I found another beginner mistake in the ebuild and reinstalled libreswan. The messages I'm getting now are:
Oct 25 09:17:49 threads NetworkManager[6124]: <info> [1603642669.8190] audit: op="statistics" arg="refresh-rate-ms" pid=10301 uid=1000 result="success" Oct 25 09:17:58 threads NetworkManager[6124]: <info> [1603642678.4519] audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" name="wtec-SJ" pid=10301 uid=1000 result="success" Oct 25 09:17:58 threads NetworkManager[6124]: <info> [1603642678.4627] vpn-connection[0x562e3e1ca100,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Started the VPN service, PID 12655 Oct 25 09:17:58 threads NetworkManager[6124]: <info> [1603642678.4691] vpn-connection[0x562e3e1ca100,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: Saw the service appear; activating connection Oct 25 09:17:59 threads NetworkManager[6124]: <info> [1603642679.1184] audit: op="statistics" arg="refresh-rate-ms" pid=10301 uid=1000 result="success" Oct 25 09:18:05 threads kernel: Initializing XFRM netlink socket Oct 25 09:18:05 threads kernel: IPv4 over IPsec tunneling driver Oct 25 09:18:05 threads NetworkManager[6124]: <info> [1603642685.7716] manager: (ip_vti0): new Generic device (/org/freedesktop/NetworkManager/Devices/6) Oct 25 09:18:05 threads kernel: IPsec XFRM device driver Oct 25 09:18:15 threads NetworkManager[6124]: <info> [1603642695.8344] vpn-connection[0x562e3e1ca100,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN plugin: state changed: stopped (6) Oct 25 09:18:15 threads NetworkManager[6124]: <info> [1603642695.8375] vpn-connection[0x562e3e1ca100,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN service disappeared Oct 25 09:18:15 threads NetworkManager[6124]: <warn> [1603642695.8385] vpn-connection[0x562e3e1ca100,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: VPN connection: failed to connect: 'Message recipient disconnected from message bus without replying' On Sun, Oct 25, 2020 at 9:03 AM Brian McKee <[email protected]> wrote: > Hi Doug, > > I'm back again... > > I found an ipsec init script produced by libreswan's compile in > ${IPSEC_CONFDIR}/../ipsec > I modified the ebuild to move that script in /etc/init.d/ and it works. > > But I still can't connect to work. Here is the output in /var/log/messages: > > Oct 25 08:57:15 threads NetworkManager[6097]: <info> [1603641435.8662] > audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000 > result="success" > Oct 25 08:57:18 threads NetworkManager[6097]: <info> [1603641438.4577] > audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" > name="wtec-SJ" pid=10312 uid=1000 resul > t="success" > Oct 25 08:57:18 threads NetworkManager[6097]: <info> [1603641438.4623] > vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Started the VPN service, PID 24090 > Oct 25 08:57:18 threads NetworkManager[6097]: <info> [1603641438.4669] > vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > Saw the service appear; activating > connection > Oct 25 08:57:19 threads NetworkManager[6097]: <info> [1603641439.0556] > audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000 > result="success" > Oct 25 08:57:33 threads NetworkManager[6097]: <info> [1603641453.8567] > vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN plugin: state changed: stopped > (6) > Oct 25 08:57:33 threads NetworkManager[6097]: <info> [1603641453.8597] > vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN service disappeared > Oct 25 08:57:33 threads NetworkManager[6097]: <warn> [1603641453.8607] > vpn-connection[0x55bd019c0590,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: > VPN connection: failed to connect: > 'Message recipient disconnected from message bus without replying' > > /usr/sbin/ipsec start works now: > threads /etc/init.d # /usr/sbin/ipsec start > Redirecting to: rc-service ipsec start > * WARNING: ipsec has already been started > > Thanks for your patience and help. > > On Sun, Oct 25, 2020 at 8:13 AM Brian McKee <[email protected]> wrote: > >> You are right. ipsec won't start because there is no service: >> /usr/sbin/ipsec start >> Redirecting to: rc-service ipsec start >> * rc-service: service `ipsec' does not exist >> I have to figure out how to create a service script for it. >> Perhaps I can get some help from the libreswan ebuild maintainer. >> I'll post in the bug report I created. >> >> Thanks for your help. >> >> >> On Sun, Oct 25, 2020 at 5:49 AM Douglas Kosovic <[email protected]> wrote: >> >>> Hi Brian, >>> >>> >>> So the following doesn't work >>> >>> sudo /sbin/ipsec restart >>> >>> and I suspect: >>> >>> sudo /sbin/ipsec start >>> >>> the gentoo libreswan ebuild has both openrc and systemd, sorry I have no >>> idea how the gentoo ebuild works with init script. >>> >>> If you are using systemd, running the following might give a hint as to >>> what needs to be done or is missing. >>> >>> sudo systemctl restart ipsec.service >>> >>> >>> With systemd, I think it needs the following file to exist, but not sure >>> with gentoo: >>> /lib/systemd/system/ipsec.service >>> >>> >>> Sorry I'm not familiar with openrc or if gentoo is using some >>> openrc/systemd hybrid setup, but your rcscript suspicion seems plausible. >>> >>> >>> >>> Cheers, >>> Doug >>> >>> ------------------------------ >>> *From:* Brian McKee <[email protected]> >>> *Sent:* Sunday, 25 October 2020 6:04 AM >>> *To:* Paul Wouters <[email protected]> >>> *Cc:* Douglas Kosovic <[email protected]>; [email protected] < >>> [email protected]> >>> *Subject:* Re: [Swan] Issue with networkmanager and l2tp >>> >>> I have /sbin/ipsec. >>> >>> I rebooted to get networkmanager to restart with the latest version of >>> libreswan. >>> >>> I'm still getting an error message: >>> >>> Oct 24 12:58:23 threads NetworkManager[6097]: <info> [1603569503.8941] >>> audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000 >>> result="success" >>> Oct 24 12:58:27 threads NetworkManager[6097]: <info> [1603569507.6586] >>> audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" >>> name="wtec-SJ" pid=10312 uid=1000 resul >>> t="success" >>> Oct 24 12:58:27 threads NetworkManager[6097]: <info> [1603569507.6708] >>> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >>> Started the VPN service, PID 11786 >>> Oct 24 12:58:27 threads NetworkManager[6097]: <info> [1603569507.6779] >>> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >>> Saw the service appear; activating >>> connection >>> Oct 24 12:58:28 threads NetworkManager[6097]: <info> [1603569508.6593] >>> audit: op="statistics" arg="refresh-rate-ms" pid=10312 uid=1000 >>> result="success" >>> Oct 24 12:58:32 threads /etc/init.d/NetworkManager[11800]: rc-service: >>> service `ipsec' does not exist >>> Oct 24 12:58:32 threads NetworkManager[6097]: <warn> [1603569512.8038] >>> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >>> VPN connection: failed to connect: >>> 'Could not restart the ipsec service.' >>> Oct 24 12:58:32 threads NetworkManager[6097]: <info> [1603569512.8063] >>> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >>> VPN plugin: state changed: stopped >>> (6) >>> Oct 24 12:58:32 threads NetworkManager[6097]: <info> [1603569512.8081] >>> vpn-connection[0x55bd019c0170,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >>> VPN service disappeared >>> >>> It's still looking for ipsec. I think it's looking for >>> /etc/init.d/ipsecd or something like that based on the error message. Is an >>> rcscript meant to be added by libreswan? So that something else is missing >>> from the ebuild? >>> >>> Again, I really appreciate your patience with me. Thanks so much. >>> >>> On Sat, Oct 24, 2020 at 7:08 AM Paul Wouters <[email protected]> wrote: >>> >>> pluto[17294]: ignoring message from whack with bad magic 1869114160; >>> should be 1869114159; Mismatched versions of userland tools. >>> >>> Sent >>> >>> It looks like either you have two installs (one in /usr and one in >>> /usr/local or your pluto >>> did not restart after installing a newer version ? >>> >>> Paul >>> >>> >>> >>> On Oct 23, 2020, at 23:26, Brian McKee <[email protected]> wrote: >>> >>> >>> Hi Paul and Doug, >>> >>> So I got libreswan 4.1 to install with the new folder by modifying the >>> ebuild, but I'm still having problems. Here is the output of >>> networkmanager: >>> >>> Oct 23 20:19:40 threads NetworkManager[4579]: <info> [1603509580.7688] >>> audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 >>> result="success" >>> Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5025] >>> audit: op="connection-activate" uuid="9a088450-2a7b-4012-befe-facf564c77e0" >>> name="wtec-SJ" pid=5647 uid=1000 result >>> ="success" >>> Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5068] >>> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >>> Started the VPN service, PID 28727 >>> Oct 23 20:19:42 threads NetworkManager[4579]: <info> [1603509582.5115] >>> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >>> Saw the service appear; activating >>> connection >>> Oct 23 20:19:43 threads NetworkManager[4579]: <info> [1603509583.2001] >>> audit: op="statistics" arg="refresh-rate-ms" pid=5647 uid=1000 >>> result="success" >>> Oct 23 20:19:51 threads pluto[17294]: ignoring message from whack with >>> bad magic 1869114160; should be 1869114159; Mismatched versions of userland >>> tools. >>> Oct 23 20:19:51 threads /etc/init.d/NetworkManager[28748]: rc-service: >>> No such file or directory >>> Oct 23 20:19:51 threads NetworkManager[4579]: <warn> [1603509591.5840] >>> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >>> VPN connection: failed to connect: >>> 'Could not restart the ipsec service.' >>> Oct 23 20:19:51 threads NetworkManager[4579]: <info> [1603509591.5851] >>> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >>> VPN plugin: state changed: stopped >>> (6) >>> Oct 23 20:19:51 threads NetworkManager[4579]: <info> [1603509591.5875] >>> vpn-connection[0x56488972c0a0,9a088450-2a7b-4012-befe-facf564c77e0,"wtec-SJ",0]: >>> VPN service disappeared >>> >>> I'm guessing I'm having ipsec issues... >>> >>> Can you give me a shove in the right direction? >>> >>> On Fri, Oct 23, 2020 at 10:47 AM Paul Wouters <[email protected]> wrote: >>> >>> On Fri, 23 Oct 2020, Brian McKee wrote: >>> >>> > Thanks Doug!I'll open a ticket with the gentoo devs! >>> >>> They can compile with FINALNSSDIR=/etc/ipsec.d to keep the nss files at >>> the same >>> location if they prefer that. >>> >>> Note that libreswan-4.x also no longer builds support for DH2, and some >>> NM-libreswan plugins tried to use dh2+dh5 for IKEv1. So you might also >>> be running into that. That required a fix to NM-libreswan in fedora at >>> least. >>> >>> Pau >>> >>> _______________________________________________ >>> Swan mailing list >>> [email protected] >>> https://lists.libreswan.org/mailman/listinfo/swan >>> >> >> >> -- >> -- Consciousness moves everything. >> > > > -- > -- Consciousness moves everything. > -- -- Consciousness moves everything.
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
