Bug 837088 - up-client script fails to run
up-client script fails to run
Status: CLOSED ERRATA
Product: Fedora EPEL
Classification: Fedora
Component: strongswan (Show other bugs)
el6
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Pavel Šimerda (pavlix)
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-02 13:50 EDT by Aleks B
Modified: 2016-10-19 06:48 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-26 11:37:36 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Aleks B 2012-07-02 13:50:41 EDT
Description of problem:
When setting up strongswan ipsec vpn, i've run into problem, that routing is not properly configured on successful connection. Upon investigation, noticed following record in log (output truncated):

| executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='ios' <truncated>
"ios"[2] 33.33.33.33:4500 #2: up-client output: sh: ipsec: command not found
"ios"[2] 33.33.33.33:4500 #2: up-client command exited with status 127

fixed this by creating symbolic link:
sudo ln -s /usr/sbin/strongswan /usr/sbin/ipsec

(I know it creates collision with another packages, but I had to get it working).

Version-Release number of selected component (if applicable):
strongswan-4.6.2-1.el6.x86_64
Comment 1 Fedora Update System 2012-07-04 19:06:16 EDT
strongswan-4.6.4-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6070/strongswan-4.6.4-1.el6
Comment 2 Fedora Update System 2012-07-04 21:20:08 EDT
strongswan-5.0.0-1.git20120619.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/strongswan-5.0.0-1.git20120619.el6
Comment 3 Pavel Šimerda (pavlix) 2012-07-04 21:29:39 EDT
Thanks for your bugreport. If you have enough time, please test the 5.0.0 release. It should work well without configuration changes.
Comment 4 Fedora Update System 2012-07-05 19:02:06 EDT
strongswan-4.6.4-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Aleks B 2012-07-09 14:15:56 EDT
Just updated to 4.6.4 - still doesn't work - still requires symlink from /usr/sbin/ipsec to /usr/sbin/strongswan
Comment 6 Pavel Šimerda (pavlix) 2012-07-10 04:20:16 EDT
Hi Alex, is it still exactly the same error? I just checked the git repo and it's been already fixed for 4.6.4:

http://pkgs.fedoraproject.org/gitweb/?p=strongswan.git;a=commitdiff;h=ff3d2ec7a59e3a5c99970c96c5071d1ca2de2c2e

Did you also try the 5.0.0 release?

Thanks for your updates.
Comment 7 Aleks B 2012-07-10 10:50:48 EDT
Yes, exactly same error in 4.6.4. 

I didn't try 5.0.0 yet, as I've used pluto, which is now gone, and now need to change (?) config for charon.
Comment 8 Aleks B 2012-07-10 11:06:03 EDT
Here is output from 4.6.4: 

Linux strongSwan U4.6.4/K2.6.32-220.23.1.el6.x86_64

| eroute_connection add eroute 192.168.10.1/32:0 -> 0.0.0.0/0:0 => tun.0@WANIP:0
| eroute_connection add eroute 0.0.0.0/0:0 -> 192.168.10.1/32:0 => tun.0@REMOTEIP:0
| executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='ios' PLUTO_NEXT_HOP='REMOTEIP' PLUTO_INTERFACE='eth1' PLUTO_REQID='16392' PLUTO_ME='WANIP' PLUTO_MY_ID='C=CH, O=junkyard, CN=ivpn.blah.com' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='REMOTEIP' PLUTO_PEER_ID='C=CH, O=junkyard, CN=aleks' PLUTO_PEER_CLIENT='192.168.10.1/32' PLUTO_PEER_CLIENT_NET='192.168.10.1' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CH, O=junkyard, CN=junkyard CA' PLUTO_XAUTH_ID='aleks' PLUTO_UDP_ENC='3022' ipsec _updown iptables
"ios"[2] REMOTEIP:3022 #2: up-client output: sh: ipsec: command not found
"ios"[2] REMOTEIP:3022 #2: up-client command exited with status 12
Comment 9 Pavel Šimerda (pavlix) 2012-07-10 12:12:21 EDT
Ah, it appears to be the same bug or one that is very similar. As 5.0.0 is not so different from 4.6.4, I would prefer if you could stick with the symlink workaround until you decide to switch to 5.0.0. 

You might even try the unchanged config and see if you need any modifications at all.

Please see the differences here:

http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1
Comment 10 Pavel Šimerda (pavlix) 2014-01-08 08:11:14 EST
Does apply to 5.1.1-3?

http://koji.fedoraproject.org/koji/packageinfo?packageID=13302

Note You need to log in before you can comment on or make changes to this bug.