[Openswan Users] Openswan porting on ARM: /etc/init.d/ipsec start unresponsive ------->to psec_setup: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")

satpal parmar systems.satpal at gmail.com
Fri Sep 30 05:14:48 EDT 2011 

Well it seems I was able to make some progress after using the
lucid explanation of this behavior  here :
http://www.gentoo-wiki.info/HOWTO_OpenSwan_2.6_kernel

Arm on my board is running at 600 mhz which might be slow for
key generation operation.Moreover I was getting  zero entropy for
/proc/sys/kernel/random/entropy_avail. So I used the solution mention in
link i.e convert  use urandom instead of random in
/usr/libexec/ipsec/newhostkey.
It generated ipsec.secrets in jiffies.

But for some reason lord pluto was not happy and I got message: ipsec_setup:
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
I goggled for error and someone suggested looking in /var/log/secure but
there is no /var/log/secure.

Any hint?

-SP


On Fri, Sep 30, 2011 at 12:41 PM, satpal parmar <systems.satpal at gmail.com>wrote:

> Something is really fishy.
>
> I can see a ipsec.secrets.new file getting created  in etc and with growing
> ' RSA   {' entries.
> Something like:
>
> : RSA   {
> : RSA   {
> : RSA   {
> : RSA   {
> : RSA   {
> : RSA   {
> : RSA   {
> : RSA
>
> I know about ipsec.secrets but ipsec.secrets.new is something I read
> about.
>
> I am not sure how useful is this info but thought of share it with you all.
> Still clueless about whats going on.
>
> -SP
>
> On Fri, Sep 30, 2011 at 10:59 AM, satpal parmar <systems.satpal at gmail.com>wrote:
>
>> Hi all
>>
>> I am trying to port IPsec 2.6.33 on ARM11 soc running linux kernel 2.6.37
>> (Netkey IPsec stack). I am experiencing strange behavior.When I start ipsec
>> (/etc/init.d/ipsec start) console become unresponsive for long period of
>> time (5+min). I run same thing in background and check the output of  ps and
>> I observed this:
>>
>> 58 root       0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug
>>  --uniquei
>>   962 root       0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>   971 root       0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>   972 root       0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>   973 root       0:00 cat
>>   974 root       0:00 /usr/local/libexec/ipsec/rsasigkey --random
>> /dev/random 2
>>   988 root       0:00 /bin/sh /usr/local/libexec/ipsec/setup restart
>>  1047 root       0:00 logger -s -p daemon.error -t ipsec_setup
>>  1131 root       0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug
>>  --uniquei
>>  1135 root       0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>  1136 root       0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>  1137 root       0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>  1138 root       0:00 cat
>>  1146 root       0:00 /usr/local/libexec/ipsec/rsasigkey --random
>> /dev/random 2
>>  1161 root       0:00 /bin/sh /usr/local/libexec/ipsec/setup restart
>>  1222 root       0:00 logger -s -p daemon.error -t ipsec_setup
>>  1306 root       0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug
>>  --uniquei
>>  1318 root       0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>  1323 root       0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>  1324 root       0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>  1325 root       0:00 cat
>>  1326 root       0:00 /usr/local/libexec/ipsec/rsasigkey --random
>> /dev/random 2
>>  1336 root       0:00 /bin/sh /usr/local/libexec/ipsec/setup restart
>>  1395 root       0:00 logger -s -p daemon.error -t ipsec_setup
>>  1479 root       0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug
>>  --uniquei
>>  1481 root       0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>  1482 root       0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>  1483 root       0:00 /bin/sh /usr/local/libexec/ipsec/newhostkey --quiet
>>
>> Is it an expected behavior? Is anything missing?
>>
>> I do not have perl support on my setup so I can not use verfy.
>>
>> Ipsec status giving me a cryptic response:
>>
>> # ipsec setup --status
>> IPsec stopped
>> but...
>> has subsystem lock (/var/lock/subsys/ipsec)!
>>
>> Anyone got any Idea whats going on? Any help will be highly appreciated.
>>
>> -SP
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110930/5eec6b99/attachment-0001.html

More information about the Users mailing list