[Openswan Users] "/usr/local/sbin/ipsec setup --start" doesn't return the prompt on Ubuntu 9.10 when complied from source.

Paul Wouters paul at xelerance.com
Wed Dec 9 11:55:51 EST 2009

On Wed, 9 Dec 2009, phearnomore wrote:

> I have two versions of Openswan installed on my fresh Ubuntu 9.10 system:
> assiduus at ubuntu:~$ /usr/local/sbin/ipsec --version
> Linux Openswan U2.6.23/K2.6.31-14-generic-pae (netkey)
> See `ipsec --copyright' for copyright information.

> Now the problem: when I run the first version of the program I don't
> get the prompt back while ^C doesn't seem to cancel Openswan's
> operation:

This is a known bug with /bin/dash. It has been reported to the dash
maintainer (Herbert Xu), but I have not seen a bugfix for this yet.

A workaround has been commit, see a4f8195028a3d293ce1b9fcdb2dda3f7495337cc
shown below. Another workaround (a better one in my opinion) is to link
/bin/sh back to /bin/bash on your ubuntu/debian system.

diff --git a/programs/_plutorun/_plutorun.in b/programs/_plutorun/_plutorun.in
index d2bef7f..ec27b09 100755
--- a/programs/_plutorun/_plutorun.in
+++ b/programs/_plutorun/_plutorun.in
@@ -222,6 +222,19 @@ then
         exit 0

+# Work around problem with broken shells (e.g. Busybox sh).
+# We are called with stdout & stderr going to a logger process started
+# by "ipsec setup". For some reason, when the below loop runs with
+# stdout & stderr redirected to a new logger, the pipe to the old logger
+# is leaked through to _plutorun as file descriptor 11, and the old
+# logger (and "ipsec setup") can never exit. By closing fds 1 & 2
+# before they can be dup'd to 11, we somehow avoid the problem.
+# This problem may also apply to Ubuntu's dash shell
+# (http://archives.free.net.ph/message/20090803.221025.1b0ebafd.en.html)
+# but the workaround has not been tested there.
+exec 1>/dev/null
+exec 2>/dev/null
  until (
         if test -s $info


More information about the Users mailing list