On Mon, 8 Apr 2019, jchludzinski wrote:
I built libreswan 3.25 on Raspbian to be consistent with the "other" IPSec box
I'm trying to establish a peer-to-peer connection with. This wasn't exactly painless.
There appears to be a Red Hat bias to the
build instructions.
Anyway, after I installed libreswan 3.25 and ran ipsec.service, I then ran:
# ipsec verify
and got: "Pluto listening for IKE on udp 500 [FAILED]".
BUT, if I run:
# lsof -i UDP:500
pluto 6139 root 15u IPv4 52975 0t0 UDP 192.168.254.3:isakmp
or:
# netstat -tunlp
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
pluto 6139 root 15u IPv4 52975 0t0 UDP 192.168.254.3:isakmp
Both tell me that pluto is listening on port 500 using UDP.
Is "ipsec verify" lying to me?
ipsec verify is a pretty simplistic tool. It is likely lying to you
because it was expecting some kind of different output, or one of the
tools it uses wasn't installed.
It is using the "ss" tool for this specific task, which might not be
installed on your system?
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
