[Openswan Users] Ipsec auto --up {tunnelname} hangs

Paul Wouters paul at xelerance.com
Wed Jun 18 20:09:51 EDT 2008

On Wed, 18 Jun 2008, Greg Scott wrote:

>> Are you sure? Because ipsec auto releases the whack after
>> 60 seconds, giving your script control back.
> Absolutely, positively sure.  The first time I saw this, it was hung for
> several days before I dug into it.  With this latest time, I know what

Are you using DNS names in your conn description, while with the MPLS
down your DNS is unreachable?

> Linux Openswan U2.4.5/K2.6.18-1.2798.fc6 (netkey)

That's ancient. Upgrade.

> Linux Openswan U2.4.9/K2.6.23.1-42.fc8 (netkey)

aging but okay.

> Was that 60 second timeout introduced after 2.4.5?  If I upgrade that
> 2.4.5 system, should my hangs go away?

No It has always been "try now, try in 20s, try in 40s, release whack"

> And I'll look into --asynch.  Even if I don't get a usable status code,
> I can always cook up something to check and make sure the tunnel is
> really working.

You should run with plutodebug= and see why it is hanging instead.


More information about the Users mailing list