Thank you all, it worked, I made a "grep -nr python 2 /usr/libexec/ipsec" and got 3 files output:
- _unbound-hook:1:#!python2 - show:1:#!python2 - verify:1:#!python2 Made the change to each file to "#!/usr/bin/env python2". Al worked Nice!!! Regards, Rodolfo On Fri, May 14, 2021 at 1:46 AM <[email protected]> wrote: > Send Swan mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.libreswan.org/mailman/listinfo/swan > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Swan digest..." > > > Today's Topics: > > 1. Re: problem command "ipsec verify" (Paul Wouters) > 2. Re: problem command "ipsec verify" (Tuomo Soini) > 3. SA lifetime too short, less than configured (Ivan Kuznetsov) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 13 May 2021 09:52:12 -0400 (EDT) > From: Paul Wouters <[email protected]> > To: [email protected] > Cc: [email protected] > Subject: Re: [Swan] problem command "ipsec verify" > Message-ID: <[email protected]> > Content-Type: text/plain; charset=UTF-8; format=flowed > > On Wed, 12 May 2021, Jorge Sevillanos wrote: > > > Hi Bruno, something weird?is happening. > > Amazon Linux 2 by default comes with python2 & python3 installed and > their executables are? inside /usr/bin > > image.png > > Whoever build libreswan for that linux distro should set the proper > value for PYTHON_BINARY= > > eg see: > > paul@bofh:~$ grep PYTHON_BINARY libreswan/packaging/rhel/*/*spec > libreswan/packaging/rhel/7/libreswan.spec: PYTHON_BINARY=python2 \\\ > libreswan/packaging/rhel/8/libreswan.spec: PYTHON_BINARY=%{__python3} > \\\ > > Paul > > > ------------------------------ > > Message: 2 > Date: Thu, 13 May 2021 17:06:00 +0300 > From: Tuomo Soini <[email protected]> > To: [email protected] > Subject: Re: [Swan] problem command "ipsec verify" > Message-ID: <[email protected]> > Content-Type: text/plain; charset=US-ASCII > > On Wed, 12 May 2021 18:29:13 -0600 > Jorge Sevillanos <[email protected]> wrote: > > > Hi Libreswan, just installed Amazon Linux 2 (fresh) from default ami, > > nftables nftables v0.9.0 (Fearless Fosdick) and libreswan > > 4.4-1.el7_9 > > > > I downloaded rpm package form: > > > https://download.libreswan.org/binaries/rhel/7/x86_64/libreswan-4.4-1.el7_9.x86_64.rpm > > > > And installed package: yum install > > > https://download.libreswan.org/binaries/rhel/7/x86_64/libreswan-4.4-1.el7_9.x86_64.rpm > > > > I run the command "ipsec verify" and shows me the following: > > > > [root@ip-10-10-2-15 sysctl.d]# ipsec verify > > /sbin/ipsec: /usr/libexec/ipsec/verify: python2: bad interpreter: No > > such file or directory > > /sbin/ipsec: line 565: /usr/libexec/ipsec/verify: Success > > > > Please help. > > This was a bug in our spec file for rhel7. I fixed that few minutes ago > but this is not severe enough problem to rebuild package because verify > is completely optional like all python scripts in Libreswan. If you want > to use verify, do: > > sed -i -e 's|python2|/usr/bin/python2|' /usr/libexec/ipsec/verify > > Bug was introduced as part of 4.2 release. > > -- > Tuomo Soini <[email protected]> > Foobar Linux services > +358 40 5240030 > Foobar Oy <https://foobar.fi/> > > > ------------------------------ > > Message: 3 > Date: Fri, 14 May 2021 10:37:19 +0300 > From: Ivan Kuznetsov <[email protected]> > To: [email protected] > Subject: [Swan] SA lifetime too short, less than configured > Message-ID: <[email protected]> > Content-Type: text/plain; charset="koi8-r"; Format="flowed" > > Hello > > We use libreswan 3.32 under Linux and have a IPsec peer recently > upgraded their Cisco ASA. Tunnel was migrated to IKEv2. All works fine > except the libreswan side restarts ISAKMP too often, mostly after 1h. > ESP is restarted too. Settings for lifetime are 24h for phase 1 and 8h > for phase 2 on both sides. rekeymargin has default value (300s) > > Why libreswan drops ISAKMP SA regardless of explicit settings? > > Libreswan configuration: > > conn bkp > type=tunnel > auto=start > authby=secret > left=11.22.33.44 > leftsubnet=172.16.80.0/20 > right=55.66.77.88 > > rightsubnets=10.1.208.0/28,10.1.102.0/24,10.1.100.22/32,10.1.104.0/29 > > ikev2=yes > ikelifetime=24h > initial-contact=yes > > phase2=esp > salifetime=8h > # BKP's Cisco ASA has stranges regarding DH groups on phase2 > pfs=no > > rekey=yes > rekeymargin=5m > keyingtries=3 > > fragmentation=yes > # BKP's Cisco ASA has nonstadard DPD > # dpddelay=30 > # dpdtimeout=120 > # dpdaction=restart > > > Libreswan log is attached > > -- > Regards, Ivan Kuznetsov > SOLVO ltd > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: bkp.log > Type: text/x-log > Size: 19504 bytes > Desc: not available > URL: < > https://lists.libreswan.org/pipermail/swan/attachments/20210514/9e00f8d3/attachment.bin > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan > > > ------------------------------ > > End of Swan Digest, Vol 101, Issue 4 > ************************************ >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
