IPSec won't start in latest snapshot.



  • Loaded up latest snapshot in my lab, wanted to test IPsec, and it won't start.  Getting this in system log:

    php-fpm[77668]: /status_services.php: The command '/usr/local/sbin/ipsec start' returned exit code '1', the output was 'Shared object "libstrongswan.so.0" not found, required by "starter"'

    Everytime I try to force start, it immediately goes back to stopped.

    For reference, this is the build I loaded:  pfSense-LiveCD-2.2-BETA-amd64-20140917-1610


  • Developer Netgate Administrator

    Please try next snapshots, it should be ok now.



  • Yes, IPsec starts now; I will test it further later today.

    But I also noticed:

    • ipsec pki is missing (was added by Ermal earlier, now it's gone again)

    • The 'apply' button does not function on the ipsec pre-shared keys tab.  One must go to another tab, and then hit the apply button.

    • the miniupnpd service does not start and cannot be restarted.

    • the bandwidthd package is not re-installed; bandwidthd segfaults after installing the package manually:```
      Sep 19 07:53:56 pfsense kernel: pid 47762 (bandwidthd), uid 0: exited on signal 11
      Sep 19 07:33:58 pfsense php: rc.bootup: Finished uninstalling package bandwidthd
      Sep 19 07:33:58 pfsense php: rc.bootup: Reinstalling package bandwidthd
      Sep 19 07:34:08 pfsense php: rc.bootup: XML_RPC_Client: Connection to RPC server                                packages
      .pfsense.org:443 failed. Operation timed out 103
      Sep 19 07:34:08 pfsense php: rc.bootup: XMLRPC communication error: Operation timed out
      Sep 19 07:34:08 pfsense php: rc.bootup: Finished installing package bandwidthd
      Sep 19 07:34:08 pfsense php: rc.bootup: Finished reinstalling all packages.

    Sep 19 07:53:54 pfsense kernel: pid 47354 (bandwidthd), uid 0: exited on signal 11
    Sep 19 07:53:54 pfsense kernel: pid 47497 (bandwidthd), uid 0: exited on signal 11
    Sep 19 07:53:56 pfsense kernel: pid 47762 (bandwidthd), uid 0: exited on signal 11
    Sep 19 07:54:05 pfsense kernel: pid 47826 (bandwidthd), uid 0: exited on signal 11
    Sep 19 07:57:19 pfsense kernel: pid 15345 (bandwidthd), uid 0: exited on signal 11
    Sep 19 07:57:25 pfsense kernel: pid 15618 (bandwidthd), uid 0: exited on signal 11


  • Developer Netgate Administrator

    Please check next round of snapshots. bandwidthd was not touched recently, I'll check it anyway.



    • The 'apply' button does not function on the ipsec pre-shared keys tab.  One must go to another tab, and then hit the apply button.

    fixed in new snaps.



  • @Renato:

    Please check next round of snapshots. bandwidthd was not touched recently, I'll check it anyway.

    Thanks! I can confirm IPsec pki is back, and miniupnpd is starting up OK again.

    @ermal:

    • The 'apply' button does not function on the ipsec pre-shared keys tab.  One must go to another tab, and then hit the apply button.

    fixed in new snaps.

    No, sorry, it still the same problem.  I make a change, say adding a PSK pair and hit 'save' radio button.  Table is updated & displayed, but the 'apply' change radio button does nothing.  Going to another tab and hitting the apply button does update the files in /var/etc/ipsec.  I confirmed that this snapshot does have the fix Ermal applied here: https://redmine.pfsense.org/projects/pfsense/repository/revisions/130a84c56839b2b36bad0630b2d7f97a39df4fe4



  • @Renato:

    bandwidthd was not touched recently, I'll check it anyway.

    Bandwidthd does not segfault any longer, after a re-install.  I had removed the package prior to the update, so I will see how the package upgrade is handled next time I update pfSense.  Thanks!


  • Developer Netgate Administrator

    @charliem:

    @ermal:

    • The 'apply' button does not function on the ipsec pre-shared keys tab.  One must go to another tab, and then hit the apply button.

    fixed in new snaps.

    No, sorry, it still the same problem.  I make a change, say adding a PSK pair and hit 'save' radio button.  Table is updated & displayed, but the 'apply' change radio button does nothing.  Going to another tab and hitting the apply button does update the files in /var/etc/ipsec.  I confirmed that this snapshot does have the fix Ermal applied here: https://redmine.pfsense.org/projects/pfsense/repository/revisions/130a84c56839b2b36bad0630b2d7f97a39df4fe4

    I pushed a fix for that.


Log in to reply