Hi Paul and Doug, So I got libreswan 4.1 to install with the new folder by modifying the ebuild, but I'm still having problems. Here is the output of networkmanager:
Oct 23 20:19:40 threads NetworkManager[4579]: <info> [1603509580.7688] audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 result="success" Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5025] audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" name="wtec-SJ" pid=5647 uid=1000 result ="success" Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5068] vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Started the VPN service, PID 28727 Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5115] vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Saw the service appear; activating connection Oct 23 20:19:43 threads NetworkManager[4579]: <info> [1603509583.2001] audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 result="success" Oct 23 20:19:51 threads pluto[17294]: ignoring message from whack with bad magic 1869114160; should be 1869114159; Mismatched versions of userland tools. Oct 23 20:19:51 threads /etc/init.d/NetworkManager[28748]: rc-service: No such file or directory Oct 23 20:19:51 threads NetworkManager[4579]: <warn> [1603509591.5840] vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN connection: failed to connect: 'Could not restart the ipsec service.' Oct 23 20:19:51 threads NetworkManager[4579]: <info> [1603509591.5851] vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN plugin: state changed: stopped (6) Oct 23 20:19:51 threads NetworkManager[4579]: <info> [1603509591.5875] vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN service disappeared I'm guessing I'm having ipsec issues... Can you give me a shove in the right direction? On Fri, Oct 23, 2020 at 10:47 AM Paul Wouters <[email protected]> wrote: > On Fri, 23 Oct 2020, Brian McKee wrote: > > > Thanks Doug!I'll open a ticket with the gentoo devs! > > They can compile with FINALNSSDIR=/etc/ipsec.d to keep the nss files at > the same > location if they prefer that. > > Note that libreswan-4.x also no longer builds support for DH2, and some > NM-libreswan plugins tried to use dh2+dh5 for IKEv1. So you might also > be running into that. That required a fix to NM-libreswan in fedora at > least. > > Paul > > > On Fri, Oct 23, 2020 at 5:04 AM Douglas Kosovic <[email protected]> wrote: > > > > Hi Brian, > > > > > > > > With Libreswan >= 4.0, the default NSS database files (*.db) have > moved from /etc/ipsec.d to > > /var/lib/ipsec/nss > > > > > > > > Try the following Libreswan command to see if you get an error : > > > > > > > > $ sudo ipsec initnss > > > > ERROR: destination directory "/var/lib/ipsec/nss" is missing or > permission denied > > > > > > > > pkg_postinst() in the gentoo ebuild is still using /etc/ipsec.d > for the NSS database files : > > > > > https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/libreswan/libreswan-4.1.ebuild > > > > > > > > > > > > you could fix the aforementioned pkg_postinst(), or issue the > following as a workaround: > > > > > > > > sudo mkdir -p /var/lib/ipsec/nss > > > > sudo chmod 700 /var/lib/ipsec/nss > > > > > > > > then try sudo ipsec initnss again. > > > > > > > > If you are using SELinux or AppArmor, a new rule might be required > for /var/lib/ipsec/nss > > > > > > > > > > > > Cheers, > > > > Doug > > > > > > > > From: Swan <[email protected]> On Behalf Of Brian > McKee > > Sent: Friday, 23 October 2020 6:06 PM > > To: [email protected] > > Subject: [Swan] Issue with networkmanager and l2tp > > > > > > > > Hello everyone, > > > > > > > > I'm a Gentoo linux user. My work uses a linux based VPN server (Centos > 7) that is probably pretty out of date. > > It uses l2tp protocol. > > > > > > > > My Gentoo box is running Networkmanager 1.26.0 and until a recent update > I was running libreswan-3.32-r1 which > > contains a patch to fix an NSS version issue. libreswan-3.32 without the > patch fails to connect to my work > > because of the NSS issue. > > > > > > > > Networkmanager requires libreswan for l2tp protocol connections. > > > > > > > > In the latest update of my machine libreswan 4.1 installed and I could > no longer connect to work. There was > > absolutely no useful messages from Networkmanager. This is what I got in > /var/log/messages: > > > > > > > > Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4884] > audit: op="connection-activate" > > uuid="9a088450-2a7b-4012-befe-facf564c77e0" name="wtec-SJ" pid=5647 > uid=1000 result > > ="success" > > Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4920] > > > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Started the VPN service, PID > > 10712 > > Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4984] > > > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Saw the service appear; > > activating > > connection > > Oct 22 21:30:17 threads NetworkManager[4579]: <info> [1603427417.1234] > audit: op="statistics" > > arg="refresh-rate-ms" pid=5647 uid=1000 result="success" > > Oct 22 21:30:27 threads NetworkManager[4579]: <info> [1603427427.7335] > > > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN plugin: state changed: > > stopped > > (6) > > Oct 22 21:30:27 threads NetworkManager[4579]: <info> [1603427427.7361] > > > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN service disappeared > > Oct 22 21:30:27 threads NetworkManager[4579]: <warn> [1603427427.7372] > > > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN connection: failed to > > connect: > > 'Message recipient disconnected from message bus without replying' > > > > I figure I have a configuration issue, except that it works fine with > the old version of libreswan. > > > > > > > > I'm hoping you guys have some idea what I'm talking about. I can email > you any information on my machine and I > > can probably get the configuration for the (openvpn, I think) VPN server. > > > > > > > > I know that me using the old version of libreswan is eventually going to > become a problem so I'd like to > > proactively figure out what's wrong and fix my system so my work flow > isn't interrupted. > > > > > > > > I don't hand edit the config files, I let KDE configure network manager, > so I figure there is something I need > > to change in that configuration. > > > > > > > > Anyway, thanks for reading and thanks in advance for any help you can > offer. > > > > _______________________________________________ > > Swan mailing list > > [email protected] > > https://lists.libreswan.org/mailman/listinfo/swan > > > > > > > > -- > > -- Consciousness moves everything. > > > > > -- -- Consciousness moves everything.
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
