<font class="Apple-style-span" face="arial, helvetica, sans-serif">Well it seems I was able to make some progress after using the lucid explanation of this behavior here :</font><a href="http://www.gentoo-wiki.info/HOWTO_OpenSwan_2.6_kernel"><font class="Apple-style-span" face="arial, helvetica, sans-serif">http://www.gentoo-wiki.info/HOWTO_OpenSwan_2.6_kernel</font></a><div>
<font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif">Arm on my board is running at 600 mhz which might be slow for key generation operation.Moreover I was getting zero entropy for /proc/sys/kernel/random/entropy_avail. So I used the solution mention in link i.e convert use urandom instead of random in </font><span class="Apple-style-span" style="line-height: 24px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">/usr/libexec/ipsec/newhostkey. It generated ipsec.secrets in jiffies.</font></span></div>
<div><span class="Apple-style-span" style="line-height: 24px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></span></div><div><font class="Apple-style-span" face="arial, helvetica, sans-serif"><span class="Apple-style-span" style="line-height: 24px; "></span></font><span class="Apple-style-span" style="line-height: 24px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">But for some reason lord pluto was not happy and I got message: </font></span><span class="Apple-style-span" style="line-height: 24px; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">ipsec_setup: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")</font></span></div>
<div><span class="Apple-style-span" style="line-height: 24px;"><font class="Apple-style-span" face="arial, helvetica, sans-serif">I goggled for error and someone suggested looking in </font></span><span class="Apple-style-span" style="white-space: pre; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">/var/log/secure but there is no /var/log/secure.</font></span></div>
<div><span class="Apple-style-span" style="white-space: pre; "><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></span></div><div><span class="Apple-style-span" style="white-space: pre; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">Any hint? </font></span></div>
<div><span class="Apple-style-span" style="white-space: pre; "><font class="Apple-style-span" face="arial, helvetica, sans-serif"><br></font></span></div><div><span class="Apple-style-span" style="white-space: pre; "><font class="Apple-style-span" face="arial, helvetica, sans-serif">-SP</font></span></div>
<div><font class="Apple-style-span" color="#008000" face="monospace"><span class="Apple-style-span" style="line-height: 24px; font-size: medium; "><br></span></font></div><div><br><div class="gmail_quote">On Fri, Sep 30, 2011 at 12:41 PM, satpal parmar <span dir="ltr"><<a href="mailto:systems.satpal@gmail.com">systems.satpal@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Something is really fishy. <div><br></div><div>I can see a ipsec.secrets.new file getting created in etc and with growing ' RSA {' entries. </div>
<div>Something like:</div><div><br></div><div><div>: RSA {</div>
<div>: RSA {</div><div>: RSA {</div><div>: RSA {</div><div>: RSA {</div><div>: RSA {</div><div>: RSA {</div><div>: RSA </div></div><div><br></div><div>I know about ipsec.secrets but ipsec.secrets.new is something I read about. </div>
<div><br></div><div>I am not sure how useful is this info but thought of share it with you all. Still clueless about whats going on.</div><div><br></div><font color="#888888"><div>-SP </div></font><div><div></div><div class="h5">
<div><br><div class="gmail_quote">On Fri, Sep 30, 2011 at 10:59 AM, satpal parmar <span dir="ltr"><<a href="mailto:systems.satpal@gmail.com" target="_blank">systems.satpal@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all<div><br></div><div>I am trying to port IPsec 2.6.33 on ARM11 soc running linux kernel 2.6.37 (Netkey IPsec stack). I am experiencing strange behavior.When I start ipsec (/etc/init.d/ipsec start) console become unresponsive for long period of time (5+min). I run same thing in background and check the output of ps and I observed this: </div>
<div><br></div><div><div>58 root 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniquei</div><div> 962 root 0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet</div><div> 971 root 0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet</div>
<div> 972 root 0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet</div><div> 973 root 0:00 cat</div><div> 974 root 0:00 /usr/local/libexec/ipsec/rsasigkey --random /dev/random 2</div><div> 988 root 0:00 /bin/sh /usr/local/libexec/ipsec/setup restart</div>
<div> 1047 root 0:00 logger -s -p daemon.error -t ipsec_setup</div><div> 1131 root 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniquei</div><div> 1135 root 0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet</div>
<div> 1136 root 0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet</div><div> 1137 root 0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet</div><div> 1138 root 0:00 cat</div><div> 1146 root 0:00 /usr/local/libexec/ipsec/rsasigkey --random /dev/random 2</div>
<div> 1161 root 0:00 /bin/sh /usr/local/libexec/ipsec/setup restart</div><div> 1222 root 0:00 logger -s -p daemon.error -t ipsec_setup</div><div> 1306 root 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniquei</div>
<div> 1318 root 0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet</div><div> 1323 root 0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet</div><div> 1324 root 0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet</div>
<div> 1325 root 0:00 cat</div><div> 1326 root 0:00 /usr/local/libexec/ipsec/rsasigkey --random /dev/random 2</div><div> 1336 root 0:00 /bin/sh /usr/local/libexec/ipsec/setup restart</div><div> 1395 root 0:00 logger -s -p daemon.error -t ipsec_setup</div>
<div> 1479 root 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniquei</div><div> 1481 root 0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet</div><div> 1482 root 0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet</div>
<div> 1483 root 0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet</div></div><div><br></div><div>Is it an expected behavior? Is anything missing? </div><div><br></div><div>I do not have perl support on my setup so I can not use verfy. </div>
<div><br></div><div>Ipsec status giving me a cryptic response:</div><div><br></div><div><span style="font-family:verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif, sans;font-size:11px"># ipsec setup --status<br>
IPsec stopped<br>but...<br>has subsystem lock (/var/lock/subsys/ipsec)!</span></div><div><br></div><div>Anyone got any Idea whats going on? Any help will be highly appreciated.</div><div><br></div><font color="#888888"><div>
-SP</div>
</font></blockquote></div><br></div>
</div></div></blockquote></div><br></div>