[Openswan Users] Openswan porting on ARM: /etc/init.d/ipsec start unresponsive ------->to psec_setup: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Paul Wouters
paul at xelerance.com
Fri Sep 30 09:33:13 EDT 2011
On Fri, 30 Sep 2011, satpal parmar wrote:
> Jan 1 00:29:56 (none) authpriv.warn pluto[26492]: Using Linux 2.6 IPsec interface code on 2.6.37-svn3005 (experimental code)
> Jan 1 00:29:56 (none) authpriv.err pluto[26492]: FATAL ERROR: socket() in init_netlink(). Errno 93: Protocol not supported
Looks like you are missing some CONFIG_XFRM* and/or CONFIG_INET_ESP options.
> But for some reason lord pluto was not happy and I got message: ipsec_setup: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
> I goggled for error and someone suggested looking in /var/log/secure but there is no /var/log/secure.
On embedded devices you might need to send syslog to another host.
> On Fri, Sep 30, 2011 at 12:41 PM, satpal parmar <systems.satpal at gmail.com> wrote:
> Something is really fishy.
> I can see a ipsec.secrets.new file getting created in etc and with growing ' RSA {' entries.
> Something like:
>
> : RSA {
That's the scripts being restarted while running. Your fix for using /dev/urandom is not as good as just creating
the key on a quadcore desktop using ipsec newhostkey --file embedded.secrets and then transferring that file
to your device's /etc/ipsec.secrets location.
However, we should fix our initscrit to not try and generate such a slow key before starting pluto.
Paul
More information about the Users
mailing list