<div dir="ltr">I have /sbin/ipsec.<div><br></div><div>I rebooted to get networkmanager to restart with the latest version of libreswan.</div><div><br></div><div>I'm still getting an error message:</div><div><br></div><div><span style="font-family:monospace"><span style="color:rgb(0,0,0)">Oct 24 12:58:23 threads NetworkManager[6097]: <info> [1603569503.8941] audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000 result="success"
</span><br>Oct 24 12:58:27 threads NetworkManager[6097]: <info> [1603569507.6586] audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" name="wtec-SJ" pid=10312 uid=1000 resul<br>t="success"
<br>Oct 24 12:58:27 threads NetworkManager[6097]: <info> [1603569507.6708] vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Started the VPN service, PID 11786
<br>Oct 24 12:58:27 threads NetworkManager[6097]: <info> [1603569507.6779] vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Saw the service appear; activating<br> connection
<br>Oct 24 12:58:28 threads NetworkManager[6097]: <info> [1603569508.6593] audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000 result="success"
<br>Oct 24 12:58:32 threads /etc/init.d/NetworkManager[11800]: rc-service: service `ipsec' does not exist
<br>Oct 24 12:58:32 threads NetworkManager[6097]: <warn> [1603569512.8038] vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN connection: failed to connect:<br> 'Could not restart the ipsec service.'
<br>Oct 24 12:58:32 threads NetworkManager[6097]: <info> [1603569512.8063] vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN plugin: state changed: stopped<br> (6)
<br>Oct 24 12:58:32 threads NetworkManager[6097]: <info> [1603569512.8081] vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN service disappeared<br>
<br></span></div><div><span style="font-family:monospace">It's still looking for ipsec. I think it's looking for /etc/init.d/ipsecd or something like that based on the error message. Is an rcscript meant to be added by libreswan? So that something else is missing from the ebuild?</span></div><div><span style="font-family:monospace"><br></span></div><div><span style="font-family:monospace">Again, I really appreciate your patience with me. Thanks so much.</span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Oct 24, 2020 at 7:08 AM Paul Wouters <<a href="mailto:paul@nohats.ca">paul@nohats.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><span style="font-family:monospace;background-color:rgb(255,255,255)">pluto[17294]: ignoring message from whack with bad magic </span><a href="tel:1869114160" dir="ltr" style="font-family:monospace" target="_blank">1869114160</a><span style="font-family:monospace;background-color:rgb(255,255,255)">; should be </span><a href="tel:1869114159" dir="ltr" style="font-family:monospace" target="_blank">1869114159</a><span style="font-family:monospace;background-color:rgb(255,255,255)">; Mismatched versions of userland tools. </span><div><br><div dir="ltr">Sent</div><div dir="ltr"><br></div><div dir="ltr">It looks like either you have two installs (one in /usr and one in /usr/local or your pluto</div><div dir="ltr">did not restart after installing a newer version ?</div><div dir="ltr"><br></div><div dir="ltr">Paul</div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr"><br><blockquote type="cite">On Oct 23, 2020, at 23:26, Brian McKee <<a href="mailto:raydude@gmail.com" target="_blank">raydude@gmail.com</a>> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="ltr"><div>Hi Paul and Doug,</div><div><br></div>So I got libreswan 4.1 to install with the new folder by modifying the ebuild, but I'm still having problems. Here is the output of networkmanager:<div><br></div><div><span style="font-family:monospace"><span style="color:rgb(0,0,0)">Oct 23 20:19:40 threads NetworkManager[4579]: <info> [1603509580.7688] audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 result="success"
</span><br>Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5025] audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" name="wtec-SJ" pid=5647 uid=1000 result<br>="success"
<br>Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5068] vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Started the VPN service, PID 28727
<br>Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5115] vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Saw the service appear; activating<br> connection
<br>Oct 23 20:19:43 threads NetworkManager[4579]: <info> [1603509583.2001] audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 result="success"
<br>Oct 23 20:19:51 threads pluto[17294]: ignoring message from whack with bad magic 1869114160; should be 1869114159; Mismatched versions of userland tools.
<br>Oct 23 20:19:51 threads /etc/init.d/NetworkManager[28748]: rc-service: No such file or directory
<br>Oct 23 20:19:51 threads NetworkManager[4579]: <warn> [1603509591.5840] vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN connection: failed to connect:<br> 'Could not restart the ipsec service.'
