<div dir="ltr">Hello,<div>I'm trying to run Openstack VPNaaS on Centos 7 with libreswan-3.8-6.el7_0.x86_64. VPNaaS's scripts are for openswan, so there are some options that are different. I've been working to adapt them, for example 'ipsec pluto' didn't work because there weren't nssdb,</div><div>Right now, I have running pluto, but I'm not sure if it is running like I want. The command that I execute to start pluto is:</div><div><br></div><div># ipsec pluto --ctlbase /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.d --config /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.conf --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.secrets --virtual_private %v4:<a href="http://192.168.1.0/24,%v4:192.168.88.0/24">192.168.1.0/24,%v4:192.168.88.0/24</a></div><div><br></div><div>Although I execute ipsec pluto with --config option, when I execute ipsec whack --status I read the default config file and directory:</div><div><br></div># ipsec whack --ctlbase /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/var/run/pluto --status<br>000 using kernel interface: netkey<br>000 interface qg-b0dafe22-e4/qg-b0dafe22-e4 XXX.XXX.XXX.XXX<br>000 interface qg-b0dafe22-e4/qg-b0dafe22-e4 XXX.XXX.XXX.XXX<br>000 <br>000 fips mode=disabled;<br>000 SElinux=disabled<br>000 <br>000 config setup options:<br>000 <br>000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.secrets, ipsecdir=/var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.d, dumpdir=/var/run/pluto, statsbin=unset<br>000 sbindir=/usr/sbin, libdir=/usr/libexec/ipsec, libexecdir=/usr/libexec/ipsec<br>000 pluto_version=3.8, pluto_vendorid=OE-Libreswan-3.8<br>000 nhelpers=-1, uniqueids=yes, retransmits=yes, force_busy=no<br>000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0, listen=XXX.XXX.XXX.XXX<br>000 secctx_attr_value=32001<br>000 myid = (none)<br>[more output here...]<br><div>000 <br>000 Connection list:<br>000 <br>000 <br>000 State list:<br>000 <br>000 Shunt list:<br>000 <div><div><br></div><div><br></div><div>When I execute ipsec pluto with --nofork option I have the following output</div><div><br></div># ipsec pluto --ctlbase /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.d --config /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.conf --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.secrets --virtual_private %v4:<a href="http://192.168.1.0/24,%v4:192.168.88.0/24">192.168.1.0/24,%v4:192.168.88.0/24</a> --nofork --debug-all --stderrlog<br><br>adjusting ipsec.d to /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.d<br><br>Pluto initialized<br><br>Cannot open logfile '(null)': Bad file descriptornss directory plutomain: /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.d<br><br>NSS Initialized<br><br>libcap-ng support [enabled]<br><br>FIPS HMAC integrity verification test passed<br><br>FIPS: pluto daemon NOT running in FIPS mode<br><br>libcap-ng support [enabled]<br><br>Linux audit support [disabled]<br><br>Starting Pluto (Libreswan Version 3.8 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:9483<br><br>core dump dir: /var/run/pluto<br><br>secrets file: /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.secrets<br><br>LEAK_DETECTIVE support [disabled]<br><br>OCF support for IKE [disabled]<br><br>SAref support [disabled]: Protocol not available<br><br>SAbind support [disabled]: Protocol not available<br><br>NSS crypto [enabled]<br><br>XAUTH PAM support [enabled]<br><br>Setting NAT-Traversal port-4500 floating to on<br><br> port floating activation criteria nat_t=1/port_float=1<br><br> NAT-Traversal support [enabled]<br><br>| inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds<br><br>| event added at head of queue<br><br>| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds<br><br>| event added at head of queue<br><br>| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds<br><br>| event added after event EVENT_PENDING_DDNS<br><br>ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)<br><br>ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)<br><br>ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)<br><br>ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)<br><br>ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)<br><br>ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0)<br><br>ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)<br><br>starting