[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] Issues with strongswan starting at boot on CentOS7
From: Dovid Bender <dovid () telecurve ! com>
Date: 2016-02-19 12:11:53
Message-ID: CAM3TTh3A1auNcMOOn8-Xu8H+qHP9WeNDRsfOBo41yMXA_B4veA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
I have installed StrongSwan on CentOS7 (strongswan-5.3.2-1.el7.x86_64). I
did systemctl enable strongswan.service so that it would start on boot. It
comes up but the tunnels are not established. If I do strongswan stop;
strongswan start then it works. I looked for the differences and this is
what I found. On boot:
[root@purple ~]# ps aux | grep strong
root 674 0.0 0.0 15224 1324 ? Ss 06:26 0:00
/usr/libexec/strongswan/starter --daemon charon --nofork
root 749 0.3 0.0 1381184 5828 ? Ssl 06:26 0:00
/usr/libexec/strongswan/charon
root 2310 0.0 0.0 112644 964 pts/1 S+ 06:28 0:00 grep
--color=auto strong
[root@purple ~]#
After I do: strongswan stop; strongswan start
[root@purple etc]# ps aux | grep strong
root 20025 0.0 0.0 15224 624 ? Ss 06:19 0:00
/usr/libexec/strongswan/starter --daemon charon
root 20026 0.0 0.0 1381180 5892 ? Ssl 06:19 0:00
/usr/libexec/strongswan/charon --use-syslog
root 20140 0.0 0.0 116264 3060 pts/1 S+ 06:24 0:00 nano
/usr/sbin/strongswan
root 20145 0.0 0.0 112644 964 pts/0 S+ 06:26 0:00 grep
--color=auto strong
[root@purple etc]#
Now if I do: systemctl strongswan start I am back in the same position as I
was at boot with it not working. I assume it has to to with the upstart
scripts. The contents of strongswan.service are:
[root@purple sbin]# cat /usr/lib/systemd/system/strongswan.service
[Unit]
Description=strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf
After=syslog.target
[Service]
ExecStart=/usr/sbin/strongswan start --nofork
StandardOutput=syslog
[Install]
WantedBy=multi-user.target
[root@purple sbin]#
So I am trying to understand what I need to do so that strongswan starts
correctly at boot.
NOT WORKING:
Last login: Fri Feb 19 06:19:17 2016 from 172.18.1.99
[root@purple ~]#
[root@purple ~]#
[root@purple ~]# systemctl status strongswan
â— strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using
ipsec.conf
Loaded: loaded (/usr/lib/systemd/system/strongswan.service; enabled;
vendor preset: disabled)
Active: active (running) since Fri 2016-02-19 06:27:00 EST; 22s ago
Main PID: 674 (starter)
CGroup: /system.slice/strongswan.service
â"œâ"€674 /usr/libexec/strongswan/starter --daemon charon
--nofork
â""â"€749 /usr/libexec/strongswan/charon
Feb 19 06:27:13 purple strongswan[674]: 10[CFG] received stroke: route
'purple-orange'
Feb 19 06:27:13 purple strongswan[674]: 01[CFG] received stroke: add
connection 'purple-green'
Feb 19 06:27:13 purple strongswan[674]: 01[CFG] left nor right host is our
side, assuming left=local
Feb 19 06:27:13 purple strongswan[674]: 01[CFG] added configuration
'purple-green'
Feb 19 06:27:13 purple strongswan[674]: 06[CFG] received stroke: route
'purple-green'
Feb 19 06:27:13 purple strongswan[674]: 05[KNL] interface enp0s20u3u2
activated
Feb 19 06:27:13 purple strongswan[674]: 02[KNL] interface enp4s0 activated
Feb 19 06:27:13 purple strongswan[674]: 11[KNL] 172.18.1.25 appeared on
enp0s20u3u2
Feb 19 06:27:13 purple strongswan[674]: 14[KNL] 172.18.18.25 appeared on
wlp0s20u1
Feb 19 06:27:14 purple charon[749]: 07[KNL] 10.1.5.126 appeared on enp4s0
[root@purple ~]# ps aux | grep strong
root 674 0.0 0.0 15224 1324 ? Ss 06:26 0:00
/usr/libexec/strongswan/starter --daemon charon --nofork
root 749 0.3 0.0 1381184 5828 ? Ssl 06:26 0:00
/usr/libexec/strongswan/charon
root 2310 0.0 0.0 112644 964 pts/1 S+ 06:28 0:00 grep
--color=auto strong
[root@purple ~]#
WORKING:
[root@purple etc]# systemctl status strongswan
â— strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using
ipsec.conf
Loaded: loaded (/usr/lib/systemd/system/strongswan.service; enabled;
vendor preset: disabled)
Active: inactive (dead) since Fri 2016-02-19 06:19:26 EST; 6min ago
Process: 672 ExecStart=/usr/sbin/strongswan start --nofork (code=exited,
status=0/SUCCESS)
Main PID: 672 (code=exited, status=0/SUCCESS)
Feb 19 04:13:39 purple strongswan[672]: 11[KNL] 10.1.5.129 appeared on
enp3s0
Feb 19 04:13:39 purple strongswan[672]: 12[KNL] 10.1.5.126 appeared on
enp4s0
Feb 19 05:13:55 purple charon[728]: 09[KNL] 172.18.18.25 disappeared from
wlp0s20u1
Feb 19 06:19:26 purple charon[728]: 00[DMN] signal of type SIGINT received.
