[Openswan Users] Connection not coming up automatically

Vik Heyndrickx vik.heyndrickx at edchq.com
Mon Oct 25 20:16:50 CEST 2004


> -----Original Message-----
> From: Paul Wouters [mailto:paul at xelerance.com]
> Sent: Monday, October 25, 2004 9:53 AM
> To: Vik Heyndrickx
> Cc: Greg Dickinson; users at openswan.org
> Subject: RE: [Openswan Users] Connection not coming up automatically
> 
> 
> On Mon, 25 Oct 2004, Vik Heyndrickx wrote:
> 
> > Can you try to add below the line "# plutodebug=none" in ipsec.conf:
> >
> > plutowait=yes
> >
> > And let us know if the problem disappears and, the failure 
> log entry in /var/log/messages disappears. I think I spotted 
> a problem in one of the ipsec scripts, and if the above 
> workaround works, then I am sure about the problem ;-) 
> Solution will be less than evident.
> 
> can you tell us about the problem you think you have found?

The problem is in _plutoload, but the actual cause is the return code of "ipsec auto". When plutowait=yes everything is fine, but if plutowait=no (I think this is the default when it is not specified), the option --asynchronous is passed to "ipsec auto --up". In this case ipsec auto doesn't return success in any case, not even when the route would come up successfully (in the future), and a false error is logged "...could not start conn x". What doesn't make sence is that Greg's tunnels come up both now...

"ipsec" is a shell script, that runs the shell script "auto". "auto" in its turn runs "ipsec", and that instance of ipsec runs "whack", a binary program. I have looked at the source, but I don't find where the return code gets set...

Cheers,

-- 
Vik


More information about the Users mailing list