This is sorted out. I am in the process of migrating from another IPsec solution to strongSwan and therefore I have both products installed side-by-side for the purpose of comparing behaviors. The old product is installed at /usr while strongSwan is installed at /usr/local, for now. Both products have an 'ipsec' command. It happens that the PATH environment variable is being altered when pluto is started such that /usr/sbin precedes /usr/local/sbin, and pluto runs the _updown script using 'ipsec _updown' (reliance on PATH). Hence the 'wrong' ipsec command was being called to start the _updown script.
Bill -----Original Message----- From: [email protected] on behalf of William Bloom Sent: Tue 7/6/2010 12:53 PM To: [email protected] Subject: [strongSwan-dev] Netlink Error Prevents _updown Execution Using strongSwan 4.4.0 on RHEL 5.1, I've noticed that the _updown script isn't being executed after phase 1 and phase 2 complete successfully in pluto. With plutodebug=all, I see that, in fact, 'ipsec _updown' command lines are indeed being executed. However, an strace log reveals that the 'ipsec _updown' subprocess is exiting before starting the _updown script due to a NETLINK error (a 'sendto()' using NETLINK address family reports connection failure). The only use of NETLINK with which I am acquainted is the Linux audit subsystem - but auditing appears to be configured properly and working fine on my system. Is there a configuration flaw or build procedure misstep that might explain this? Bill _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