Shutting down
Feb 19 06:19:26 purple strongswan[672]: 15[KNL] 172.18.18.25 appeared on
wlp0s20u1
Feb 19 06:19:26 purple strongswan[672]: 09[KNL] 172.18.18.25 disappeared
from wlp0s20u1
Feb 19 06:19:26 purple strongswan[672]: 00[DMN] signal of type SIGINT
received. Shutting down
Feb 19 06:19:26 purple ipsec_starter[672]: charon stopped after 200 ms
Feb 19 06:19:26 purple strongswan[672]: charon stopped after 200 ms
Feb 19 06:19:26 purple strongswan[672]: ipsec starter stopped
[root@purple etc]# ps aux | grep strong
root 20025 0.0 0.0 15224 624 ? Ss 06:19 0:00
/usr/libexec/strongswan/starter --daemon charon
root 20026 0.0 0.0 1381180 5892 ? Ssl 06:19 0:00
/usr/libexec/strongswan/charon --use-syslog
root 20140 0.0 0.0 116264 3060 pts/1 S+ 06:24 0:00 nano
/usr/sbin/strongswan
root 20145 0.0 0.0 112644 964 pts/0 S+ 06:26 0:00 grep
--color=auto strong
[root@purple etc]#
Regards and TIA,
Dovid
[Attachment #5 (text/html)]
<div dir="ltr"><div><div><div><div><div><div>Hi,<br><br></div>I have installed \
StrongSwan on CentOS7 (strongswan-5.3.2-1.el7.x86_64). I did systemctl enable \
strongswan.service so that it would start on boot. It comes up but the tunnels are \
not established. If I do strongswan stop; strongswan start then it works. I looked \
for the differences and this is what I found. On boot:<br>[root@purple ~]# ps aux | \
grep strong<br>root 674 0.0 0.0 15224 1324 ? Ss \
06:26 0:00 /usr/libexec/strongswan/starter --daemon charon --nofork<br>root \
749 0.3 0.0 1381184 5828 ? Ssl 06:26 0:00 \
/usr/libexec/strongswan/charon<br>root 2310 0.0 0.0 112644 964 \
pts/1 S+ 06:28 0:00 grep --color=auto strong<br>[root@purple ~]# \
<br><br></div>After I do: strongswan stop; strongswan start<br><br>[root@purple etc]# \
ps aux | grep strong<br>root 20025 0.0 0.0 15224 624 ? \
Ss 06:19 0:00 /usr/libexec/strongswan/starter --daemon charon<br>root \
20026 0.0 0.0 1381180 5892 ? Ssl 06:19 0:00 \
/usr/libexec/strongswan/charon --use-syslog<br>root 20140 0.0 0.0 116264 \
3060 pts/1 S+ 06:24 0:00 nano /usr/sbin/strongswan<br>root \
20145 0.0 0.0 112644 964 pts/0 S+ 06:26 0:00 grep --color=auto \
strong<br>[root@purple etc]# <br><br></div>Now if I do: systemctl strongswan start I \
am back in the same position as I was at boot with it not working. I assume it has to \
to with the upstart scripts. The contents of strongswan.service are:<br>[root@purple \
sbin]# cat /usr/lib/systemd/system/strongswan.service<br>[Unit]<br>Description=strongSwan \
IPsec IKEv1/IKEv2 daemon using \
ipsec.conf<br>After=syslog.target<br><br>[Service]<br>ExecStart=/usr/sbin/strongswan \
start --nofork<br>StandardOutput=syslog<br><br>[Install]<br>WantedBy=multi-user.target<br>[root@purple \
sbin]# <br><br></div>So I am trying to understand what I need to do so that \
strongswan starts correctly at boot.<br><br><br>NOT WORKING:<br>Last login: Fri Feb \
19 06:19:17 2016 from 172.18.1.99<br>[root@purple ~]# <br>[root@purple ~]# \
<br>[root@purple ~]# systemctl status strongswan<br>â— strongswan.service - \
strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf<br> Loaded: loaded \
(/usr/lib/systemd/system/strongswan.service; enabled; vendor preset: disabled)<br> \
Active: active (running) since Fri 2016-02-19 06:27:00 EST; 22s ago<br> Main PID: \
