You are right. ipsec won't start because there is no service: /usr/sbin/ipsec start Redirecting to: rc-service ipsec start * rc-service: service `ipsec' does not exist I have to figure out how to create a service script for it. Perhaps I can get some help from the libreswan ebuild maintainer. I'll post in the bug report I created.
Thanks for your help. On Sun, Oct 25, 2020 at 5:49 AM Douglas Kosovic <[email protected]> wrote: > Hi Brian, > > > So the following doesn't work > > sudo /sbin/ipsec restart > > and I suspect: > > sudo /sbin/ipsec start > > the gentoo libreswan ebuild has both openrc and systemd, sorry I have no > idea how the gentoo ebuild works with init script. > > If you are using systemd, running the following might give a hint as to > what needs to be done or is missing. > > sudo systemctl restart ipsec.service > > > With systemd, I think it needs the following file to exist, but not sure > with gentoo: > /lib/systemd/system/ipsec.service > > > Sorry I'm not familiar with openrc or if gentoo is using some > openrc/systemd hybrid setup, but your rcscript suspicion seems plausible. > > > > Cheers, > Doug > > ------------------------------ > *From:* Brian McKee <[email protected]> > *Sent:* Sunday, 25 October 2020 6:04 AM > *To:* Paul Wouters <[email protected]> > *Cc:* Douglas Kosovic <[email protected]>; [email protected] < > [email protected]> > *Subject:* Re: [Swan] Issue with networkmanager and l2tp > > I have /sbin/ipsec. > > I rebooted to get networkmanager to restart with the latest version of > libreswan. > > I'm still getting an error message: > > Oct 24 12:58:23 threads NetworkManager[6097]: <info> [1603569503.8941] > audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000 > result="success" > Oct 24 12:58:27 threads NetworkManager[6097]: <info> [1603569507.6586] > audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" > name="wtec-SJ" pid=10312 uid=1000 resul > t="success" > Oct 24 12:58:27 threads NetworkManager[6097]: <info> [1603569507.6708] > vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Started the VPN service, PID 11786 > Oct 24 12:58:27 threads NetworkManager[6097]: <info> [1603569507.6779] > vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Saw the service appear; activating > connection > Oct 24 12:58:28 threads NetworkManager[6097]: <info> [1603569508.6593] > audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000 > result="success" > Oct 24 12:58:32 threads /etc/init.d/NetworkManager[11800]: rc-service: > service `ipsec' does not exist > Oct 24 12:58:32 threads NetworkManager[6097]: <warn> [1603569512.8038] > vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN connection: failed to connect: > 'Could not restart the ipsec service.' > Oct 24 12:58:32 threads NetworkManager[6097]: <info> [1603569512.8063] > vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN plugin: state changed: stopped > (6) > Oct 24 12:58:32 threads NetworkManager[6097]: <info> [1603569512.8081] > vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN service disappeared > > It's still looking for ipsec. I think it's looking for /etc/init.d/ipsecd > or something like that based on the error message. Is an rcscript meant to > be added by libreswan? So that something else is missing from the ebuild? > > Again, I really appreciate your patience with me. Thanks so much. > > On Sat, Oct 24, 2020 at 7:08 AM Paul Wouters <[email protected]> wrote: > > pluto[17294]: ignoring message from whack with bad magic 1869114160; > should be 1869114159; Mismatched versions of userland tools. > > Sent > > It looks like either you have two installs (one in /usr and one in > /usr/local or your pluto > did not restart after installing a newer version ? > > Paul > > > > On Oct 23, 2020, at 23:26, Brian McKee <[email protected]> wrote: > > > Hi Paul and Doug, > > So I got libreswan 4.1 to install with the new folder by modifying the > ebuild, but I'm still having problems. Here is the output of > networkmanager: > > Oct 23 20:19:40 threads NetworkManager[4579]: <info> [1603509580.7688] > audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 > result="success" > Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5025] > audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" > name="wtec-SJ" pid=5647 uid=1000 result > ="success" > Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5068] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Started the VPN service, PID 28727 > Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5115] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Saw the service appear; activating > connection > Oct 23 20:19:43 threads NetworkManager[4579]: <info> [1603509583.2001] > audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 > result="success" > Oct 23 20:19:51 threads pluto[17294]: ignoring message from whack with bad > magic 1869114160; should be 1869114159; Mismatched versions of userland > tools. > Oct 23 20:19:51 threads /etc/init.d/NetworkManager[28748]: rc-service: No > such file or directory > Oct 23 20:19:51 threads NetworkManager[4579]: <warn> [1603509591.5840] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN connection: failed to connect: > 'Could not restart the ipsec service.' > Oct 23 20:19:51 threads NetworkManager[4579]: <info> [1603509591.5851] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN plugin: state changed: stopped > (6) > Oct 23 20:19:51 threads NetworkManager[4579]: <info> [1603509591.5875] > vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN service disappeared > > I'm guessing I'm having ipsec issues... > > Can you give me a shove in the right direction? > > On Fri, Oct 23, 2020 at 10:47 AM Paul Wouters <[email protected]> wrote: > > On Fri, 23 Oct 2020, Brian McKee wrote: > > > Thanks Doug!I'll open a ticket with the gentoo devs! > > They can compile with FINALNSSDIR=/etc/ipsec.d to keep the nss files at > the same > location if they prefer that. > > Note that libreswan-4.x also no longer builds support for DH2, and some > NM-libreswan plugins tried to use dh2+dh5 for IKEv1. So you might also > be running into that. That required a fix to NM-libreswan in fedora at > least. > > Pau > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan > -- -- Consciousness moves everything.
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
