Re: [Users] 024 need --listen before --initiate... a bug, or a feature?

From: Ken Bantoft (ken_at_freeswan.ca)
Date: Wed Oct 23 2002 - 13:23:27 CEST

• Next message: Claudia Schmeing: "[Users] Latest interop document"
• Previous message: Carl Pålsson: "[Users] WinXP to FreeS/WAN (X.509) losing contact after ipsec -off"
• In reply to: Arsen Drambyan: "[Users] 024 need --listen before --initiate... a bug, or a feature?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 23 Oct 2002, Arsen Drambyan wrote:

> Hi all!
>
> I have encountered a problem, but I am not sure if it's a feature or a bug...
> Would someone help me?
>
> I use FreeSWan 1.98b now, and never had the same problem with 1.91,
> and I think with 1.96 also (though not so sure).
> I have a script doing something like:
>
> /etc/init.d/ipsec stop
> > /var/log/messages
> /etc/init.d/ipsec start
> ipsec auto --add test
> ipsec auto --up test
>
> where test is a conn-name in ipsec.conf, containing auto=ignore.
> When I run it, I get "024 need --listen before --initiate" error.
> I know, that I could have auto=start not to have such a problem...
>
> But anyway... I had such a situation, and I wanted to find that out...
> I don't say that there is no workaround...
> Is it a new speedup trick, having some parts running in
> background, while the main script returns? Or it's just a bug?
> I guess it should be a feature, and I hope someone could tell me
> how can I have turn it off... :)

Why not set "auto=add" for the test conn? Your problem is that pluto
probably hasn't loaded all the connections and started to listen before
you call "ipsec auto --add test". More recent versions start pluto
in the background, so this is why the behaviour has changed.

Otherwise, put a "sleep 5" into the script so give pluto time to loadup
the connection definitions.

It doesn't look like you can change this anymore - from "man ipsec.conf"

plutobackgroundload
                     obsolete parameter, ignored, nominally specifying whether loading and starting of con­
                     nections should be spun off as a background process to avoid startup delays. This is
                     now always done. Values were yes or no (the default).

-- 
Ken Bantoft                The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca            http://www.freeswan.ca
                           PGP Key: finger ken_at_bantoft.org
"We can factor the number 15 with quantum computers. We 
can also factor the number 15 with a dog trained to bark 
three times."       -- Robert Harley, 5/12/01, Sci.crypt
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Claudia Schmeing: "[Users] Latest interop document"
• Previous message: Carl Pålsson: "[Users] WinXP to FreeS/WAN (X.509) losing contact after ipsec -off"
• In reply to: Arsen Drambyan: "[Users] 024 need --listen before --initiate... a bug, or a feature?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Fri Oct 25 2002 - 05:20:31 CEST