pluto[17294]: ignoring message from whack with bad magic 1869114160; should be 1869114159; Mismatched versions of userland tools.
Sent It looks like either you have two installs (one in /usr and one in /usr/local or your pluto did not restart after installing a newer version ? Paul > On Oct 23, 2020, at 23:26, Brian McKee <[email protected]> wrote: > > > Hi Paul and Doug, > > So I got libreswan 4.1 to install with the new folder by modifying the > ebuild, but I'm still having problems. Here is the output of networkmanager: > > Oct 23 20:19:40 threads NetworkManager[4579]: <info> [1603509580.7688] > audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 > result="success" > Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5025] > audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" > name="wtec-SJ" pid=5647 uid=1000 result > ="success" > Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5068] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Started the VPN service, PID 28727 > Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5115] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Saw the service appear; activating > connection > Oct 23 20:19:43 threads NetworkManager[4579]: <info> [1603509583.2001] > audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 > result="success" > Oct 23 20:19:51 threads pluto[17294]: ignoring message from whack with bad > magic 1869114160; should be 1869114159; Mismatched versions of userland > tools. > Oct 23 20:19:51 threads /etc/init.d/NetworkManager[28748]: rc-service: No > such file or directory > Oct 23 20:19:51 threads NetworkManager[4579]: <warn> [1603509591.5840] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN connection: failed to connect: > 'Could not restart the ipsec service.' > Oct 23 20:19:51 threads NetworkManager[4579]: <info> [1603509591.5851] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN plugin: state changed: stopped > (6) > Oct 23 20:19:51 threads NetworkManager[4579]: <info> [1603509591.5875] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN service disappeared > > I'm guessing I'm having ipsec issues... > > Can you give me a shove in the right direction? > >> On Fri, Oct 23, 2020 at 10:47 AM Paul Wouters <[email protected]> wrote: >> On Fri, 23 Oct 2020, Brian McKee wrote: >> >> > Thanks Doug!I'll open a ticket with the gentoo devs! >> >> They can compile with FINALNSSDIR=/etc/ipsec.d to keep the nss files at the >> same >> location if they prefer that. >> >> Note that libreswan-4.x also no longer builds support for DH2, and some >> NM-libreswan plugins tried to use dh2+dh5 for IKEv1. So you might also >> be running into that. That required a fix to NM-libreswan in fedora at >> least. >> >> Paul >> >> > On Fri, Oct 23, 2020 at 5:04 AM Douglas Kosovic <[email protected]> wrote: >> > >> > Hi Brian, >> > >> > >> > >> > With Libreswan >= 4.0, the default NSS database files (*.db) have >> > moved from /etc/ipsec.d to >> > /var/lib/ipsec/nss >> > >> > >> > >> > Try the following Libreswan command to see if you get an error : >> > >> > >> > >> > $ sudo ipsec initnss >> > >> > ERROR: destination directory "/var/lib/ipsec/nss" is missing or >> > permission denied >> > >> > >> > >> > pkg_postinst() in the gentoo ebuild is still using /etc/ipsec.d for >> > the NSS database files : >> > >> > >> > https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/libreswan/libreswan-4.1.ebuild >> > >> > >> > >> > >> > >> > you could fix the aforementioned pkg_postinst(), or issue the >> > following as a workaround: >> > >> > >> > >> > sudo mkdir -p /var/lib/ipsec/nss >> > >> > sudo chmod 700 /var/lib/ipsec/nss >> > >> > >> > >> > then try sudo ipsec initnss again. >> > >> > >> > >> > If you are using SELinux or AppArmor, a new rule might be required >> > for /var/lib/ipsec/nss >> > >> > >> > >> > >> > >> > Cheers, >> > >> > Doug >> > >> > >> > >> > From: Swan <[email protected]> On Behalf Of Brian >> > McKee >> > Sent: Friday, 23 October 2020 6:06 PM >> > To: [email protected] >> > Subject: [Swan] Issue with networkmanager and l2tp >> > >> > >> > >> > Hello everyone, >> > >> > >> > >> > I'm a Gentoo linux user. My work uses a linux based VPN server (Centos 7) >> > that is probably pretty out of date. >> > It uses l2tp protocol. >> > >> > >> > >> > My Gentoo box is running Networkmanager 1.26.0 and until a recent update I >> > was running libreswan-3.32-r1 which >> > contains a patch to fix an NSS version issue. libreswan-3.32 without the >> > patch fails to connect to my work >> > because of the NSS issue. >> > >> > >> > >> > Networkmanager requires libreswan for l2tp protocol connections. >> > >> > >> > >> > In the latest update of my machine libreswan 4.1 installed and I could no >> > longer connect to work. There was >> > absolutely no useful messages from Networkmanager. This is what I got in >> > /var/log/messages: >> > >> > >> > >> > Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4884] >> > audit: op="connection-activate" >> > uuid="9a088450-2a7b-4012-befe-facf564c77e0" name="wtec-SJ" pid=5647 >> > uid=1000 result >> > ="success" >> > Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4920] >> > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >> > Started the VPN service, PID >> > 10712 >> > Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4984] >> > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >> > Saw the service appear; >> > activating >> > connection >> > Oct 22 21:30:17 threads NetworkManager[4579]: <info> [1603427417.1234] >> > audit: op="statistics" >> > arg="refresh-rate-ms" pid=5647 uid=1000 result="success" >> > Oct 22 21:30:27 threads NetworkManager[4579]: <info> [1603427427.7335] >> > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >> > VPN plugin: state changed: >> > stopped >> > (6) >> > Oct 22 21:30:27 threads NetworkManager[4579]: <info> [1603427427.7361] >> > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >> > VPN service disappeared >> > Oct 22 21:30:27 threads NetworkManager[4579]: <warn> [1603427427.7372] >> > vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >> > VPN connection: failed to >> > connect: >> > 'Message recipient disconnected from message bus without replying' >> > >> > I figure I have a configuration issue, except that it works fine with the >> > old version of libreswan. >> > >> > >> > >> > I'm hoping you guys have some idea what I'm talking about. I can email you >> > any information on my machine and I >> > can probably get the configuration for the (openvpn, I think) VPN server. >> > >> > >> > >> > I know that me using the old version of libreswan is eventually going to >> > become a problem so I'd like to >> > proactively figure out what's wrong and fix my system so my work flow >> > isn't interrupted. >> > >> > >> > >> > I don't hand edit the config files, I let KDE configure network manager, >> > so I figure there is something I need >> > to change in that configuration. >> > >> > >> > >> > Anyway, thanks for reading and thanks in advance for any help you can >> > offer. >> > >> > _______________________________________________ >> > Swan mailing list >> > [email protected] >> > https://lists.libreswan.org/mailman/listinfo/swan >> > >> > >> > >> > -- >> > -- Consciousness moves everything. >> > >> > > > > -- > -- Consciousness moves everything.
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