<br>Oct 23 20:19:51 threads NetworkManager[4579]: <info> [1603509591.5851] vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN plugin: state changed: stopped<br> (6)
<br>Oct 23 20:19:51 threads NetworkManager[4579]: <info> [1603509591.5875] vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN service disappeared<br>
<br></span></div><div><span style="font-family:monospace">I'm guessing I'm having ipsec issues...</span></div><div><span style="font-family:monospace"><br></span></div><div><span style="font-family:monospace">Can you give me a shove in the right direction?</span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Oct 23, 2020 at 10:47 AM Paul Wouters <<a href="mailto:paul@nohats.ca" target="_blank">paul@nohats.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Fri, 23 Oct 2020, Brian McKee wrote:<br>
<br>
> Thanks Doug!I'll open a ticket with the gentoo devs!<br>
<br>
They can compile with FINALNSSDIR=/etc/ipsec.d to keep the nss files at the same<br>
location if they prefer that.<br>
<br>
Note that libreswan-4.x also no longer builds support for DH2, and some<br>
NM-libreswan plugins tried to use dh2+dh5 for IKEv1. So you might also<br>
be running into that. That required a fix to NM-libreswan in fedora at<br>
least.<br>
<br>
Paul<br>
<br>
> On Fri, Oct 23, 2020 at 5:04 AM Douglas Kosovic <<a href="mailto:doug@uq.edu.au" target="_blank">doug@uq.edu.au</a>> wrote:<br>
><br>
> Hi Brian,<br>
><br>
> <br>
><br>
> With Libreswan >= 4.0, the default NSS database files (*.db) have moved from /etc/ipsec.d to<br>
> /var/lib/ipsec/nss<br>
><br>
> <br>
><br>
> Try the following Libreswan command to see if you get an error :<br>
><br>
> <br>
><br>
> $ sudo ipsec initnss<br>
><br>
> ERROR: destination directory "/var/lib/ipsec/nss" is missing or permission denied<br>
><br>
> <br>
><br>
> pkg_postinst() in the gentoo ebuild is still using /etc/ipsec.d for the NSS database files :<br>
><br>
> <a href="https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/libreswan/libreswan-4.1.ebuild" rel="noreferrer" target="_blank">https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/libreswan/libreswan-4.1.ebuild</a><br>
><br>
> <br>
><br>
> <br>
><br>
> you could fix the aforementioned pkg_postinst(), or issue the following as a workaround:<br>
><br>
> <br>
><br>
> sudo mkdir -p /var/lib/ipsec/nss<br>
><br>
> sudo chmod 700 /var/lib/ipsec/nss<br>
><br>
> <br>
><br>
> then try sudo ipsec initnss again.<br>
><br>
> <br>
><br>
> If you are using SELinux or AppArmor, a new rule might be required for /var/lib/ipsec/nss<br>
><br>
> <br>
><br>
> <br>
><br>
> Cheers,<br>
><br>
> Doug<br>
><br>
> <br>
><br>
> From: Swan <<a href="mailto:swan-bounces@lists.libreswan.org" target="_blank">swan-bounces@lists.libreswan.org</a>> On Behalf Of Brian McKee<br>
> Sent: Friday, 23 October 2020 6:06 PM<br>
> To: <a href="mailto:swan@lists.libreswan.org" target="_blank">swan@lists.libreswan.org</a><br>
> Subject: [Swan] Issue with networkmanager and l2tp<br>
><br>
> <br>
><br>
> Hello everyone,<br>
><br>
> <br>
> <br>
> I'm a Gentoo linux user. My work uses a linux based VPN server (Centos 7) that is probably pretty out of date.<br>
> It uses l2tp protocol.<br>
> <br>
> <br>
> <br>
> My Gentoo box is running Networkmanager 1.26.0 and until a recent update I was running libreswan-3.32-r1 which<br>
> contains a patch to fix an NSS version issue. libreswan-3.32 without the patch fails to connect to my work<br>
> because of the NSS issue.<br>
> <br>
> <br>
> <br>
> Networkmanager requires libreswan for l2tp protocol connections.<br>
> <br>
> <br>
> <br>
> In the latest update of my machine libreswan 4.1 installed and I could no longer connect to work. There was<br>
> absolutely no useful messages from Networkmanager. This is what I got in /var/log/messages:<br>
> <br>
> <br>
> <br>
> Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4884] audit: op="connection-activate"<br>
> uuid="9a088450-2a7b-4012-befe-facf564c77e0" name="wtec-SJ" pid=5647 uid=1000 result<br>
> ="success"<br>
> Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4920]<br>
> vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Started the VPN service, PID<br>
> 10712<br>
> Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4984]<br>
> vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Saw the service appear;<br>
> activating<br>
> connection<br>
> Oct 22 21:30:17 threads NetworkManager[4579]: <info> [1603427417.1234] audit: op="statistics"<br>
> arg="refresh-rate-ms" pid=5647 uid=1000 result="success"<br>
> Oct 22 21:30:27 threads NetworkManager[4579]: <info> [1603427427.7335]<br>
> vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN plugin: state changed:<br>
> stopped<br>
> (6)<br>
> Oct 22 21:30:27 threads NetworkManager[4579]: <info> [1603427427.7361]<br>
> vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN service disappeared<br>
> Oct 22 21:30:27 threads NetworkManager[4579]: <warn> [1603427427.7372]<br>
> vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN connection: failed to<br>
> connect:<br>
> 'Message recipient disconnected from message bus without replying'<br>
> <br>
> I figure I have a configuration issue, except that it works fine with the old version of libreswan.<br>
> <br>
> <br>
> <br>
> I'm hoping you guys have some idea what I'm talking about. I can email you any information on my machine and I<br>
> can probably get the configuration for the (openvpn, I think) VPN server.<br>
> <br>
> <br>
> <br>
> I know that me using the old version of libreswan is eventually going to become a problem so I'd like to<br>
> proactively figure out what's wrong and fix my system so my work flow isn't interrupted.<br>
> <br>
> <br>
> <br>
> I don't hand edit the config files, I let KDE configure network manager, so I figure there is something I need<br>
> to change in that configuration.<br>
> <br>
> <br>
> <br>
> Anyway, thanks for reading and thanks in advance for any help you can offer.<br>
> <br>
> _______________________________________________<br>
> Swan mailing list<br>
> <a href="mailto:Swan@lists.libreswan.org" target="_blank">Swan@lists.libreswan.org</a><br>
> <a href="https://lists.libreswan.org/mailman/listinfo/swan" rel="noreferrer" target="_blank">https://lists.libreswan.org/mailman/listinfo/swan</a><br>
> <br>
> <br>
> <br>
> --<br>
> -- Consciousness moves everything.<br>
> <br>
><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr">-- Consciousness moves everything.</div>
</div></blockquote></div></div></blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">-- Consciousness moves everything.</div>