39359 – racoon (ipsec-tools) starts after netmount, netmount can't access network without it

Bug 39359 - racoon (ipsec-tools) starts after netmount, netmount can't access network without it

Summary: racoon (ipsec-tools) starts after netmount, netmount can't access network wit...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Tim Yamin (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-01-25 08:44 UTC by Ronald Moesbergen
Modified:	2004-03-07 03:40 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ronald Moesbergen 2004-01-25 08:44:47 UTC

racoon (the ipsec ike daemon) starts after netmount, then netmount tries to reach an ipsec machine and fails. This would be solved by adding racoon as a startup dependancy for netmount. I also noticed that although racoon is started, it takes a second or two to become active, so to get it working I had to insert a 'sleep 2' in racoon's startup script. Without the 'sleep 2' netmount starts, but then freezes while trying to mount the filesystems.

Reproducible: Always
Steps to Reproduce:
1. emerge ipsec-tools & configure it
2. have network-mounted filesystems in fstab who are on a reachable-by-ipsec-only server.

Actual Results:  
netmount fails, it can't reach the server.

Expected Results:  
mount the network filesystems

Portage 2.0.50_pre20 (default-x86-1.4, gcc-3.3.2, glibc-2.3.3_pre20031222-r0,
2.6.2-rc1-mm2)
=================================================================
System uname: 2.6.2-rc1-mm2 i686 Intel(R) Pentium(R) 4 CPU 3.06GHz
Gentoo Base System version 1.4.3.12
distcc 2.11.2 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
Autoconf: sys-devel/autoconf-2.58
Automake: sys-devel/automake-1.7.8
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=pentium4 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
COMPILER="gcc3"
CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config
/usr/kde/3.1/share/config /usr/kde/3/share/config /usr/share/config
/var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d"
CXXFLAGS="-O2 -march=pentium4 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs ccache sandbox"
GENTOO_MIRRORS="http://ftp.snt.utwente.nl/pub/os/linux/gentoo"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY=""
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X acpi alsa arts avi cdr crypt dga dvd encode gif gphoto2 gtk java jpeg kde
mmx mozilla moznocompose moznoirc moznomail mpeg oggvorbis opengl pam pdflib pic
png qt quicktime radeon readline samba sse ssl tiff truetype x86 xmms zlib"

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2004-03-06 11:46:01 UTC

If you add "before netmount" to depend() in /etc/init.d/racoon, does that solve the issue? Thanks.

Comment 2 Ronald Moesbergen 2004-03-07 02:27:04 UTC

Yes, that fixes it. The '2 seconds' problem was something different: i forgot to exclude udp/500 traffic from the ipsec configuration, so the 2 racoon daemons could no longer talk because encryption was required, but no SA was present.

Comment 3 Tim Yamin (RETIRED) gentoo-dev

2004-03-07 03:40:27 UTC

Fixed in CVS; the change should reach Portage within an hour when you "emerge sync". Thanks!