[Openswan Users] "/usr/local/sbin/ipsec setup --start" doesn't return the prompt on Ubuntu 9.10 when complied from source.
phearnomore
phearnomore at gmail.com
Thu Dec 10 12:29:13 EST 2009
2009/12/10 phearnomore <phearnomore at gmail.com>:
> 2009/12/10 Paul Wouters <paul at xelerance.com>:
>> On Thu, 10 Dec 2009, phearnomore wrote:
>>
>>> Once again it froze. Differently then with /bin/dash, at least
>>> "graphically":
>>>
>>> assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --start
>>> ipsec_setup: Starting Openswan IPsec U2.6.23/K2.6.31-14-generic-pae...
>>> ^C
>>> assiduus at ubuntu:~$
>>>
>>> but in comparison to the dash freezing this is what it got from ps aux
>>> - and it grows every time I run Openswan with bash:
>>>
>>> root 9453 0.0 0.0 2720 640 pts/0 S 12:54 0:00
>>> /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --f
>>> root 9457 0.0 0.0 2692 1140 pts/0 S 12:54 0:00
>>> /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>> root 9461 0.0 0.0 2692 668 pts/0 S 12:54 0:00
>>> /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>> root 9464 0.0 0.0 1948 408 pts/0 S 12:54 0:00
>>> /usr/local/libexec/ipsec/rsasigkey 2192
>>> root 9468 0.0 0.0 2692 612 pts/0 S 12:54 0:00
>>> /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>
>> It is generating a new host key and your system is either low on cpu or
>> low on entropy. This will only happen on the first initial startup when
>> openswan is creating a raw RSA hostkey. You should wait until this is
>> done, possibly generating disk or network IO for interrupts which feed
>> into the entropy pool.
>
> You're right:
>
> assiduus at ubuntu:~$ cat /proc/sys/kernel/random/entropy_avail
> 18
>
> After a couple of minutes of my doing this and that it did start but
> there is still something strange going on:
>
> assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --start
> ipsec_setup: Starting Openswan IPsec U2.6.23/K2.6.31-14-generic-pae...
>
> assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --status
> IPsec stopped
> but...
> has /var/run/pluto/ipsec.info file!
> An normal Pluto is active?
>
> assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --start
> ipsec_setup: Openswan IPsec apparently already active, start aborted
>
> assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --stop
> ipsec_setup: Stopping Openswan IPsec...
>
> assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --status
> IPsec stopped
>
> If the actual connections do work I guess I don't really care about
> the --status not being confused but, yeah, it worked properly with the
> official package version. ;)
Oh, I searched through the archives and it seems
(http://lists.openswan.org/pipermail/users/2009-August/017349.html)
that some has already mentioned that (faulty script). So unless
someone has an update (fix?) on that I don't expect any further
explanation. ;)
Thanks Paul and cheers,
--
phearnomore
More information about the Users
mailing list