On Thu, 3 Dec 2015, John Crisp wrote:
Been trying to script some of the functionality in ipsec to run on SME
server but have been struggling with one particular issue to do with
ipsec auto --up
I can run the following without problems ($ipsecprop is the name of the
connection):
system("/usr/sbin/ipsec auto --replace $ipsecprop");
But if I try the following my script hangs if it cannot bring up a
connection :
system("/usr/sbin/ipsec auto --up $ipsecprop");
You can try:
system("/usr/sbin/ipsec auto --asynchronous --up $ipsecprop");
but you will not get any reporting on the command line (but it will be
in the logs)
At the console if I run
ipsec auto --replace
I get this at the console, and an immediate exit :
[root@test ~]# ipsec auto --replace TestToRemote
002 "TestToRemote": deleting connection
002 "TestToRemote" #8: deleting state #8 (STATE_MAIN_I1)
002 added connection description "TestToRemote"
If I use it in the perl script it works perfectly.
If I try this from the console I get an immediate exit :
[root@test ~]# ipsec auto --add TestToRemote
002 "TestToRemote": deleting connection
002 "TestToRemote" #20: deleting state #20 (STATE_MAIN_I1)
002 added connection description "TestToRemote"
But if I use it in a script, the script hangs when a connection cannot
be made. It also logs the first few lines of the connection attempt to
the system log :
We did fix a bug that caused add or replace to take a very long time to
fail. Can you try 3.16rc2 from download.libreswan.org/development/ ?
It then carries on logging in pluto.log but my perl scripts is just hung
there.
I wonder if there is a leaking filedescriptor somewhere....
What I don't understand is why --replace works and --add doesn't.
That is very strange because if you look in programs/auto/auto.in you
can see that "add" and "replace" are actually both eaten up when it
calls addconn. There cannot be a difference in behaviour between the
two. (addconn implicitely treats add as replace)
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
