) Protocol
Daemon for IPsec
<br>
Loaded: loaded
(/usr/lib/systemd/system/ipsec.service;
<br>
disabled)
<br>
Active: active (running) since Fri, 04 Jan
2013 12:58:55
<br>
+0100; 6s ago
<br>
Process: 2580 ExecStopPost=/sbin/ip xfrm state
flush
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 2576 ExecStopPost=/sbin/ip xfrm
policy flush
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 2572 ExecStop=/usr/local/sbin/ipsec
whack
<br>
--shutdown
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 2947
<br>
ExecStartPre=/usr/local/libexec/ipsec/_stackmanager
start
<br>
(code=exited,
<br>
status=0/SUCCESS)
<br>
Process: 2942
ExecStartPre=/usr/local/sbin/ipsec addconn
<br>
--config /etc/ipsec.conf --checkconfig (code=exited,
<br>
status=0/SUCCESS)
<br>
Main PID: 3011 (sh)
<br>
CGroup: name=systemd:/system/ipsec.service
<br>
3011 /usr/bin/sh -c eval
<br>
`/usr/local/libexec/ipsec/plut...
<br>
3012 /usr/bin/sh -c eval
<br>
`/usr/local/libexec/ipsec/plut...
<br>
3013 /usr/local/libexec/ipsec/pluto
--config
<br>
/etc/ipsec...
<br>
3038 _pluto_adns
<br>
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
find_host_pair_conn ...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]:
added
<br>
connection
<br>
descr...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
reaped
<br>
addconn
<br>
helpe...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
connect_to_host_pair...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
find_host_pair:
<br>
comp...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
connect_to_host_pair...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
find_host_pair:
<br>
comp...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
connect_to_host_pair...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
find_host_pair:
<br>
comp...
<br>
Jan 04 12:58:56 victor.vouters.dyndns.org pluto[3013]: |
<br>
connect_to_host_pair...
<br>
<br>
Thank you so much in advance to keep us informed.
<br>
Best regards,
<br>
<br>
Philippe Vouters (Fontainebleau/France)
<br>
URL: <a class="moz-txt-link-freetext" href="http://vouters.dyndns.org/">http://vouters.dyndns.org/</a>
<br>
SIP: <a class="moz-txt-link-abbreviated" href="mailto:sip:Vouters@sip.linphone.org">sip:Vouters@sip.linphone.org</a>
<br>
<br>
Le 04/01/2013 10:51, Elison Niven a écrit :
<br>
<blockquote type="cite">Hi,
<br>
<br>
I downloaded libreswan and installed from source on
Fedora 16.
<br>
# Install dependencies
<br>
$ yum install unbound-devel libcap-ng-devel xmto
<br>
<br>
# Remove openswan, racoon
<br>
$ yum remove openswan ipsec-tools
<br>
<br>
# Make and install libreswan
<br>
# make programs
<br>
$ make install
<br>
<br>
$ systemctl --system daemon-reload
<br>
$ systemctl enable ipsec.service
<br>
$ service ipsec start
<br>
Redirecting to /bin/systemctl start ipsec.service
<br>
<br>
$ service ipsec status
<br>
Redirecting to /bin/systemctl status ipsec.service
<br>
ipsec.service - Internet Key Exchange (IKE) Protocol
Daemon for
<br>
IPsec
<br>
Loaded: loaded
(/lib/systemd/system/ipsec.service; enabled)
<br>
Active: failed since Fri, 04 Jan 2013 15:11:52
+0530; 2s ago
<br>
Process: 13445 ExecStopPost=/sbin/ip xfrm state
flush
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 13443 ExecStopPost=/sbin/ip xfrm policy
flush
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 13440 ExecStop=/usr/local/sbin/ipsec
whack --shutdown
<br>
(code=exited, status=1/FAILURE)
<br>
Process: 13438 ExecStart=/usr/bin/sh -c eval
<br>
`/usr/local/libexec/ipsec/pluto --config
/etc/ipsec.conf --nofork
<br>
$PLUTO_OPTIONS` (code=exited, status=203/EXEC)
<br>
Process: 13379
<br>
ExecStartPre=/usr/local/libexec/ipsec/_stackmanager
start
<br>
(code=exited, status=0/SUCCESS)
<br>
Process: 13376 ExecStartPre=/usr/local/sbin/ipsec
addconn
<br>
--config /etc/ipsec.conf --checkconfig (code=exited,
<br>
status=0/SUCCESS)
<br>
CGroup: name=systemd:/system/ipsec.service
<br>
<br>
<br>
I can start pluto manually by executing the commands
in the systemd
<br>
unit file marked for ExecStartPre and ExecStart.
<br>
<br>
$ cat
/etc/systemd/system/multi-user.target.wants/ipsec.service
<br>
[Unit]
<br>
Description=Internet Key Exchange (IKE) Protocol
Daemon for IPsec
<br>
After=syslog.target
<br>
After=network.target
<br>
#After=remote-fs.target
<br>
<br>
[Service]
<br>
Type=simple
<br>
Restart=always
<br>
EnvironmentFile=-/etc/sysconfig/pluto
<br>
#Environment=IPSEC_LIBDIR=/usr/local/libexec/ipsec
<br>
#Environment=IPSEC_SBINDIR=/usr/local/sbin
<br>
#Environment=IPSEC_EXECDIR=/usr/local/libexec/ipsec/ipsec
<br>
#PIDFile=/var/run/pluto/pluto.pid
<br>
#
<br>
ExecStartPre=/usr/local/sbin/ipsec addconn --config
/etc/ipsec.conf
<br>
--checkconfig
<br>
ExecStartPre=/usr/local/libexec/ipsec/_stackmanager
start
<br>
ExecStart=/usr/bin/sh -c 'eval
`/usr/local/libexec/ipsec/pluto
<br>
--config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`'
<br>
ExecStop=/usr/local/sbin/ipsec whack --shutdown
<br>
ExecStopPost=/sbin/ip xfrm policy flush
<br>
ExecStopPost=/sbin/ip xfrm state flush
<br>
ExecReload=/usr/local/sbin/ipsec whack --listen
<br>
<br>
[Install]
<br>
WantedBy=multi-user.target
<br>
Alias=syslog.service
<br>
<br>
Any help?
<br>
<br>
</blockquote>
<br>
<br>
<br>
</blockquote>
<br>
</blockquote>
<br>
<br>
<br>
_______________________________________________
<br>
Swan mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
--
<br>
Best Regards,
<br>
Elison Niven
<br>
<br>
<br>
</blockquote>
<br>
</body>
</html>