FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
192 views 2 comments
by anonymous
Hi All:

I have used the /etc/init.d/ipsec disable which removes the ipsec entry from the /etc/rc.d directory.

But its starting on its own anyway.

Why?

Cheers,

John
by anonymous

from logread:

Fri Aug 27 13:46:36 2021 daemon.info syslog: 07[IKE] initiating IKE_SA SOICC[1] to A.B.C.D

Fri Aug 27 13:46:36 2021 authpriv.info syslog: 07[IKE] initiating IKE_SA SOICC[1] to A.B.C.D

What is it starting? Its disabled. What is going on here?

Cheers,

john

by anonymous

Ok.....

Look at this:

root@CORS350:~# /etc/init.d/ipsec disable

root@CORS350:~# ls -l /etc/rc.d | grep ipsec

lrwxrwxrwx    1 root     root            15 Aug 27 13:43 S120ipsec -> ../init.d/ipsec

If I run /etc/init.d/ipsec disable, ipsec should have been removed from the rc.d directory, but as you can see, it isn't.

WHY?

So I removed it manually:

root@CORS350:~# ls -l /etc/rc.d | grep ipsec

 and still:

Fri Aug 27 14:34:05 2021 authpriv.info ipsec_starter[4554]: Starting weakSwan 5.8.4 IPsec [starter]...

Fri Aug 27 14:34:05 2021 authpriv.info ipsec_starter[4554]: !! Your strongswan.conf contains manual plugin load options for charon.

Fri Aug 27 14:34:05 2021 authpriv.info ipsec_starter[4554]: !! This is recommended for experts only, see

Fri Aug 27 14:34:05 2021 authpriv.info ipsec_starter[4554]: !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad

Fri Aug 27 14:34:05 2021 user.notice ddns-scripts[4426]: myddns: PID '4426' started at 2021-08-27 14:34

Fri Aug 27 14:34:06 2021 daemon.info syslog: 00[DMN] Starting IKE charon daemon (strongSwan 5.8.4, Linux 3.18.44, mips)

It if its removed from the /etc/rc.d directory, why is it starting anyway?

How can I get it to STOP starting automatically?

Cheers,

John

1 Answer

0 votes
by anonymous

Hello,

To disable IPsec from SSH, instead of /etc/init.d/ipsec disable, you should use /etc/init.d/ipsec stop.
I tested this with 7.0 FW, and everything worked as expected. After executing the command, IPsec didn't restart automatically.

Regards,