I have /sbin/ipsec. I rebooted to get networkmanager to restart with the latest version of libreswan.
I'm still getting an error message: Oct 24 12:58:23 threads NetworkManager[6097]: <info> [1603569503.8941] audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000 result="success" Oct 24 12:58:27 threads NetworkManager[6097]: <info> [1603569507.6586] audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" name="wtec-SJ" pid=10312 uid=1000 resul t="success" Oct 24 12:58:27 threads NetworkManager[6097]: <info> [1603569507.6708] vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Started the VPN service, PID 11786 Oct 24 12:58:27 threads NetworkManager[6097]: <info> [1603569507.6779] vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Saw the service appear; activating connection Oct 24 12:58:28 threads NetworkManager[6097]: <info> [1603569508.6593] audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000 result="success" Oct 24 12:58:32 threads /etc/init.d/NetworkManager[11800]: rc-service: service `ipsec' does not exist Oct 24 12:58:32 threads NetworkManager[6097]: <warn> [1603569512.8038] vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN connection: failed to connect: 'Could not restart the ipsec service.' Oct 24 12:58:32 threads NetworkManager[6097]: <info> [1603569512.8063] vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN plugin: state changed: stopped (6) Oct 24 12:58:32 threads NetworkManager[6097]: <info> [1603569512.8081] vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN service disappeared It's still looking for ipsec. I think it's looking for /etc/init.d/ipsecd or something like that based on the error message. Is an rcscript meant to be added by libreswan? So that something else is missing from the ebuild? Again, I really appreciate your patience with me. Thanks so much. On Sat, Oct 24, 2020 at 7:08 AM Paul Wouters <[email protected]> wrote: > pluto[17294]: ignoring message from whack with bad magic 1869114160; > should be 1869114159; Mismatched versions of userland tools. > > Sent > > It looks like either you have two installs (one in /usr and one in > /usr/local or your pluto > did not restart after installing a newer version ? > > Paul > > > > On Oct 23, 2020, at 23:26, Brian McKee <[email protected]> wrote: > > > Hi Paul and Doug, > > So I got libreswan 4.1 to install with the new folder by modifying the > ebuild, but I'm still having problems. Here is the output of networkmanager: > > Oct 23 20:19:40 threads NetworkManager[4579]: <info> [1603509580.7688] > audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 > result="success" > Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5025] > audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" > name="wtec-SJ" pid=5647 uid=1000 result > ="success" > Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5068] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Started the VPN service, PID 28727 > Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5115] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Saw the service appear; activating > connection > Oct 23 20:19:43 threads NetworkManager[4579]: <info> [1603509583.2001] > audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 > result="success" > Oct 23 20:19:51 threads pluto[17294]: ignoring message from whack with bad > magic 1869114160; should be 1869114159; Mismatched versions of userland > tools. > Oct 23 20:19:51 threads /etc/init.d/NetworkManager[28748]: rc-service: No > such file or directory > Oct 23 20:19:51 threads NetworkManager[4579]: <warn> [1603509591.5840] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN connection: failed to connect: > 'Could not restart the ipsec service.' > Oct 23 20:19:51 threads NetworkManager[4579]: <info> [1603509591.5851] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN plugin: state changed: stopped > (6) > Oct 23 20:19:51 threads NetworkManager[4579]: <info> [1603509591.5875] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN service disappeared > > I'm guessing I'm having ipsec issues... > > Can you give me a shove in the right direction? > > On Fri, Oct 23, 2020 at 10:47 AM Paul Wouters <[email protected]> wrote: > >> On Fri, 23 Oct 2020, Brian McKee wrote: >> >> > Thanks Doug!I'll open a ticket with the gentoo devs! >> >> They can compile with FINALNSSDIR=/etc/ipsec.d to keep the nss files at >> the same >> location if they prefer that. >> >> Note that libreswan-4.x also no longer builds support for DH2, and some >> NM-libreswan plugins tried to use dh2+dh5 for IKEv1. So you might also >> be running into that. That required a fix to NM-libreswan in fedora at >> least. >> >> Paul >> >> > On Fri, Oct 