[Openswan Users] "/usr/local/sbin/ipsec setup --start" doesn't return the prompt on Ubuntu 9.10 when complied from source.

phearnomore phearnomore at gmail.com
Thu Dec 10 11:32:48 EST 2009 

2009/12/10 Paul Wouters <paul at xelerance.com>:
> On Thu, 10 Dec 2009, phearnomore wrote:
>
>> Once again it froze. Differently then with /bin/dash, at least
>> "graphically":
>>
>> assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --start
>> ipsec_setup: Starting Openswan IPsec U2.6.23/K2.6.31-14-generic-pae...
>> ^C
>> assiduus at ubuntu:~$
>>
>> but in comparison to the dash freezing this is what it got from ps aux
>> - and it grows every time I run Openswan with bash:
>>
>> root      9453  0.0  0.0   2720   640 pts/0    S    12:54   0:00
>> /bin/sh /usr/local/lib/ipsec/_plutorun --debug  --uniqueids yes --f
>> root      9457  0.0  0.0   2692  1140 pts/0    S    12:54   0:00
>> /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>> root      9461  0.0  0.0   2692   668 pts/0    S    12:54   0:00
>> /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>> root      9464  0.0  0.0   1948   408 pts/0    S    12:54   0:00
>> /usr/local/libexec/ipsec/rsasigkey 2192
>> root      9468  0.0  0.0   2692   612 pts/0    S    12:54   0:00
>> /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>
> It is generating a new host key and your system is either low on cpu or
> low on entropy. This will only happen on the first initial startup when
> openswan is creating a raw RSA hostkey. You should wait until this is
> done, possibly generating disk or network IO for interrupts which feed
> into the entropy pool.

You're right:

assiduus at ubuntu:~$ cat /proc/sys/kernel/random/entropy_avail
18

After a couple of minutes of my doing this and that it did start but
there is still something strange going on:

assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --start
ipsec_setup: Starting Openswan IPsec U2.6.23/K2.6.31-14-generic-pae...

assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --status
IPsec stopped
but...
has /var/run/pluto/ipsec.info file!
An normal Pluto is active?

assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --start
ipsec_setup: Openswan IPsec apparently already active, start aborted

assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --stop
ipsec_setup: Stopping Openswan IPsec...

assiduus at ubuntu:~$ sudo /usr/local/sbin/ipsec setup --status
IPsec stopped

If the actual connections do work I guess I don't really care about
the --status not being confused but, yeah, it worked properly with the
official package version. ;)

Cheers,

-- 
phearnomore

More information about the Users mailing list