<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Mar 8, 2013 at 12:54 PM, Paul Wouters <span dir="ltr"><<a href="mailto:pwouters@redhat.com" target="_blank">pwouters@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="im">On Fri, 8 Mar 2013, T.J. Yang wrote:<br>
<br>
</div><div class="im"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
I know there was an SElinux policy with include files that Tuomo ran into. You might want to run a test with SElinux in<br>
permissive mode for that.<br>
<br>
<br>
My selinux indeed was at enforced mode(hmm, but his work with openwan),I have it set as disabled now and "auto=start" still didn't bring<br>
up the connection automatically.<br>
A manual startup still needed.<br>
<br>
[root@mlab-centos6-01 ~]# grep ^SELINUX= /etc/selinux/config<br>
SELINUX=disabled<br>
</blockquote>
<br></div>
That does not mean it is disabled. Run "getenforce" instead.<div class="im"><br></div></blockquote><div> </div><div style>Sorry, I wasn't able to hide my ignorance about SELinux.</div><div style><br></div>
<div style><div>[root@mlab-centos6-01 ~]# getenforce</div><div>Permissive</div><div>[root@mlab-centos6-01 ~]# setenforce Permissive</div><div>[root@mlab-centos6-01 ~]#<br></div></div><div> </div><div style>Once I set it to Permissive mode by setenforce, I am able to see the connection log in /var/log/ipsec.log when restarting ipsec.</div>
<div style><br></div><div style>tj</div><div style><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class="im">
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
[root@mlab-centos6-01 ~]# ipsec version<br>
Linux Libreswan 3.0 (netkey) on 2.6.32-279.22.1.el6.x86_64<br>
</blockquote>
<br></div>
This might be fixed in the latest dr releases or git. I cannot tell what<br>
version this is?<span class=""><font color="#888888"><br>
<br>
Paul<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br>T.J. Yang
</div></div>