[Openswan Users] Help Please! Pluto won't run

Howard Ratzlaff w at ratzlaff.org
Sun Jul 6 15:15:45 EDT 2008 

I have a problem getting openswan to operate on a new computer
installation.  I have successfully install Openswan on other version of
Fedora, but this is the first attempt on Core 9.  I have researched this
problem on the net and haven't found anything similar.

I think the problem is around /dev/random and /dev/urandom as
[root at monitor ipsec.d]# ipsec newhostkey --output hostkey.secrets
never finishes unless I first
rm /dev/random -f;mknod /dev/random c 1 9

I was having a RNG detect error on bootup until I added the following into
a file in the modprobe.d directory:

options intel-rng no_fwh_detect=1

I have tried the same with /dev/urandom, but nothing has changed
rm /dev/urandom -f;mknod /dev/urandom c 1 9

RNG ERROR
Jul  6 09:52:14 monitor kernel: intel_rng: Firmware space is locked
read-only. If you can't or
Jul  6 09:52:14 monitor kernel: intel_rng: don't want to disable this in
firmware setup, and if
Jul  6 09:52:14 monitor kernel: intel_rng: you are certain that your
system has a functional
Jul  6 09:52:14 monitor kernel: intel_rng: RNG, try using the
'no_fwh_detect' option.

After RNG option
Jul  6 10:12:37 monitor kernel: Intel 82802 RNG detected

The only other error that might affect encryption is VIA Padlock, but this
is not a VIA CPU so this is no surprise?
Jul  6 11:37:27 monitor kernel: padlock: VIA PadLock not detected.
Jul  6 11:37:27 monitor kernel: padlock: VIA PadLock Hash Engine not
detected.


Sample IPsec start log
Jul  6 11:37:27 monitor ipsec_setup: Starting Openswan IPsec
U2.6.14/K2.6.25.9-76.fc9.i686...
Jul  6 11:37:27 monitor ipsec_setup:
Jul  6 11:37:27 monitor ipsec_setup:
Jul  6 11:37:27 monitor ipsec__plutorun: pluto: unable to create lock file
"/var/run/pluto/pluto.pid" (13 Permission denied)
Jul  6 11:37:27 monitor kernel: type=1400 audit(1215369447.785:9): avc: 
denied  { write } for  pid=2005 comm="pluto" name="pluto" dev=sda3
ino=663686 scontext=system_u:system_r:ipsec_t:s0
tcontext=system_u:object_r:ipsec_var_run_t:s0 tclass=dir
Jul  6 11:37:27 monitor ipsec__plutorun: pluto: unable to create lock file
"/var/run/pluto/pluto.pid" (13 Permission denied)
Jul  6 11:37:27 monitor kernel: type=1400 audit(1215369447.785:9): avc: 
denied  { write } for  pid=2005 comm="pluto" name="pluto" dev=sda3
ino=663686 scontext=system_u:system_r:ipsec_t:s0
tcontext=system_u:object_r:ipsec_var_run_t:s0 tclass=dir
Jul  6 11:37:27 monitor ipsec__plutorun: pluto unexpectedly said `exit'
Jul  6 11:37:27 monitor ipsec__plutorun: pluto unexpectedly said `1'
Jul  6 11:37:27 monitor ipsec__plutorun: connect(pluto_ctl) failed: No
such file or directory
Jul  6 11:37:27 monitor ipsec_starter[2020]: connect(pluto_ctl) failed: No
such file or directory
Jul  6 11:37:27 monitor hcid[2029]: Bluetooth HCI daemon
Jul  6 11:37:28 monitor kernel: Bluetooth: Core ver 2.11
Jul  6 11:37:28 monitor kernel: NET: Registered protocol family 31
Jul  6 11:37:28 monitor kernel: Bluetooth: HCI device and connection
manager initialized
Jul  6 11:37:28 monitor kernel: Bluetooth: HCI socket layer initialized
Jul  6 11:37:28 monitor ipsec__plutorun: whack: Pluto is not running (no
"/var/run/pluto/pluto.ctl")
Jul  6 11:37:28 monitor ipsec__plutorun: pluto died without exit status!?!
Jul  6 11:37:28 monitor ipsec__plutorun: internal failure in pluto
scripts, impossible to carry on

More information about the Users mailing list