From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefan Schantl To: development@lists.ipfire.org Subject: Re: [Development] Strongswan 5.0.0 Date: Tue, 07 Aug 2012 13:09:12 +0200 Message-ID: <5020F758.4070105@ipfire.org> In-Reply-To: <1344287515.7540.32.camel@rice-oxley.tremer.info> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1263404074820478990==" List-Id: --===============1263404074820478990== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hello Michael, your commands work without any problems - IPSec will be stopped an started as I already have written. After some work I found the problem in the vpnmain.cgi. In the shipped file of your update, there is the line missing which stores the information if the service is enabled or not. After I've manually added it again, I was able to stop and disable IPSec from the WUI. I've created a patchfile for you - please check and apply it. Thanks Stefan > Please try to manually stop strongswan with the helper tool: > > ipsecctrl D > > Try to start it again with: > > ipsecctrl S > > On Mon, 2012-08-06 at 21:48 +0200, Stefan Schantl wrote: >> Hello Michael, >> >> I've tested to stop IPSec from shell which worked without problems. But >> if I try to disable and stop it from the WUI, by >> unsing the checkbox the service does a restart and no shutdown. >> >> I've looked inside the error_log from the httpd, and found the following >> lines: >> >> [Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] IPSec >> enabled on orange but orange interface is invalid or not found, referer: >> https://gate.xxx:444/cgi-bin/vpnmain.cgi >> [Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] IPSec >> enabled on blue but blue interface is invalid or not found, referer: >> https://gate.xxx:444/cgi-bin/vpnmain.cgi >> [Mon Aug 06 21:42:08 2012] [error] [client 192.168.xxx.xxx] Stopping >> strongSwan IPsec..., referer: https://gate.xxx:444/cgi-bin/vpnmain.cgi >> [Mon Aug 06 21:42:12 2012] [error] [client 192.168.xxx.xxx] Starting >> strongSwan 5.0.0 IPsec [starter]..., referer: >> https://gate.xxx:444/cgi-bin/vpnmain.cgi >> [Mon Aug 06 21:42:12 2012] [error] [client 192.168.xxx.xxx] , referer: >> https://gate.xxx:444/cgi-bin/vpnmain.cgi >> >> Why are there entries about an orange and blue network, I don't have one >> of them...... >> >> Do you have any idea about that ? >> >> Stefan >> >>> On Mon, 2012-08-06 at 17:21 +0200, Stefan Schantl wrote: >>>> The only bad point, I've to report is, that after the update I can't >>>> disable IPSec over the WUI anymore - may other testers will report the >>>> same issue. >>> What is the exact problem? Did you get an internal server error from the >>> CGI script? Need a more precise error report. >>> >>> Michael >>> >>> >> _______________________________________________ >> SIG-VPN mailing list >> SIG-VPN(a)lists.ipfire.org >> http://lists.ipfire.org/mailman/listinfo/sig-vpn > --===============1263404074820478990== Content-Type: text/x-patch Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="ipsec-fix-stopping-on-wui.patch" MIME-Version: 1.0 IyBUaGlzIHBhdGNoIGZpeGVzIHRoZSBwcm9ibGVtLCB0byBkaXNhYmxlIGFuZCBzdG9wIHRoZSBj b21wbGV0ZSBJUFNlYyBzZXJ2aWNlCiMgYnkgdXNpbmcgdGhlIFdlYmludGVyZmFjZS4KLS0tIHZw bm1haW4uY2dpX29sZAkyMDEyLTA4LTA3IDEyOjU4OjMxLjcwMTA4NjcwMCArMDIwMAorKysgdnBu bWFpbi5jZ2kJMjAxMi0wOC0wNyAxMjo1NTo0NC42Mjc2MjQ2MjQgKzAyMDAKQEAgLTQzNiw2ICs0 MzYsNyBAQAogCWdvdG8gU0FWRV9FUlJPUjsKICAgICB9CiAKKyAgICAkdnBuc2V0dGluZ3N7J0VO QUJMRUQnfSA9ICRjZ2lwYXJhbXN7J0VOQUJMRUQnfTsKICAgICAkdnBuc2V0dGluZ3N7J1ZQTl9J UCd9ID0gJGNnaXBhcmFtc3snVlBOX0lQJ307CiAgICAgJHZwbnNldHRpbmdzeydWUE5fREVMQVlF RF9TVEFSVCd9ID0gJGNnaXBhcmFtc3snVlBOX0RFTEFZRURfU1RBUlQnfTsKICAgICAkdnBuc2V0 dGluZ3N7J1JXX05FVCd9ID0gJGNnaXBhcmFtc3snUldfTkVUJ307Cg== --===============1263404074820478990==--