Several of my systems with ClearOS 6.8 are unable to stop/start the basic ipsec tunnels from the GUI interface since a recent yum update.
It looks like OpenSwan was removed and LibreSwan installed.
I can stop and start using the "service ipsec stop/start" command at the root prompt, but not via the web and it doesn't now auto start on reboot.
Anybody else seen this and found a solution?
It looks like OpenSwan was removed and LibreSwan installed.
I can stop and start using the "service ipsec stop/start" command at the root prompt, but not via the web and it doesn't now auto start on reboot.
Anybody else seen this and found a solution?
Share this post:
Responses (7)
-
Accepted Answer
That was a one-line bug fix that should have been backported from ClearOS 7 for 6.8. That fix is now done (git diff) and the update is on the way to the mirrors. I'll push it through the updates systems quickly -- it's a trivial fix. -
Accepted Answer
Are you sure IPsec is not starting?
There is a known bug where the tunnel status does not show correctly (at all?) on systems running libreswan - bug 9201. I may try and ping Tim sometime as he is hardly around on the forums anymore.
There is also a major bug which has recently been filed where you can't manage the interface if IPsec is not running.
For your last issue about auto starting, you can make libreswan start automatically through the webconfig (system > modules?) but I can't check exactly where at the moment. The easiest thing to do is issue the command "chkconfig libreswan on" -
Accepted Answer
Thanks for responding and your right 'ipsec' was not in the chkconfig list so I added it as you stated. I would have thought that the ClearOS update should have done that automatically though!
No matter auto start or ipsec works now.
As far as stop and start from the GUI is concerned - Yes I have checked if the ipsec/pluto process is running or not and the GUI does not affect it. Like I said only the 'service ipsec [start/stop]' command actually stops or starts pluto.
The /var/log/system log shows the following:
Attempt to start from GUI
Jan 10 16:21:14 firewall4 engine: exception: error: /usr/clearos/apps/base/libraries/Daemon.php (511): Software is not installed
Jan 10 16:21:14 firewall4 engine: exception: debug backtrace: /usr/clearos/apps/base/controllers/daemon.php (122): set_running_state
Jan 10 16:21:14 firewall4 engine: exception: debug backtrace: GUI (0): start
Jan 10 16:21:14 firewall4 engine: exception: debug backtrace: /usr/clearos/framework/system/core/CodeIgniter.php (359): call_user_func_array
Jan 10 16:21:14 firewall4 engine: exception: debug backtrace: /usr/clearos/framework/htdocs/app/index.php (222): require_once
Jan 10 16:21:14 firewall4 engine: exception: error: /usr/clearos/apps/base/libraries/Daemon.php (511): Software is not installed
Jan 10 16:21:14 firewall4 engine: exception: debug backtrace: /usr/clearos/apps/base/controllers/daemon.php (128): set_running_state
Jan 10 16:21:14 firewall4 engine: exception: debug backtrace: GUI (0): start
Jan 10 16:21:14 firewall4 engine: exception: debug backtrace: /usr/clearos/framework/system/core/CodeIgniter.php (359): call_user_func_array
Jan 10 16:21:14 firewall4 engine: exception: debug backtrace: /usr/clearos/framework/htdocs/app/index.php (222): require_once
Attempt to stop from GUI
Jan 10 16:18:31 firewall4 engine: exception: error: /usr/clearos/apps/base/libraries/Daemon.php (511): Software is not installed
Jan 10 16:18:31 firewall4 engine: exception: debug backtrace: /usr/clearos/apps/base/controllers/daemon.php (146): set_running_state
Jan 10 16:18:31 firewall4 engine: exception: debug backtrace: GUI (0): stop
Jan 10 16:18:31 firewall4 engine: exception: debug backtrace: /usr/clearos/framework/system/core/CodeIgniter.php (359): call_user_func_array
Jan 10 16:18:31 firewall4 engine: exception: debug backtrace: /usr/clearos/framework/htdocs/app/index.php (222): require_once
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Andy Ludgate wrote:
Thanks for git diff link, I don't know how long the update will take to come through, but I applied the packaging/ipsec.php change and now I can control ipsec from the GUI.
Presumably that shouldn't upset the update, will it?
That won't upset the update - you are good to go.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »