SLUG Mailing List Archives
Re: [SLUG] Site to Site VPN
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] Site to Site VPN
- From: Daniel Pittman <daniel@xxxxxxxxxxxx>
- Date: Mon, 01 Jun 2009 11:23:10 +1000
- Organization: I know I put it down here, somewhere.
- User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.91 (gnu/linux)
Peter Rundle <prundle@xxxxxxxxxxxxxxxxxx> writes:
> thanks again for the info re the routing tools setting the preferred
> source address.
No worries. :)
>>Wait until after you get ISAKMP and IPSec routing working, /then/ say
>>it is the wrong tool. ;)
> LOL, yes I meant it was "the wrong tool to talk to a Juniper Netscreen". And
> as I'm rapidly finding out getting the IPSEC to just load and run is a
> battle. I'm wondering if IPSec is supported by this centOS version with kernel
> 2.6.18-028stab060.8 #1 SMP
> The /lib/modules directory is empty and lsmod returns no modules
> loaded in the kernel.
That isn't right! The RHEL kernel should have a whole bunch of modules,
and their being missing is not a good sign.
> I've read up a bit and it seems that openswan is not required?
OpenSWAN used to provide the in-kernel parts; now they provide as ISAKMP
daemon and management tools, as do a bunch of other people. So, no,
they are no longer required.
> Apparently you install ipsec-tools, edit say ifcfg-ipsec0 in
> /etc/sysconfig/network-scripts and then run ifup ipsec0
> But when I do so I get this error message
> ERROR: libipsec failed pfkey open (Address family not supported by protocol)
> racoon: something error happened while pfkey initializing.
So, the kernel doesn't have IPSec support at present...
> If I try to do a modprobe then I get:
> FATAL: Could not load /lib/modules/2.6.18-028stab060.8/modules.dep: No such file or directory
> Hmmm, might be a long road ahead, sigh
...because your kernel is screwed. Try reinstalling that to get all the
modules in place, then give IPSec a shot again. :)