Arch Linux

squalou

Member

Registered: 2018-06-04

Posts: 112

[SOLVED] ipsec service broken after update : linbunbound.so.2 missing

Hi,

after today's update (including 'unbound' package update 1.8.0-1), my vpn connexions failed (again )
After checking journaltcl, it appears that ipsec service is looking for libunbound.so.2 which does not exist anymore.

I found /usr/lib/libunbound.so.8 instead

As a quick and dirty workaround ... I created a symlink called libunbound.so.2 pointing to .so.8 .... and it works.

I'm not familiar to thses shared objects numbering scheme but this whole situation seems weird. (and jumping from 2 to 8 especially).

Am I missing something obvious ?

Should I file a bug report to libunbound maintainer ?

thx for any advice !

Squalou

==> SOLVED : reinstall libreswan aur package, (linked againts unbound)

Last edited by squalou (2018-09-16 15:02:14)

brebs

Member

Registered: 2007-04-03

Posts: 3,742

Re: [SOLVED] ipsec service broken after update : linbunbound.so.2 missing

After checking journaltcl, it appears that ipsec service is looking for libunbound.so.2 which does not exist anymore.

Show the journalctl lines.

ipsec-tools does not seem to be compiled against unbound.

Are you using dnssec-anchors (which *is* compiled against unbound)?

Last edited by brebs (2018-09-14 21:50:20)

eschwartz

Fellow

Registered: 2014-08-08

Posts: 4,097

Re: [SOLVED] ipsec service broken after update : linbunbound.so.2 missing

Just to confirm:

$ pkg-list-linked-libraries ipsec-tools
==> checking linked libraries for ipsec-tools-0.8.2-7-x86_64.pkg.tar.xz ...
/usr/bin/plainrsa-gen
  NEEDED               libcrypto.so.1.0.0
  NEEDED               libc.so.6
/usr/bin/racoon
  NEEDED               libfl.so.2
  NEEDED               libcrypto.so.1.0.0
  NEEDED               libresolv.so.2
  NEEDED               libcrypt.so.1
  NEEDED               libgssapi_krb5.so.2
  NEEDED               libc.so.6
/usr/bin/racoonctl
  NEEDED               libc.so.6
/usr/bin/setkey
  NEEDED               libfl.so.2
  NEEDED               libreadline.so.7
  NEEDED               libc.so.6

---

Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

squalou

Member

Registered: 2018-06-04

Posts: 112

Re: [SOLVED] ipsec service broken after update : linbunbound.so.2 missing

Sorry for the delay, here's the journaltcl output.

Apparently it's 'Ike for IPsec' that needs unbound, by saying that I feel like a monkey repeating what he sees, no idea what it could mean

sept. 15 07:45:28 boxtal-0100 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=ipsec comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
sept. 15 07:45:28 boxtal-0100 systemd[1]: ipsec.service: Service RestartSec=100ms expired, scheduling restart.
sept. 15 07:45:28 boxtal-0100 systemd[1]: ipsec.service: Scheduled restart job, restart counter is at 2.
sept. 15 07:45:28 boxtal-0100 systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
sept. 15 07:45:28 boxtal-0100 audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=ipsec comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
sept. 15 07:45:28 boxtal-0100 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=ipsec comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
sept. 15 07:45:28 boxtal-0100 systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
sept. 15 07:45:28 boxtal-0100 addconn[21489]: /usr/lib/ipsec/addconn: error while loading shared libraries: libunbound.so.2: cannot open shared object file: No such file or directory
sept. 15 07:45:28 boxtal-0100 systemd[1]: ipsec.service: Control process exited, code=exited status=127
sept. 15 07:45:28 boxtal-0100 ipsec[21492]: /usr/lib/ipsec/addconn: error while loading shared libraries: libunbound.so.2: cannot open shared object file: No such file or directory
sept. 15 07:45:28 boxtal-0100 systemd[1]: ipsec.service: Failed with result 'exit-code'.
sept. 15 07:45:28 boxtal-0100 systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.

squalou

Member

Registered: 2018-06-04

Posts: 112

Re: [SOLVED] ipsec service broken after update : linbunbound.so.2 missing

I *do* have dnssec-anchors installed.

It's required by libreswan (among other things)

and in my situation, strongswan does not work, I have to use libreswan.

Last edited by squalou (2018-09-15 05:57:04)

Scimmia

Fellow

Registered: 2012-09-01

Posts: 11,559

Re: [SOLVED] ipsec service broken after update : linbunbound.so.2 missing

And what is /usr/lib/ipsec/addconn?

squalou

Member

Registered: 2018-06-04

Posts: 112

Re: [SOLVED] ipsec service broken after update : linbunbound.so.2 missing

dnssec-anchors only requires unbound at 'make' time.
in the end it provides 'etc/trusted-key.key', that's all. So that's not really requiring /using unbound

libreswan on the other hand ... is not reported in Arch depedencies because it's an AUR package, and I completely forgot that

so... probably libreswan maintainers should be contacted then ? Or just reinstall it ?

/usr/lib/ipsec/addconn
... no idea, probably part of libreswan installation

Last edited by squalou (2018-09-15 06:16:38)

Scimmia

Fellow

Registered: 2012-09-01

Posts: 11,559

Re: [SOLVED] ipsec service broken after update : linbunbound.so.2 missing

"probably" doesn't get us anywhere. Figure it out.

Any AUR packages you have that are linked against the old lib will need to be rebuilt.

Last edited by Scimmia (2018-09-15 06:37:48)

brebs

Member

Registered: 2007-04-03

Posts: 3,742

Re: [SOLVED] ipsec service broken after update : linbunbound.so.2 missing

See which package:

pacman -Qo /usr/lib/ipsec/addconn

It's probably libreswan, that needs to be recompiled.

squalou

Member

Registered: 2018-06-04

Posts: 112

Re: [SOLVED] ipsec service broken after update : linbunbound.so.2 missing

Indeed it's libreswan,

AUR package rebuilt => works like a charm.

Thank you all !