674 (starter)<br> CGroup: /system.slice/strongswan.service<br> \
â"œâ"€674 /usr/libexec/strongswan/starter --daemon charon --nofork<br> \
â""â"€749 /usr/libexec/strongswan/charon<br><br>Feb 19 06:27:13 purple \
strongswan[674]: 10[CFG] received stroke: route 'purple-orange'<br>Feb 19 \
06:27:13 purple strongswan[674]: 01[CFG] received stroke: add connection \
'purple-green'<br>Feb 19 06:27:13 purple strongswan[674]: 01[CFG] left nor \
right host is our side, assuming left=local<br>Feb 19 06:27:13 purple \
strongswan[674]: 01[CFG] added configuration 'purple-green'<br>Feb 19 \
06:27:13 purple strongswan[674]: 06[CFG] received stroke: route \
'purple-green'<br>Feb 19 06:27:13 purple strongswan[674]: 05[KNL] interface \
enp0s20u3u2 activated<br>Feb 19 06:27:13 purple strongswan[674]: 02[KNL] interface \
enp4s0 activated<br>Feb 19 06:27:13 purple strongswan[674]: 11[KNL] 172.18.1.25 \
appeared on enp0s20u3u2<br>Feb 19 06:27:13 purple strongswan[674]: 14[KNL] \
172.18.18.25 appeared on wlp0s20u1<br>Feb 19 06:27:14 purple charon[749]: 07[KNL] \
10.1.5.126 appeared on enp4s0<br>[root@purple ~]# ps aux | grep strong<br>root \
674 0.0 0.0 15224 1324 ? Ss 06:26 0:00 \
/usr/libexec/strongswan/starter --daemon charon --nofork<br>root 749 \
0.3 0.0 1381184 5828 ? Ssl 06:26 0:00 \
/usr/libexec/strongswan/charon<br>root 2310 0.0 0.0 112644 964 \
pts/1 S+ 06:28 0:00 grep --color=auto strong<br>[root@purple ~]# \
<br><br><br>WORKING:<br><br>[root@purple etc]# systemctl status strongswan<br>â— \
strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf<br> \
Loaded: loaded (/usr/lib/systemd/system/strongswan.service; enabled; vendor preset: \
disabled)<br> Active: inactive (dead) since Fri 2016-02-19 06:19:26 EST; 6min \
ago<br> Process: 672 ExecStart=/usr/sbin/strongswan start --nofork (code=exited, \
status=0/SUCCESS)<br> Main PID: 672 (code=exited, status=0/SUCCESS)<br><br>Feb 19 \
04:13:39 purple strongswan[672]: 11[KNL] 10.1.5.129 appeared on enp3s0<br>Feb 19 \
04:13:39 purple strongswan[672]: 12[KNL] 10.1.5.126 appeared on enp4s0<br>Feb 19 \
05:13:55 purple charon[728]: 09[KNL] 172.18.18.25 disappeared from wlp0s20u1<br>Feb \
19 06:19:26 purple charon[728]: 00[DMN] signal of type SIGINT received. Shutting \
down<br>Feb 19 06:19:26 purple strongswan[672]: 15[KNL] 172.18.18.25 appeared on \
wlp0s20u1<br>Feb 19 06:19:26 purple strongswan[672]: 09[KNL] 172.18.18.25 disappeared \
from wlp0s20u1<br>Feb 19 06:19:26 purple strongswan[672]: 00[DMN] signal of type \
SIGINT received. Shutting down<br>Feb 19 06:19:26 purple ipsec_starter[672]: charon \
stopped after 200 ms<br>Feb 19 06:19:26 purple strongswan[672]: charon stopped after \
200 ms<br>Feb 19 06:19:26 purple strongswan[672]: ipsec starter \
stopped<br>[root@purple etc]# ps aux | grep strong<br>root 20025 0.0 0.0 \
15224 624 ? Ss 06:19 0:00 /usr/libexec/strongswan/starter \
--daemon charon<br>root 20026 0.0 0.0 1381180 5892 ? Ssl \
06:19 0:00 /usr/libexec/strongswan/charon --use-syslog<br>root 20140 \
0.0 0.0 116264 3060 pts/1 S+ 06:24 0:00 nano \
/usr/sbin/strongswan<br>root 20145 0.0 0.0 112644 964 pts/0 S+ \
06:26 0:00 grep --color=auto strong<br>[root@purple etc]# \
<br><br><br><br></div>Regards and \
TIA,<br><br></div>Dovid<br><br><div><div><br></div></div></div>
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic