[Openswan Users] Openswan porting on ARM: /etc/init.d/ipsec start unresponsive ------->to psec_setup: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")

[Paul Wouters]

On Fri, 30 Sep 2011, satpal parmar wrote:

> Jan  1 00:29:56 (none) authpriv.warn pluto[26492]: Using Linux 2.6 IPsec interface code on 2.6.37-svn3005 (experimental code)
> Jan  1 00:29:56 (none) authpriv.err pluto[26492]: FATAL ERROR: socket() in init_netlink(). Errno 93: Protocol not supported

Looks like you are missing some CONFIG_XFRM* and/or CONFIG_INET_ESP options.


> But for some reason lord pluto was not happy and I got message: ipsec_setup: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
> I goggled for error and someone suggested looking in /var/log/secure but there is no /var/log/secure.

On embedded devices you might need to send syslog to another host.

> On Fri, Sep 30, 2011 at 12:41 PM, satpal parmar <systems.satpal at gmail.com> wrote:
>       Something is really fishy. 
> I can see a ipsec.secrets.new file getting created  in etc and with growing ' RSA   {' entries.  
> Something like:
> 
> : RSA   {

That's the scripts being restarted while running. Your fix for using /dev/urandom is not as good as just creating
the key on a quadcore desktop using ipsec newhostkey --file embedded.secrets and then transferring that file
to your device's /etc/ipsec.secrets location.

However, we should fix our initscrit to not try and generate such a slow key before starting pluto.

Paul