search

strongswan / strongswan

strongSwan - IPsec-based VPN
https://www.strongswan.org
Other
2.3k stars 783 forks source link

upgraded to centos stream, strongswan-services won't start #247

Closed chuks-ojinnaka closed 1 year ago

chuks-ojinnaka commented 3 years ago

my vpn works perfectly, however after upgrading from centos8 to centos stream I am not able to load strongswan-services. Could you let me know if there are know issues , Am running strongswan-5.9.1. Below are the error logs:

systemctl status strongswan-starter.service ● strongswan-starter.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf Loaded: loaded (/usr/lib/systemd/system/strongswan-starter.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Wed 2021-03-10 14:29:03 GMT; 1h 20min ago Process: 997 ExecStart=/usr/sbin/ipsec start --nofork (code=exited, status=1/FAILURE) Main PID: 997 (code=exited, status=1/FAILURE)

Mar 10 14:29:03 localhost.localdomain systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf. Mar 10 14:29:03 coniston.xx.xx.xx.uk ipsec[997]: /usr/sbin/ipsec: unknown option "--nofork" (perhaps command name was omitted?) Mar 10 14:29:03 coniston.xx.xx.xx.uk systemd[1]: strongswan-starter.service: Main process exited, code=exited, status=1/FAILURE Mar 10 14:29:03 coniston.xx.xx.xx.uk systemd[1]: strongswan-starter.service: Failed with result 'exit-code'.

var/log/messages:

Mar 10 15:53:25 coniston systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf. Mar 10 15:53:25 coniston ipsec[1574]: /usr/sbin/ipsec: unknown option "--nofork" (perhaps command name was omitted?) Mar 10 15:53:25 coniston systemd[1]: strongswan-starter.service: Main process exited, code=exited, status=1/FAILURE Mar 10 15:53:25 coniston systemd[1]: strongswan-starter.service: Failed with result 'exit-code'.

Thermi commented 3 years ago

Check what package /usr/sbin/ipsec belongs to. If it belongs to libreswan, you forgot the rename the ipsec binary of strongSwan to strongswan (because that's one of the things that are done in RPM packaging on RedHat platforms (RHEL, Fedora, CentOS, ...). Besides that, they moved the configs all from /etc into /etc/stronswan (e.g. /etc/strongswan/strongswan.d).

pemensik commented 3 years ago

Please report bugs in EPEL packages to Red Hat bugzilla, component strongswan. If that packages are broken, we would like to know it.

Are you sure you did not override ExecStart ofr the service? It uses different command on Fedora, I do not think it should be different on EPEL8.

# systemctl cat strongswan-starter
# /usr/lib/systemd/system/strongswan-starter.service
[Unit]
Description=strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf
After=syslog.target network-online.target

[Service]
ExecStart=/usr/sbin/strongswan start --nofork
Restart=on-abnormal
RuntimeDirectory=strongswan
RuntimeDirectoryMode=0755

[Install]
WantedBy=multi-user.target

It should not require renaming ipsec, which indeed belongs to libreswan package. That is official part of RHEL8 (CentOS8 Stream), which should not be modified by strongswan package. It should allow both installed at the same time.