I'll check what's going on. Is that install of Ubuntu using systemd? Sent from my iPhone
> On Nov 1, 2015, at 22:22, Amir Naftali <[email protected]> wrote: > > Looks like there is an issue resulting from a delivery that happens 4 days > ago titled "systemd: add socket activation" > > I'm running on an ubuntu 14.04 system in EC2/VPC > > Up to that commit (not including), running "make build & install" does the > magic and everything works ok. > > Building/installing and running "ipsec verify" After that commit returns the > following output > > root@ip-192-168-100-119:/home/ubuntu# ipsec verify > > Verifying installed system and configuration files > > Version check and ipsec on-path [OK] > Libreswan 3.master-201544.git (netkey) on 3.13.0-48-generic > Checking for IPsec support in kernel [OK] > NETKEY: Testing XFRM related proc values > ICMP default/send_redirects [OK] > ICMP default/accept_redirects [OK] > XFRM larval drop [OK] > Pluto ipsec.conf syntax [OK] > Hardware random device [N/A] > Two or more interfaces found, checking IP forwarding [OK] > Checking rp_filter [ENABLED] > /proc/sys/net/ipv4/conf/eth0/rp_filter [ENABLED] > /proc/sys/net/ipv4/conf/lo/rp_filter [ENABLED] > rp_filter is not fully aware of IPsec and should be disabled > Checking that pluto is running [OK] > Pluto listening for IKE on udp 500 [FAILED] > Pluto listening for IKE/NAT-T on udp 4500 [DISABLED] > Pluto ipsec.secret syntax [OK] > Checking 'ip' command [OK] > Checking 'iptables' command [OK] > Checking 'prelink' command does not interfere with FIPSChecking for obsolete > ipsec.conf options [OK] > Opportunistic Encryption [DISABLED] > > auth.log has the following error > > Nov 1 13:11:13 ip-192-168-100-119 pluto[8648]: reapchild failed with > errno=10 No child processes > > syslog has the following error > Nov 1 13:11:13 ip-192-168-100-119 ipsec_starter[8920]: connect(pluto_ctl) > failed: Invalid argument > > Any thoughts? Am I doing something wrong? > > > Amir Naftali | CTO and Co-Founder | +972 54 497 2622 > > > >> On Fri, Oct 30, 2015 at 3:34 PM, Paul Wouters <[email protected]> wrote: >> On Fri, 30 Oct 2015, Amir Naftali wrote: >> >>> Subject: Re: [Swan] GW To GW IPSec connection between CheckPoint and >>> Libreswan >>> >>> This sounds great, having such a capability will provide a powerful tool >>> supporting an advance set of >>> use cases >>> Is there a way to get an early peek at the patch so I can test it against >>> some use cases that we have >> >> This was pushed: >> >> https://github.com/libreswan/libreswan/commit/f0328a91565c7a9951c9bc6b330ab15667e58fcd >> >> Note that the _updown script does not yet actually do any marking. >> >> I need to understand better how that would need to be done and what >> parameters are needed and how this would work well with vti. If anyone >> has suggestions or patches for _updown.netkey, please let me know. >> >> Paul >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
