Re: [Shorewall-users] shorewall-init fails & 1 provider (vpn) interface unusable on boot -- but sys ends up fully up & running after boot anyway. why?

[PGNd]

@ central mgmt

        rpm -ql shorewall-4.6.3.3-155.1.noarch | grep .*Providers.pm
                /usr/lib/perl5/vendor_perl/5.18.1/Shorewall/Providers.pm

        cd /usr/lib/perl5/vendor_perl/5.18.1/Shorewall
        patch -p4 < ~/shorewall-init.patch
                patching file Compiler.pm
                patching file Providers.pm

compile & push to remote

system REBOOT remote
...

journalctl -b | grep -i shorewall | grep -iv shorewall6
        Sep 14 10:20:17 core shorewall-init[930]: Initializing "Shorewall-based 
firewalls":
        Sep 14 10:20:17 core systemd[1]: shorewall-init.service: main process 
exited, code=exited, status=1/FAILURE
        Sep 14 10:20:17 core systemd[1]: Failed to start Shorewall IPv4 
firewall.
        Sep 14 10:20:17 core systemd[1]: Unit shorewall-init.service entered 
failed state.
        Sep 14 10:21:21 core systemd[1]: Starting shorewall-lite...
        Sep 14 10:21:21 core shorewall-lite[3239]: Starting Shorewall Lite....
        Sep 14 10:21:23 core shorewall-lite[3239]: OK ping @ INTFC=eth0
        Sep 14 10:21:23 core shorewall-lite[3239]: Initializing...
        Sep 14 10:21:24 core shorewall-lite[3239]: Processing init user exit ...
        Sep 14 10:21:25 core shorewall-lite[3239]: Processing tcclear user exit 
...
        Sep 14 10:21:25 core shorewall-lite[3239]: Setting up Route Filtering...
        Sep 14 10:21:25 core shorewall-lite[3239]: Setting up Martian Logging...
        Sep 14 10:21:25 core shorewall-lite[3239]: Setting up Accept Source 
Routing...
        Sep 14 10:21:25 core shorewall-lite[3239]: Setting up Proxy ARP...
        Sep 14 10:21:25 core shorewall-lite[3239]: Adding Providers...
        Sep 14 10:21:25 core shorewall-lite[3239]: WARNING: Interface tun1 is 
not usable -- Provider prov2 (2) not Started
        Sep 14 10:21:25 core shorewall-lite[3239]: Preparing iptables-restore 
input...
        Sep 14 10:21:25 core shorewall-lite[3239]: Running 
/usr/sbin/iptables-restore...
        Sep 14 10:21:25 core shorewall-lite[3239]: IPv4 Forwarding Enabled
        Sep 14 10:21:25 core shorewall-lite[3239]: Processing start user exit 
...
        Sep 14 10:21:25 core shorewall-lite[3239]: Processing started user exit 
...
        Sep 14 10:21:25 core logger[3777]: Shorewall Lite started
        Sep 14 10:21:25 core shorewall-lite[3239]: done.
        Sep 14 10:21:25 core systemd[1]: Starting Shorewall-Lite.

but, as before, after full boot, the provider routes are 'up', and the 
other-end of the VPN tunnel is pingable,

        ping -c1 10.0.0.1
                PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
                64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=45.5 ms

                --- 10.0.0.1 ping statistics ---
                1 packets transmitted, 1 received, 0% packet loss, time 0ms
                rtt min/avg/max/mdev = 45.563/45.563/45.563/0.000 ms

It's, of course, entirely possible this is a config issue on my end -- finding 
it, or an actual code issue, is the usual challenge.

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users