[Openswan Users] "/usr/local/sbin/ipsec setup --start" doesn't return the prompt on Ubuntu 9.10 when complied from source.
phearnomore
phearnomore at gmail.com
Thu Dec 10 11:32:48 EST 2009
2009/12/10 Paul Wouters <paul at xelerance.com>:
> On Thu, 10 Dec 2009, phearnomore wrote:
>
>> Once again it froze. Differently then with /bin/dash, at least
>> "graphically":
>>
>> assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --start
>> ipsec_setup: Starting Openswan IPsec U2.6.23/K2.6.31-14-generic-pae...
>> ^C
>> assiduus at ubuntu:~$
>>
>> but in comparison to the dash freezing this is what it got from ps aux
>> - and it grows every time I run Openswan with bash:
>>
>> root 9453 0.0 0.0 2720 640 pts/0 S 12:54 0:00
>> /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids yes --f
>> root 9457 0.0 0.0 2692 1140 pts/0 S 12:54 0:00
>> /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>> root 9461 0.0 0.0 2692 668 pts/0 S 12:54 0:00
>> /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>> root 9464 0.0 0.0 1948 408 pts/0 S 12:54 0:00
>> /usr/local/libexec/ipsec/rsasigkey 2192
>> root 9468 0.0 0.0 2692 612 pts/0 S 12:54 0:00
>> /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>
> It is generating a new host key and your system is either low on cpu or
> low on entropy. This will only happen on the first initial startup when
> openswan is creating a raw RSA hostkey. You should wait until this is
> done, possibly generating disk or network IO for interrupts which feed
> into the entropy pool.
You're right:
assiduus at ubuntu:~$ cat /proc/sys/kernel/random/entropy_avail
18
After a couple of minutes of my doing this and that it did start but
there is still something strange going on:
assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --start
ipsec_setup: Starting Openswan IPsec U2.6.23/K2.6.31-14-generic-pae...
assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --status
IPsec stopped
but...
has /var/run/pluto/ipsec.info file!
An normal Pluto is active?
assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --start
ipsec_setup: Openswan IPsec apparently already active, start aborted
assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --stop
ipsec_setup: Stopping Openswan IPsec...
assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --status
IPsec stopped
If the actual connections do work I guess I don't really care about
the --status not being confused but, yeah, it worked properly with the
official package version. ;)
Cheers,
--
phearnomore
More information about the Users
mailing list