On Fri, May 19, 2017 at 6:22 PM, Paul Wouters <[email protected]> wrote: > On Thu, 18 May 2017, Martin T wrote: > >> I installed Libreswan 3.20 under OpenSUSE 42.1 and it has following >> options in ipsec.service unit file: >> >> ExecStart=/usr/lib/ipsec/pluto --leak-detective --config >> /etc/ipsec.conf --nofork >> ExecStop=/usr/lib/ipsec/whack --shutdown >> >> >> As I understand, this should mean that pluto should be stopped with >> "whack --shutdown" command. However, "systemctl stop ipsec.service" >> command hangs until watchdog kicks in and if I execute "whack >> --shutdown" manually using "strace -f", then following can be seen: > > > [hangs] > > Odd, can you tell me what happens when you run: killall -SIGTERM pluto > That should do the same thing as whack --shutdown but won't use the > socket. Then we know if it is pluto that's failing to die, or something > weird with reading/writing the socket? > > Is there any apparmor or selinux policies that you could temporarilly > disable to see if those are causing this? > > Paul
Thanks for reply! I think that pluto is falling to die: # pgrep -la pluto; killall -SIGTERM pluto; sleep 30; pgrep -la pluto 31885 /usr/lib/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork 31885 /usr/lib/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork # I'm not running SELinux nor Apparmor: # systemctl status apparmor apparmor.service Loaded: not-found (Reason: No such file or directory) Active: inactive (dead) # ls -l /etc/apparmor.d ls: cannot access /etc/apparmor.d: No such file or directory # Maybe pluto didn't compile correctly? I downloaded download.libreswan.org/binaries/rhel/latest/x86_64/libreswan-3.20-1.el6.src.rpm, modified the spec file and built a RPM for OpenSUSE 42.1. Any ideas how to troubleshoot this? thanks, Martin _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
