<div dir="ltr">i think it's upstart<div><pre style="margin-top:0px;padding:5px;border:0px;font-size:13px;overflow:auto;width:auto;max-height:600px;font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono','Courier New',monospace,sans-serif;word-wrap:normal;background-color:rgb(238,238,238)"><code style="margin:0px;padding:0px;border:0px;font-family:Consolas,Menlo,Monaco,'Lucida Console','Liberation Mono','DejaVu Sans Mono','Bitstream Vera Sans Mono','Courier New',monospace,sans-serif;white-space:inherit">/home/ubuntu# /sbin/init --version
init (upstart 1.5)
Copyright (C) 2012 Scott James Remnant, Canonical Ltd.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.</code></pre></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(0,0,0)"><div style="color:rgb(136,136,136);font-size:12.8000001907349px"><b><font color="#000000"><span>Amir</span> Naftali</font></b> | <b><font face="arial, helvetica, sans-serif"><font color="#0000ff">CTO and Co-Founder</font> | </font>+972 54 497 2622</b></div><div style="color:rgb(136,136,136);font-size:12.8000001907349px"><br></div><div style="color:rgb(136,136,136);font-size:12.8000001907349px"><a href="http://www.fortycloud.com/?utm_campaign=amir_email&utm_medium=email&utm_source=signature&utm_content=link&utm_term=amir_sig" style="color:rgb(0,0,255);font-family:'Courier New';font-size:14px;line-height:21px" target="_blank"><img align="none" height="37" src="https://gallery.mailchimp.com/805c65e3dbe647f677fe8ee38/images/bde29e88-9385-4f4b-ae97-60c704de1547.png" width="200" alt="" style="width:200px;min-height:37px;margin:0px"></a><br></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Sun, Nov 1, 2015 at 11:46 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>I'll check what's going on. Is that install of Ubuntu using systemd?<br><br>Sent from my iPhone</div><div><div class="h5"><div><br>On Nov 1, 2015, at 22:22, Amir Naftali <<a href="mailto:amir@fortycloud.com" target="_blank">amir@fortycloud.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Looks like there is an issue resulting from a delivery that happens 4 days ago titled "<span style="color:rgb(33,63,77);font-family:Helvetica,arial,nimbussansl,liberationsans,freesans,clean,sans-serif,'Segoe UI Emoji','Segoe UI Symbol';font-weight:bold;line-height:25.2px;background-color:rgb(230,241,246)">systemd: add socket activation</span>" <div><br></div><div>I'm running on an ubuntu 14.04 system in EC2/VPC</div><div><br></div><div>Up to that commit (not including), running "make build & install" does the magic and everything works ok.</div><div><br></div><div>Building/installing and running "ipsec verify" After that commit returns the following output</div><div><div><br></div><div><div>root@ip-192-168-100-119:/home/ubuntu# ipsec verify</div><div><br></div><div>Verifying installed system and configuration files</div><div><br></div><div>Version check and ipsec on-path <span style="white-space:pre-wrap"> </span>[OK]</div><div>Libreswan 3.master-201544.git (netkey) on 3.13.0-48-generic</div><div>Checking for IPsec support in kernel <span style="white-space:pre-wrap"> </span>[OK]</div><div> NETKEY: Testing XFRM related proc values</div><div> ICMP default/send_redirects <span style="white-space:pre-wrap"> </span>[OK]</div><div> ICMP default/accept_redirects <span style="white-space:pre-wrap"> </span>[OK]</div><div> XFRM larval drop <span style="white-space:pre-wrap"> </span>[OK]</div><div>Pluto ipsec.conf syntax <span style="white-space:pre-wrap"> </span>[OK]</div><div>Hardware random device <span style="white-space:pre-wrap"> </span>[N/A]</div><div>Two or more interfaces found, checking IP forwarding<span style="white-space:pre-wrap"> </span>[OK]</div><div>Checking rp_filter <span style="white-space:pre-wrap"> </span>[ENABLED]</div><div> /proc/sys/net/ipv4/conf/eth0/rp_filter <span style="white-space:pre-wrap"> </span>[ENABLED]</div><div> /proc/sys/net/ipv4/conf/lo/rp_filter <span style="white-space:pre-wrap"> </span>[ENABLED]</div><div> rp_filter is not fully aware of IPsec and should be disabled</div><div>Checking that pluto is running <span style="white-space:pre-wrap"> </span>[OK]</div><div><span style="background-color:rgb(194,123,160)"> Pluto listening for IKE on udp 500 <span style="white-space:pre-wrap"> </span>[FAILED]</span></div><div><span style="background-color:rgb(194,123,160)"> Pluto listening for IKE/NAT-T on udp 4500 <span style="white-space:pre-wrap"> </span>[DISABLED]</span></div><div> Pluto ipsec.secret syntax <span style="white-space:pre-wrap"> </span>[OK]</div><div>Checking 'ip' command <span style="white-space:pre-wrap"> </span>[OK]</div><div>Checking 'iptables' command <span style="white-space:pre-wrap"> </span>[OK]</div><div>Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options <span style="white-space:pre-wrap"> </span>[OK]</div><div>Opportunistic Encryption <span style="white-space:pre-wrap"> </span>[DISABLED]</div></div><div> </div><div>auth.log has the following error</div><div><br></div><div>Nov 1 13:11:13 ip-192-168-100-119 pluto[8648]: reapchild failed with errno=10 No child processes<br></div><div><br></div><div>syslog has the following error</div><div>Nov 1 13:11:13 ip-192-168-100-119 ipsec_starter[8920]: connect(pluto_ctl) failed: Invalid argument<br></div><div><br></div><div>Any thoughts? Am I doing something wrong?</div></div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><div style="color:rgb(0,0,0)"><div style="color:rgb(136,136,136);font-size:12.8000001907349px"><b><font color="#000000"><span>Amir</span> Naftali</font></b> | <b><font face="arial, helvetica, sans-serif"><font color="#0000ff">CTO and Co-Founder</font> | </font><a href="tel:%2B972%2054%20497%202622" value="+972544972622" target="_blank">+972 54 497 2622</a></b></div><div style="color:rgb(136,136,136);font-size:12.8000001907349px"><br></div><div style="color:rgb(136,136,136);font-size:12.8000001907349px"><a href="http://www.fortycloud.com/?utm_campaign=amir_email&utm_medium=email&utm_source=signature&utm_content=link&utm_term=amir_sig" style="color:rgb(0,0,255);font-family:'Courier New';font-size:14px;line-height:21px" target="_blank"><img align="none" height="37" src="https://gallery.mailchimp.com/805c65e3dbe647f677fe8ee38/images/bde29e88-9385-4f4b-ae97-60c704de1547.png" width="200" alt="" style="width:200px;min-height:37px;margin:0px"></a><br></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Fri, Oct 30, 2015 at 3:34 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On Fri, 30 Oct 2015, Amir Naftali wrote:<br>
<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
Subject: Re: [Swan] GW To GW IPSec connection between CheckPoint and Libreswan<br>
<br></span><span>
This sounds great, having such a capability will provide a powerful tool supporting an advance set of<br>
use cases<br>
Is there a way to get an early peek at the patch so I can test it against some use cases that we have<br>
</span></blockquote>
<br>
This was pushed:<br>
<br>
<a href="https://github.com/libreswan/libreswan/commit/f0328a91565c7a9951c9bc6b330ab15667e58fcd" rel="noreferrer" target="_blank">https://github.com/libreswan/libreswan/commit/f0328a91565c7a9951c9bc6b330ab15667e58fcd</a><br>
<br>
Note that the _updown script does not yet actually do any marking.<br>
<br>
I need to understand better how that would need to be done and what<br>
parameters are needed and how this would work well with vti. If anyone<br>
has suggestions or patches for _updown.netkey, please let me know.<span><font color="#888888"><br>
<br>
Paul<br>
</font></span></blockquote></div><br></div>
</div></blockquote></div></div></div></blockquote></div><br></div>