[strongSwan-dev] Netlink Error Prevents _updown Execution
william.bloom at kinetx.com
Wed Jul 7 02:24:08 CEST 2010
This is sorted out. I am in the process of migrating from another IPsec solution to strongSwan and therefore I have both products installed side-by-side for the purpose of comparing behaviors. The old product is installed at /usr while strongSwan is installed at /usr/local, for now. Both products have an 'ipsec' command. It happens that the PATH environment variable is being altered when pluto is started such that /usr/sbin precedes /usr/local/sbin, and pluto runs the _updown script using 'ipsec _updown' (reliance on PATH). Hence the 'wrong' ipsec command was being called to start the _updown script.
From: dev-bounces+william.bloom=kinetx.com at lists.strongswan.org on behalf of William Bloom
Sent: Tue 7/6/2010 12:53 PM
To: dev at lists.strongswan.org
Subject: [strongSwan-dev] Netlink Error Prevents _updown Execution
Using strongSwan 4.4.0 on RHEL 5.1, I've noticed that the _updown script isn't being executed after phase 1 and phase 2 complete successfully in pluto. With plutodebug=all, I see that, in fact, 'ipsec _updown' command lines are indeed being executed. However, an strace log reveals that the 'ipsec _updown' subprocess is exiting before starting the _updown script due to a NETLINK error (a 'sendto()' using NETLINK address family reports connection failure). The only use of NETLINK with which I am acquainted is the Linux audit subsystem - but auditing appears to be configured properly and working fine on my system.
Is there a configuration flaw or build procedure misstep that might explain this?
Dev mailing list
Dev at lists.strongswan.org
More information about the Dev