[strongSwan] Issues with strongswan starting at boot on CentOS7

Dovid Bender dovid at telecurve.com
Fri Feb 19 13:11:53 CET 2016 

Hi,

I have installed StrongSwan on CentOS7 (strongswan-5.3.2-1.el7.x86_64). I
did systemctl enable strongswan.service so that it would start on boot. It
comes up but the tunnels are not established. If I do strongswan stop;
strongswan start then it works. I looked for the differences and this is
what I found. On boot:
[root at purple ~]# ps aux | grep strong
root       674  0.0  0.0  15224  1324 ?        Ss   06:26   0:00
/usr/libexec/strongswan/starter --daemon charon --nofork
root       749  0.3  0.0 1381184 5828 ?        Ssl  06:26   0:00
/usr/libexec/strongswan/charon
root      2310  0.0  0.0 112644   964 pts/1    S+   06:28   0:00 grep
--color=auto strong
[root at purple ~]#

After I do: strongswan stop; strongswan start

[root at purple etc]# ps aux | grep strong
root     20025  0.0  0.0  15224   624 ?        Ss   06:19   0:00
/usr/libexec/strongswan/starter --daemon charon
root     20026  0.0  0.0 1381180 5892 ?        Ssl  06:19   0:00
/usr/libexec/strongswan/charon --use-syslog
root     20140  0.0  0.0 116264  3060 pts/1    S+   06:24   0:00 nano
/usr/sbin/strongswan
root     20145  0.0  0.0 112644   964 pts/0    S+   06:26   0:00 grep
--color=auto strong
[root at purple etc]#

Now if I do: systemctl strongswan start I am back in the same position as I
was at boot with it not working. I assume it has to to with the upstart
scripts. The contents of strongswan.service are:
[root at purple sbin]# cat  /usr/lib/systemd/system/strongswan.service
[Unit]
Description=strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf
After=syslog.target

[Service]
ExecStart=/usr/sbin/strongswan start --nofork
StandardOutput=syslog

[Install]
WantedBy=multi-user.target
[root at purple sbin]#

So I am trying to understand what I need to do so that strongswan starts
correctly at boot.


NOT WORKING:
Last login: Fri Feb 19 06:19:17 2016 from 172.18.1.99
[root at purple ~]#
[root at purple ~]#
[root at purple ~]# systemctl status strongswan
● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using
ipsec.conf
   Loaded: loaded (/usr/lib/systemd/system/strongswan.service; enabled;
vendor preset: disabled)
   Active: active (running) since Fri 2016-02-19 06:27:00 EST; 22s ago
 Main PID: 674 (starter)
   CGroup: /system.slice/strongswan.service
           ├─674 /usr/libexec/strongswan/starter --daemon charon
--nofork
           └─749 /usr/libexec/strongswan/charon

Feb 19 06:27:13 purple strongswan[674]: 10[CFG] received stroke: route
'purple-orange'
Feb 19 06:27:13 purple strongswan[674]: 01[CFG] received stroke: add
connection 'purple-green'
Feb 19 06:27:13 purple strongswan[674]: 01[CFG] left nor right host is our
side, assuming left=local
Feb 19 06:27:13 purple strongswan[674]: 01[CFG] added configuration
'purple-green'
Feb 19 06:27:13 purple strongswan[674]: 06[CFG] received stroke: route
'purple-green'
Feb 19 06:27:13 purple strongswan[674]: 05[KNL] interface enp0s20u3u2
activated
Feb 19 06:27:13 purple strongswan[674]: 02[KNL] interface enp4s0 activated
Feb 19 06:27:13 purple strongswan[674]: 11[KNL] 172.18.1.25 appeared on
enp0s20u3u2
Feb 19 06:27:13 purple strongswan[674]: 14[KNL] 172.18.18.25 appeared on
wlp0s20u1
Feb 19 06:27:14 purple charon[749]: 07[KNL] 10.1.5.126 appeared on enp4s0
[root at purple ~]# ps aux | grep strong
root       674  0.0  0.0  15224  1324 ?        Ss   06:26   0:00
/usr/libexec/strongswan/starter --daemon charon --nofork
root       749  0.3  0.0 1381184 5828 ?        Ssl  06:26   0:00
/usr/libexec/strongswan/charon
root      2310  0.0  0.0 112644   964 pts/1    S+   06:28   0:00 grep
--color=auto strong
[root at purple ~]#


WORKING:

[root at purple etc]# systemctl status strongswan
● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using
ipsec.conf
   Loaded: loaded (/usr/lib/systemd/system/strongswan.service; enabled;
vendor preset: disabled)
   Active: inactive (dead) since Fri 2016-02-19 06:19:26 EST; 6min ago
  Process: 672 ExecStart=/usr/sbin/strongswan start --nofork (code=exited,
status=0/SUCCESS)
 Main PID: 672 (code=exited, status=0/SUCCESS)

Feb 19 04:13:39 purple strongswan[672]: 11[KNL] 10.1.5.129 appeared on
enp3s0
Feb 19 04:13:39 purple strongswan[672]: 12[KNL] 10.1.5.126 appeared on
enp4s0
Feb 19 05:13:55 purple charon[728]: 09[KNL] 172.18.18.25 disappeared from
wlp0s20u1
Feb 19 06:19:26 purple charon[728]: 00[DMN] signal of type SIGINT received.
Shutting down
Feb 19 06:19:26 purple strongswan[672]: 15[KNL] 172.18.18.25 appeared on
wlp0s20u1
Feb 19 06:19:26 purple strongswan[672]: 09[KNL] 172.18.18.25 disappeared
from wlp0s20u1
Feb 19 06:19:26 purple strongswan[672]: 00[DMN] signal of type SIGINT
received. Shutting down
Feb 19 06:19:26 purple ipsec_starter[672]: charon stopped after 200 ms
Feb 19 06:19:26 purple strongswan[672]: charon stopped after 200 ms
Feb 19 06:19:26 purple strongswan[672]: ipsec starter stopped
[root at purple etc]# ps aux | grep strong
root     20025  0.0  0.0  15224   624 ?        Ss   06:19   0:00
/usr/libexec/strongswan/starter --daemon charon
root     20026  0.0  0.0 1381180 5892 ?        Ssl  06:19   0:00
/usr/libexec/strongswan/charon --use-syslog
root     20140  0.0  0.0 116264  3060 pts/1    S+   06:24   0:00 nano
/usr/sbin/strongswan
root     20145  0.0  0.0 112644   964 pts/0    S+   06:26   0:00 grep
--color=auto strong
[root at purple etc]#



Regards and TIA,

Dovid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160219/4a2012e9/attachment.html>

More information about the Users mailing list