[Openswan dev] bug report (auto=add &auto=start)

Paul Wouters paul at xelerance.com
Mon Jun 18 11:37:35 EDT 2007


On Mon, 18 Jun 2007, Alex wrote:

> Few days ago i posted here a message being in doubt who is responsabile for a
> strange message in my syslog.
> See my old posts here:
> http://lists.openswan.org/pipermail/dev/2007-June/001593.html
> or here
> http://lists.openswan.org/pipermail/users/2007-June/012591.html
>
> Jun 15 14:04:22 dev13 ipsec_setup: ...Openswan IPsec started
> Jun 15 14:04:22 dev13 ipsec_setup: Starting Openswan IPsec 2.4.8...
> Jun 15 14:04:23 dev13 ipsec__plutorun: 104 "z1" #1: STATE_MAIN_I1: initiate
> Jun 15 14:04:23 dev13 ipsec__plutorun: ...could not start conn "z1"
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> If, on one router i change from auto=start to auto=add, the message disappear
> and i have a clean syslog on this router (but the same stupid message appear
> on the second router, where i keeped auto=start):

It's _plutoload that is causing the error around line 120:

if test " $plutowait" = " no"
then
        async="--asynchronous"
fi
for tu in $plutostart
do
        ipsec auto --up $async $tu ||
                echo "...could not start conn \"$tu\""
done

So for some reason the ipsec auto --up connname is failling, even though it
seems to be triggered enough to work later on. Did you set plutowait to yes,
or did you not specifiy it so it is using the default of no?

Can you try issuing this on one end:

ipsec auto --replace connname
ipsec auto --up --asynchronous connname
echo $?

And tell us what you see?

Paul


More information about the Dev mailing list