Bug 192401 - IPSEC interface does not come up
IPSEC interface does not come up
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: initscripts (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-19 08:20 EDT by Andrea Mennini
Modified: 2014-03-16 22:59 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-30 10:16:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrea Mennini 2006-05-19 08:20:28 EDT
Description of problem:

I'm trying to set uo a FC4 box, kernel 2.6.16-1.2108_FC4 having a
dynamic IP as a VPN client in order to allow it to connect to
headquarter lan, having a static ip.

I've written a script named ifcfg-ipsec0:

TYPE=IPsec
ONBOOT=yes
SRCGW=192.168.2.254
DSTGW=192.168.1.254
SRCNET=192.168.2.0/24
DSTNET=192.168.1.0/24
DST=1.2.3.4

and I've put it in /etc/sysconfig/network-scripts

When I issue a ifup ipsec I have the following error

RTNETLINK answers: invalid argument

I've tried to strace it, and that's the result (a snippet of):

--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WNOHANG) = 4285
waitpid(-1, 0xbffee1b8, WNOHANG)        = -1 ECHILD (No child processes)
sigreturn()                             = ? (mask now [])
rt_sigaction(SIGCHLD, {0x807871f, [], 0}, {0x807871f, [], 0}, 8) = 0
close(4)                                = 0
read(3, "10.20.1.2\n", 128)             = 10
read(3, "", 128)                        = 0
close(3)                                = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x80760d4, [], 0}, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGINT, {SIG_DFL}, {0x80760d4, [], 0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
read(255, "\n\nif [ \"$KEYING\" = \"manual\" ]; t"..., 8077) = 5401
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
stat64(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
stat64("/sbin/ip", {st_mode=S_IFREG|0755, st_size=124168, ...}) = 0
access("/sbin/ip", X_OK)                = 0
stat64("/sbin/ip", {st_mode=S_IFREG|0755, st_size=124168, ...}) = 0
access("/sbin/ip", X_OK)                = 0
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
clone(child_stack=0,
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7fe3708) = 4288
RTNETLINK answers: Invalid argument
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 2}], WNOHANG) = 4288
waitpid(-1, 0xbffebcf8, WNOHANG)        = -1 ECHILD (No child processes)
sigreturn()                             = ? (mask now [])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGINT, {0x80760d4, [], 0}, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGINT, {SIG_DFL}, {0x80760d4, [], 0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
clone(child_stack=0,
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xb7fe3708) = 4289
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---

I've tried to set up the script using network applet in Desktop ->
System settings menu, but the script is identical and the error too.

Version-Release number of selected component (if applicable):

kernel 2.6.16-1.2108_FC4

How reproducible:

Always

Steps to Reproduce:
1. Go to Desktop -> System Settings -> Network
2. Click on "IPsec" tab
3. Click on "New" button
4. Click on "Forward button"
5. Give some name (e.g. myipsec)
6. Choose either "Host to Host encryption" or "Network to Network encryption" 
7. Select "Manual encryption with a fixed key"
8. Fill in the form for local network. E.g. local network address 192.168.2.2,
local subnet mask 255.255.255.0, local network gateway 192.168.2.1
9. Fill in the form for remote network. E.g. remote ip address 217.12.1.28 (this
is obviously a fake public address), remote network address 192.168.1.0, remote
subnet mask 255.255.255.0, remote subnet gateway 192.168.1.1
10. Enter authentication and encryption key, click on "Forward" button, and then
on "Apply" button
11. Click on activate button

Actual results:
RTNETLINK answers: invalid argument

Expected results:

interface comes up
Additional info:

this happens either with network manager, or with a hand made ifcg-ipsec script
Comment 1 Andrea Mennini 2006-05-21 09:29:00 EDT
More news:

I did a 

sh -x ifup ipsec0

and the script gives the error when it tries to run the following:

exec /etc/sysconfig/network-scripts/ifup-ipsec ifcfg-ipsec0

Then, doing a 

sh -x ifup-ipsec ifcfg-ipsec0

the error is when this command is issued:

ip route add to <destination network> via <local default gw> src <local default gw>

(of course instead of <...> there were the real IP's).

Therefore, there should be something wrong in ifup-ipsec




Comment 2 Miloslav Trmač 2006-05-30 10:16:59 EDT
$SRCGW should be the address of the "IPsec gateway" on $SRCNEET, not the
default gateway for $SRCNET.

Usually $SRCGW can be determined automatically, so it is easiest not to
specify it at all.

Note You need to log in before you can comment on or make changes to this bug.