On Mon, 22 May 2017, Martin T wrote:
Thanks for reply! I think that pluto is falling to die:
# pgrep -la pluto; killall -SIGTERM pluto; sleep 30; pgrep -la pluto
31885 /usr/lib/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork
31885 /usr/lib/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork
I don't know what that is happening, but tempted to blame your
particular system.
Maybe pluto didn't compile correctly? I downloaded
download.libreswan.org/binaries/rhel/latest/x86_64/libreswan-3.20-1.el6.src.rpm,
modified the spec file and built a RPM for OpenSUSE 42.1.
If it compiled, it should work? As long as USE_SECCOMP did not get
enabled, you should be fine.
command, then I see those very same log messages shown in my initial
e-mail with an exception that systemd does not kill the process. In
other words, the "May 18 18:49:28 host systemd[1]: ipsec.service
stop-sigterm timed out. Killing." does not happen. When I execute
"systemctl status ipsec", then its status is "running". If I attach to
pluto(PID is 12912) process with "strace -f -p 12912" command and then
execute "killall -SIGTERM pluto", then following is shown:
) = ? ERESTARTSYS (To be restarted if SA_RESTART is set)
[pid 12912] --- SIGTERM {si_signo=SIGTERM, si_code=SI_USER,
si_pid=13463, si_uid=0} ---
[pid 12912] rt_sigreturn({mask=[]}) = -1 EINTR (Interrupted system call)
[pid 12912] futex(0x7f0e440009a0, FUTEX_WAIT_PRIVATE, 2, NULL
I'm not sure what this means.
I could add "KillSignal=SIGKILL" to systemd unit file, but I'm not
sure what are the consequences once the server is used for live IPsec
connections..
It works, in that we won't send any Delete/Notifies so the other end
won't know you're gone until you are back and try to re-establish the
tunnel (or until their dpd settings kick in)
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