up 15 cryptographic helpers<br><br>started helper (thread) pid=139704128128768 (fd:5)<br><br>started helper (thread) pid=139704119736064 (fd:7)<br><br>| status value returned by setting the priority of this thread (id=0) 22<br><br>| helper 0 waiting on fd: 6<br><br>| status value returned by setting the priority of this thread (id=1) 22<br><br>| helper 1 waiting on fd: 8<br><br>| status value returned by setting the priority of this thread (id=2) 22<br><br>| helper 2 waiting on fd: 10<br><br>started helper (thread) pid=139704111343360 (fd:9)<br><br>started helper (thread) pid=139704102950656 (fd:11)<br><br>started helper (thread) pid=139704094557952 (fd:14)<br><br>| status value returned by setting the priority of this thread (id=3) 22<br><br>| helper 3 waiting on fd: 12<br><br>started helper (thread) pid=139703877629696 (fd:16)<br><br>| status value returned by setting the priority of this thread (id=5) 22<br><br>| helper 5 waiting on fd: 17<br><br>| status value returned by setting the priority of this thread (id=4) 22<br><br>| helper 4 waiting on fd: 15<br><br>started helper (thread) pid=139703869236992 (fd:18)<br><br>started helper (thread) pid=139703860844288 (fd:20)<br><br>| status value returned by setting the priority of this thread (id=6) 22<br><br>| helper 6 waiting on fd: 19<br><br>started helper (thread) pid=139703852451584 (fd:22)<br><br>| status value returned by setting the priority of this thread (id=7) 22<br><br>| helper 7 waiting on fd: 21<br><br>| status value returned by setting the priority of this thread (id=8) 22<br><br>| helper 8 waiting on fd: 23<br><br>started helper (thread) pid=139703844058880 (fd:24)<br><br>| status value returned by setting the priority of this thread (id=9) 22<br><br>| helper 9 waiting on fd: 25<br><br>started helper (thread) pid=139703835666176 (fd:26)<br><br>| status value returned by setting the priority of this thread (id=10) 22<br><br>| helper 10 waiting on fd: 27<br><br>started helper (thread) pid=139703827273472 (fd:28)<br><br>started helper (thread) pid=139703273649920 (fd:30)<br><br>| status value returned by setting the priority of this thread (id=11) 22<br><br>| helper 11 waiting on fd: 29<br><br>| status value returned by setting the priority of this thread (id=12) 22<br><br>| helper 12 waiting on fd: 31<br><br>started helper (thread) pid=139703265257216 (fd:32)<br><br>started helper (thread) pid=139703256864512 (fd:34)<br><br>| status value returned by setting the priority of this thread (id=13) 22<br><br>| helper 13 waiting on fd: 33<br><br>| status value returned by setting the priority of this thread (id=14) 22<br><br>| helper 14 waiting on fd: 35<br><br>Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-123.13.2.el7.x86_64<br><br>| process 9483 listening for PF_KEY_V2 on file descriptor 38<br><br>| finish_pfkey_msg: K_SADB_REGISTER message 1 for AH <br><br>| 02 07 00 02 02 00 00 00 01 00 00 00 0b 25 00 00<br><br>| pfkey_get: K_SADB_REGISTER message 1<br><br>| AH registered with kernel.<br><br>| finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP <br><br>| 02 07 00 03 02 00 00 00 02 00 00 00 0b 25 00 00<br><br>| pfkey_get: K_SADB_REGISTER message 2<br><br>| alg_init():memset(0x7f0f6e09d580, 0, 2048) memset(0x7f0f6e09dd80, 0, 2048) <br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72<br><br>| kernel_alg_add():satype=3, exttype=14, alg_id=251(ESP_KAME_NULL)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=14, alg_id=2(ESP_DES)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=14, alg_id=3(ESP_3DES)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=14, alg_id=5(ESP_IDEA)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=14, alg_id=6(ESP_CAST)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=14, alg_id=7(ESP_BLOWFISH)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=14, alg_id=8(ESP_3IDEA)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=14, alg_id=9(ESP_DES_IV32)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=11(ESP_NULL)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=2(ESP_DES)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=3(ESP_3DES)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