Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] Site to Site VPN

Peter Rundle <prundle@xxxxxxxxxxxxxxxxxx> writes:

> thanks again for the info re the routing tools setting the preferred
> source address.

No worries. :)

>>Wait until after you get ISAKMP and IPSec routing working, /then/ say
>>it is the wrong tool. ;)
> LOL, yes I meant it was "the wrong tool to talk to a Juniper Netscreen". And
> as I'm rapidly finding out getting the IPSEC to just load and run is a
> battle. I'm wondering if IPSec is supported by this centOS version with kernel
> 2.6.18-028stab060.8 #1 SMP
> The /lib/modules directory is empty and lsmod returns no modules
> loaded in the kernel.

That isn't right!  The RHEL kernel should have a whole bunch of modules,
and their being missing is not a good sign.

> I've read up a bit and it seems that openswan is not required?

OpenSWAN used to provide the in-kernel parts; now they provide as ISAKMP
daemon and management tools, as do a bunch of other people.  So, no,
they are no longer required.

> Apparently you install ipsec-tools, edit say ifcfg-ipsec0 in
> /etc/sysconfig/network-scripts and then run ifup ipsec0
> But when I do so I get this error message
> 	ERROR: libipsec failed pfkey open (Address family not supported by protocol)
> 	racoon: something error happened while pfkey initializing.

So, the kernel doesn't have IPSec support at present...

> If I try to do a modprobe then I get:
> 	FATAL: Could not load /lib/modules/2.6.18-028stab060.8/modules.dep: No such file or directory
> Hmmm, might be a long road ahead, sigh

...because your kernel is screwed.  Try reinstalling that to get all the
modules in place, then give IPSec a shot again. :)