[Openswan Users] Ipsec auto --up {tunnelname} hangs
Paul Wouters
paul at xelerance.com
Wed Jun 18 20:09:51 EDT 2008
On Wed, 18 Jun 2008, Greg Scott wrote:
>> Are you sure? Because ipsec auto releases the whack after
>> 60 seconds, giving your script control back.
>
> Absolutely, positively sure. The first time I saw this, it was hung for
> several days before I dug into it. With this latest time, I know what
Are you using DNS names in your conn description, while with the MPLS
down your DNS is unreachable?
> Linux Openswan U2.4.5/K2.6.18-1.2798.fc6 (netkey)
That's ancient. Upgrade.
> Linux Openswan U2.4.9/K2.6.23.1-42.fc8 (netkey)
aging but okay.
> Was that 60 second timeout introduced after 2.4.5? If I upgrade that
> 2.4.5 system, should my hangs go away?
No It has always been "try now, try in 20s, try in 40s, release whack"
> And I'll look into --asynch. Even if I don't get a usable status code,
> I can always cook up something to check and make sure the tunnel is
> really working.
You should run with plutodebug= and see why it is hanging instead.
Paul
More information about the Users
mailing list