=6(ESP_CAST)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=7(ESP_BLOWFISH)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=12(ESP_AES)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=252(ESP_SERPENT)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=22(ESP_CAMELLIA)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=253(ESP_TWOFISH)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=13(ESP_AES_CTR)<br><br>| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=1<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=18(ESP_AES_GCM_A)<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=19(ESP_AES_GCM_B)<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=20(ESP_AES_GCM_C)<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=14(ESP_AES_CCM_A)<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=15(ESP_AES_CCM_B)<br><br>| kernel_alg_add():satype=3, exttype=15, alg_id=16(ESP_AES_CCM_C)<br><br>ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)<br><br>Warning: failed to register algo_aes_ccm_8 for IKE<br><br>ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0)<br><br>Warning: failed to register algo_aes_ccm_12 for IKE<br><br>ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0)<br><br>Warning: failed to register algo_aes_ccm_16 for IKE<br><br>ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0)<br><br>Warning: failed to register algo_aes_gcm_8 for IKE<br><br>ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0)<br><br>Warning: failed to register algo_aes_gcm_12 for IKE<br><br>ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0)<br><br>Warning: failed to register algo_aes_gcm_16 for IKE<br><br>| Registered AEAD AES CCM/GCM algorithms<br><br>| ESP registered with kernel.<br><br>| finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP <br><br>| 02 07 00 09 02 00 00 00 03 00 00 00 0b 25 00 00<br><br>| pfkey_get: K_SADB_REGISTER message 3<br><br>| IPCOMP registered with kernel.<br><br>| Registered AH, ESP and IPCOMP<br><br>| Changed path to directory '/var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.d/cacerts'<br><br>| Changing to directory '/var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.d/crls'<br><br>| selinux support is NOT enabled. <br><br>| inserting event EVENT_LOG_DAILY, timeout in 78344 seconds<br><br>| event added after event EVENT_REINIT_SECRET<br><br>listening for IKE messages<br><br>| Inspecting interface lo <br><br>| found lo with address 127.0.0.1<br><br>| Inspecting interface qr-b9e50b74-8d <br><br>| found qr-b9e50b74-8d with address 192.168.1.1<br><br>| Inspecting interface qg-b0dafe22-e4 <br><br>| found qg-b0dafe22-e4 with address XXX.XXX.XXX.XXX<br><br>| Only looking to listen on XXX.XXX.XXX.XXX<br><br>| NAT-Traversal: Trying new style NAT-T<br><br>| NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)<br><br>| NAT-Traversal: Trying old style NAT-T<br><br>| NAT-Traversal: ESPINUDP(1) setup succeeded for new style NAT-T family IPv4<br><br>adding interface qg-b0dafe22-e4/qg-b0dafe22-e4 XXX.XXX.XXX.XXX:500<br><br>| NAT-Traversal: Trying new style NAT-T<br><br>| NAT-Traversal: ESPINUDP(2) setup failed for new style NAT-T family IPv4 (errno=19)<br><br>| NAT-Traversal: Trying old style NAT-T<br><br>| NAT-Traversal: ESPINUDP(2) setup succeeded for new style NAT-T family IPv4<br><br>adding interface qg-b0dafe22-e4/qg-b0dafe22-e4 XXX.XXX.XXX.XXX:4500<br><br>skipping interface qr-b9e50b74-8d with 192.168.1.1<br><br>skipping interface lo with 127.0.0.1<br><br>| found lo with address 0000:0000:0000:0000:0000:0000:0000:0001<br><br>| Only looking to listen on XXX.XXX.XXX.XXX <br><br>skipping interface lo with ::1<br><br>| Only looking to listen on XXX.XXX.XXX.XXX <br><br>| certs and keys locked by 'free_preshared_secrets'<br><br>| certs and keys unlocked by 'free_preshard_secrets'<br><br>loading secrets from "/var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.secrets"<br><br>| id type added to secret(0x7f0f6eb8a250) PPK_PSK: XXX.XXX.XXX.XXX<br><br>| id type added to secret(0x7f0f6eb8a250) PPK_PSK: YYY.YYY.YYY.YYY<br><br>| Processing PSK at line 2: passed<br><br>| certs and keys locked by 'process_secret'<br><br>| certs and keys unlocked by 'process_secret'<br><br>| next event EVENT_PENDING_DDNS in 60 