Bug 837088
| Summary: | up-client script fails to run | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | Aleks B <sashka> |
| Component: | strongswan | Assignee: | Pavel Šimerda (pavlix) <psimerda> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | el6 | CC: | psimerda, sashka |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-01-26 16:37:36 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Aleks B
2012-07-02 17:50:41 UTC
strongswan-4.6.4-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6070/strongswan-4.6.4-1.el6 strongswan-5.0.0-1.git20120619.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/strongswan-5.0.0-1.git20120619.el6 Thanks for your bugreport. If you have enough time, please test the 5.0.0 release. It should work well without configuration changes. strongswan-4.6.4-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. Just updated to 4.6.4 - still doesn't work - still requires symlink from /usr/sbin/ipsec to /usr/sbin/strongswan Hi Alex, is it still exactly the same error? I just checked the git repo and it's been already fixed for 4.6.4: http://pkgs.fedoraproject.org/gitweb/?p=strongswan.git;a=commitdiff;h=ff3d2ec7a59e3a5c99970c96c5071d1ca2de2c2e Did you also try the 5.0.0 release? Thanks for your updates. Yes, exactly same error in 4.6.4. I didn't try 5.0.0 yet, as I've used pluto, which is now gone, and now need to change (?) config for charon. Here is output from 4.6.4: Linux strongSwan U4.6.4/K2.6.32-220.23.1.el6.x86_64 | eroute_connection add eroute 192.168.10.1/32:0 -> 0.0.0.0/0:0 => tun.0@WANIP:0 | eroute_connection add eroute 0.0.0.0/0:0 -> 192.168.10.1/32:0 => tun.0@REMOTEIP:0 | executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='ios' PLUTO_NEXT_HOP='REMOTEIP' PLUTO_INTERFACE='eth1' PLUTO_REQID='16392' PLUTO_ME='WANIP' PLUTO_MY_ID='C=CH, O=junkyard, CN=ivpn.blah.com' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='REMOTEIP' PLUTO_PEER_ID='C=CH, O=junkyard, CN=aleks' PLUTO_PEER_CLIENT='192.168.10.1/32' PLUTO_PEER_CLIENT_NET='192.168.10.1' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CH, O=junkyard, CN=junkyard CA' PLUTO_XAUTH_ID='aleks' PLUTO_UDP_ENC='3022' ipsec _updown iptables "ios"[2] REMOTEIP:3022 #2: up-client output: sh: ipsec: command not found "ios"[2] REMOTEIP:3022 #2: up-client command exited with status 12 Ah, it appears to be the same bug or one that is very similar. As 5.0.0 is not so different from 4.6.4, I would prefer if you could stick with the symlink workaround until you decide to switch to 5.0.0. You might even try the unchanged config and see if you need any modifications at all. Please see the differences here: http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1 Does apply to 5.1.1-3? http://koji.fedoraproject.org/koji/packageinfo?packageID=13302 |