[Openswan Users] Pluto not running
Miguel Goyanes
mgoyanes at gmail.com
Mon Nov 11 06:34:09 UTC 2013
Hello.
I'm failing to start ipsec.
If I do the below commands I get this message:
[root at localhost ~]# service ipsec start
Redirecting to /bin/systemctl start ipsec.service
[root at localhost ~]# service ipsec status
Redirecting to /bin/systemctl status ipsec.service
ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
Loaded: loaded (/usr/lib/systemd/system/ipsec.service; disabled)
Active: failed (Result: start-limit) since Mon 2013-11-11 11:28:08 WET;
1s ago
Process: 18430 ExecStopPost=/sbin/ip xfrm state flush (code=exited,
status=0/SUCCESS)
Process: 18428 ExecStopPost=/sbin/ip xfrm policy flush (code=exited,
status=0/SUCCESS)
Process: 18425 ExecStop=/usr/sbin/ipsec whack --shutdown (code=exited,
status=1/FAILURE)
Process: 18421 ExecStart=/bin/sh -c eval `/usr/libexec/ipsec/pluto
--config /etc/ipsec.conf --nofork $PLUTO_OPTIONS` (code=exited,
status=0/SUCCESS)
Process: 18354 ExecStartPre=/usr/libexec/ipsec/_stackmanager start
(code=exited, status=0/SUCCESS)
Process: 18352 ExecStartPre=/usr/sbin/ipsec addconn --config
/etc/ipsec.conf --checkconfig (code=exited, status=0/SUCCESS)
Nov 11 11:28:08 localhost.localdomain systemd[1]: Unit ipsec.service
entered failed state.
Nov 11 11:28:08 localhost.localdomain systemd[1]: ipsec.service holdoff
time over, scheduling restart.
Nov 11 11:28:08 localhost.localdomain systemd[1]: Stopping Internet Key
Exchange (IKE) Protocol Daemon for IPsec...
Nov 11 11:28:08 localhost.localdomain systemd[1]: Starting Internet Key
Exchange (IKE) Protocol Daemon for IPsec...
Nov 11 11:28:08 localhost.localdomain systemd[1]: ipsec.service start
request repeated too quickly, refusing to start.
Nov 11 11:28:08 localhost.localdomain systemd[1]: Failed to start Internet
Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 11 11:28:08 localhost.localdomain systemd[1]: Unit ipsec.service
entered failed state.
Then if I check:
[root at localhost ~]# ipsec verify
Verifying installed system and configuration files
Version check and ipsec on-path [OK]
Libreswan 3.5 (netkey) on 3.11.1-200.fc19.x86_64
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [NOT DISABLED]
Disable /proc/sys/net/ipv4/conf/*/send_redirects or NETKEY will act on or
cause sending of bogus ICMP redirects!
ICMP default/accept_redirects [NOT DISABLED]
Disable /proc/sys/net/ipv4/conf/*/accept_redirects or NETKEY will act on
or cause sending of bogus ICMP redirects!
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Hardware random device [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/cint0/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/default/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/gw0/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/p2p1/rp_filter [ENABLED]
/proc/sys/net/ipv4/conf/rw0/rp_filter [ENABLED]
rp_filter is not fully aware of IPsec and should be disabled
Checking that pluto is running [FAILED]
Checking NAT and MASQUERADEing [TEST INCOMPLETE]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPS [PRESENT]
Checking for obsolete ipsec.conf options [OK]
Opportunistic Encryption [DISABLED]
ipsec verify: encountered 15 errors - see 'man ipsec_verify' for help
My /var/log/secure has this:
Nov 11 11:28:08 localhost pluto[18424]: nss directory plutomain:
/etc/ipsec.d
Nov 11 11:28:08 localhost pluto[18424]: NSS initialization failed (err
-8015)
Please help me. How can I fix this error???
Thanks,
Miguel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20131111/db8ddcb9/attachment-0001.html>
More information about the Users
mailing list