seconds<br><br>| calling addconn helper using execve<br><br>can not load config '/etc/ipsec.conf': can't load file '/etc/ipsec.conf'<br><br>| next event EVENT_PENDING_DDNS in 59 seconds<br><br>| reaped addconn helper child<br><br>| <br><br>| *received whack message<br><br>| SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce<br><br>| * processed 0 messages from cryptographic helpers <br><br>| next event EVENT_PENDING_DDNS in 0 seconds<br><br>| *time to handle event<br><br>| handling event EVENT_PENDING_DDNS<br><br>| event after this is EVENT_PENDING_PHASE2 in 60 seconds<br><br>| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds<br><br>| event added at head of queue<br><br>| next event EVENT_PENDING_DDNS in 60 seconds<br><br>| <br><br>| *received whack message<br><br>| SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce<br><br>| * processed 0 messages from cryptographic helpers <br><br>| next event EVENT_PENDING_DDNS in 60 seconds<br><br>| next event EVENT_PENDING_DDNS in 60 seconds<br><br>| <br><br>| *received whack message<br><br>| SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce<br><br>| * processed 0 messages from cryptographic helpers <br><br>| next event EVENT_PENDING_DDNS in 60 seconds<br><br>| next event EVENT_PENDING_DDNS in 60 seconds<br><br>| <br><br>| *received whack message<br><br>| SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce<br><br>| * processed 0 messages from cryptographic helpers <br><br>| next event EVENT_PENDING_DDNS in 0 seconds<br><br>| *time to handle event<br><br>| handling event EVENT_PENDING_DDNS<br><br>| event after this is EVENT_PENDING_PHASE2 in 0 seconds<br><br>| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds<br><br>| event added after event EVENT_PENDING_PHASE2<br><br>| handling event EVENT_PENDING_PHASE2<br><br>| event after this is EVENT_PENDING_DDNS in 60 seconds<br><br>| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds<br><br>| event added after event EVENT_PENDING_DDNS<br><br>| next event EVENT_PENDING_DDNS in 60 seconds<br><br>| <br><br>| next event EVENT_PENDING_DDNS in 0 seconds<br><br>| *time to handle event<br><br>| handling event EVENT_PENDING_DDNS<br><br>| event after this is EVENT_PENDING_PHASE2 in 60 seconds<br><br>| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds<br><br>| event added at head of queue<br><br>| next event EVENT_PENDING_DDNS in 60 seconds<br><br>| <br><br>| *received whack message<br><br>| SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce<br><br>| * processed 0 messages from cryptographic helpers <br><br>| next event EVENT_PENDING_DDNS in 60 seconds<br><br>| next event EVENT_PENDING_DDNS in 60 seconds<br><br>| <br><br>| *received whack message<br><br>| SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce<br><br>| * processed 0 messages from cryptographic helpers <br><br>| next event EVENT_PENDING_DDNS in 0 seconds<br><br>| *time to handle event<br><br>| handling event EVENT_PENDING_DDNS<br><br>| event after this is EVENT_PENDING_PHASE2 in 0 seconds<br><br>| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds<br><br>| event added after event EVENT_PENDING_PHASE2<br><br>| handling event EVENT_PENDING_PHASE2<br><br>| event after this is EVENT_PENDING_DDNS in 60 seconds<br><br>| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds<br><br>| event added after event EVENT_PENDING_DDNS<br><br>| next event EVENT_PENDING_DDNS in 60 seconds<br><br>| <br><br>| *received whack message<br><br>| SElinux: disabled, could not open /sys/fs/selinux/enforce or /selinux/enforce<br><br>| * processed 0 messages from cryptographic helpers <br><br>| next event EVENT_PENDING_DDNS in 0 seconds<br><br>| *time to handle event<br><br>| handling event EVENT_PENDING_DDNS<br><br>| event after this is EVENT_PENDING_PHASE2 in 60 seconds<br><br>| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds<br><br>| event added at head of queue<br><br>| next event EVENT_PENDING_DDNS in 60 seconds<br><div><br></div><div><br></div><div><br></div><div><br></div><div>Is it using /var/lib/neutron/ipsec/776a620a-9e26-436a-8efe-0736ef38d2cc/etc/ipsec.conf ?</div><div><br></div><div>Thanks!!</div><div><br clear="all"><div><div class="gmail_signature">Matías R. Cuenca del Rey</div></div>
</div></div></div></div>