23, 2020 at 5:04 AM Douglas Kosovic <[email protected]> wrote: >> > >> > Hi Brian, >> > >> > >> > >> > With Libreswan >= 4.0, the default NSS database files (*.db) have >> moved from /etc/ipsec.d to >> > /var/lib/ipsec/nss >> > >> > >> > >> > Try the following Libreswan command to see if you get an error : >> > >> > >> > >> > $ sudo ipsec initnss >> > >> > ERROR: destination directory "/var/lib/ipsec/nss" is missing >> or permission denied >> > >> > >> > >> > pkg_postinst() in the gentoo ebuild is still using /etc/ipsec.d >> for the NSS database files : >> > >> > >> https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/libreswan/libreswan-4.1.ebuild >> > >> > >> > >> > >> > >> > you could fix the aforementioned pkg_postinst(), or issue the >> following as a workaround: >> > >> > >> > >> > sudo mkdir -p /var/lib/ipsec/nss >> > >> > sudo chmod 700 /var/lib/ipsec/nss >> > >> > >> > >> > then try sudo ipsec initnss again. >> > >> > >> > >> > If you are using SELinux or AppArmor, a new rule might be >> required for /var/lib/ipsec/nss >> > >> > >> > >> > >> > >> > Cheers, >> > >> > Doug >> > >> > >> > >> > From: Swan <[email protected]> On Behalf Of Brian >> McKee >> > Sent: Friday, 23 October 2020 6:06 PM >> > To: [email protected] >> > Subject: [Swan] Issue with networkmanager and l2tp >> > >> > >> > >> > Hello everyone, >> > >> > >> > >> > I'm a Gentoo linux user. My work uses a linux based VPN server (Centos >> 7) that is probably pretty out of date. >> > It uses l2tp protocol. >> > >> > >> > >> > My Gentoo box is running Networkmanager 1.26.0 and until a recent >> update I was running libreswan-3.32-r1 which >> > contains a patch to fix an NSS version issue. libreswan-3.32 without >> the patch fails to connect to my work >> > because of the NSS issue. >> > >> > >> > >> > Networkmanager requires libreswan for l2tp protocol connections. >> > >> > >> > >> > In the latest update of my machine libreswan 4.1 installed and I could >> no longer connect to work. There was >> > absolutely no useful messages from Networkmanager. This is what I got >> in /var/log/messages: >> > >> > >> > >> > Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4884] >> audit: op="connection-activate" >> > uuid="9a088450-2a7b-4012-befe-facf564c77e0" name="wtec-SJ" pid=5647 >> uid=1000 result >> > ="success" >> > Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4920] >> > >> vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >> Started the VPN service, PID >> > 10712 >> > Oct 22 21:30:16 threads NetworkManager[4579]: <info> [1603427416.4984] >> > >> vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >> Saw the service appear; >> > activating >> > connection >> > Oct 22 21:30:17 threads NetworkManager[4579]: <info> [1603427417.1234] >> audit: op="statistics" >> > arg="refresh-rate-ms" pid=5647 uid=1000 result="success" >> > Oct 22 21:30:27 threads NetworkManager[4579]: <info> [1603427427.7335] >> > >> vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >> VPN plugin: state changed: >> > stopped >> > (6) >> > Oct 22 21:30:27 threads NetworkManager[4579]: <info> [1603427427.7361] >> > >> vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >> VPN service disappeared >> > Oct 22 21:30:27 threads NetworkManager[4579]: <warn> [1603427427.7372] >> > >> vpn-connection[0x56488972c2b0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >> VPN connection: failed to >> > connect: >> > 'Message recipient disconnected from message bus without replying' >> > >> > I figure I have a configuration issue, except that it works fine with >> the old version of libreswan. >> > >> > >> > >> > I'm hoping you guys have some idea what I'm talking about. I can email >> you any information on my machine and I >> > can probably get the configuration for the (openvpn, I think) VPN >> server. >> > >> > >> > >> > I know that me using the old version of libreswan is eventually going >> to become a problem so I'd like to >> > proactively figure out what's wrong and fix my system so my work flow >> isn't interrupted. >> > >> > >> > >> > I don't hand edit the config files, I let KDE configure network >> manager, so I figure there is something I need >> > to change in that configuration. >> > >> > >> > >> > Anyway, thanks for reading and thanks in advance for any help you can >> offer. >> > >> > _______________________________________________ >> > Swan mailing list >> > [email protected] >> > https://lists.libreswan.org/mailman/listinfo/swan >> > >> > >> > >> > -- >> > -- Consciousness moves everything. >> > >> > >> > > > -- > -- Consciousness moves everything. > > -- -- Consciousness moves everything.
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
