[strongSwan-dev] Netlink Error Prevents _updown Execution

William Bloom william.bloom at kinetx.com
Wed Jul 7 02:24:08 CEST 2010

This is sorted out.  I am in the process of migrating from another IPsec solution to strongSwan and therefore I have both products installed side-by-side for the purpose of comparing behaviors.  The old product is installed at /usr while strongSwan is installed at /usr/local, for now.  Both products have an 'ipsec' command.  It happens that the PATH environment variable is being altered when pluto is started such that /usr/sbin precedes /usr/local/sbin, and pluto runs the _updown script using 'ipsec _updown' (reliance on PATH).  Hence the 'wrong' ipsec command was being called to start the _updown script.


-----Original Message-----
From: dev-bounces+william.bloom=kinetx.com at lists.strongswan.org on behalf of William Bloom
Sent: Tue 7/6/2010 12:53 PM
To: dev at lists.strongswan.org
Subject: [strongSwan-dev] Netlink Error Prevents _updown Execution

Using strongSwan 4.4.0 on RHEL 5.1, I've noticed that the _updown script isn't being executed after phase 1 and phase 2 complete successfully in pluto.  With plutodebug=all, I see that, in fact, 'ipsec _updown' command lines are indeed being executed.  However, an strace log reveals that the 'ipsec _updown' subprocess is exiting before starting the _updown script due to a NETLINK error (a 'sendto()' using NETLINK address family reports connection failure).  The only use of NETLINK with which I am acquainted is the Linux audit subsystem - but auditing appears to be configured properly and working fine on my system.

Is there a configuration flaw or build procedure misstep that might explain this?


Dev mailing list
Dev at lists.strongswan.org

More information about the Dev mailing list