Menu
▾
▴
Re: [Devil-Linux-discuss] FW: IPSec Problems : 1.4 RC3
|
From: Udo L. <udo...@al...> - 2010-05-07 16:28:44
|
Hi Scott, i try to upgrade an ipsec-router from an old 1.2.15 to 1.4RC3. I got no error during ipsec-start like you, but till now i don't get my config running (connection to a linksys-router; normaly no great thing). Now, where i read your post i'm not sure that's lying on my config!?! Has someone a running IPsec installation with DL1.4RC3? Best regards Udo Scott Schaefer schrieb: > I replaced my 7-year old LRP-based firewall with Devil Linux two days > ago. I am quite pleased, with one exception ... I am having difficulty > with IPSEC. > > I am an oldster, trying to understanad this modern stuff, so my problems > are likely user error. It seems, however, that the implementation is in > rapid transition, and I am unsure of what components and/or > configurations are being used; e.g. is pluto daemon still used, or does > setkey + racoon + newer kernel capabilities suffice ?? Any help is > appreciated; please note in advance that I may not be able to try any > suggestions for 24-36 hours. > > > 1) Checking IPSEC in setup menu of services causes startup to hang. > Unchecking allows machine to boot and run without problems. > > After startup, if I edit /etc/sysyconfig/config to set START_IPSEC=yes, > and attempt to manually start, I get: > > /etc/init.d # ./ipsec start > > Starting strongSwan 4.2.16 IPsec [starter]... > insmod /lib/modules/2.6.32.9-grsec/kernel/net/ipv4/ah4.ko > insmod /lib/modules/2.6.32.9-grsec/kernel/net/ipv4/esp4.ko > insmod /lib/modules/2.6.32.9-grsec/kernel/net/xfrm/xfrm_ipcomp.ko > insmod /lib/modules/2.6.32.9-grsec/kernel/net/ipv4/ipcomp.ko > insmod /lib/modules/2.6.32.9-grsec/kernel/net/ipv4/tunnel4.ko > insmod /lib/modules/2.6.32.9-grsec/kernel/net/ipv4/xfrm4_tunnel.ko > insmod /lib/modules/2.6.32.9-grsec/kernel/net/xfrm/xfrm_user.ko > > > After 90 seconds with no further response, I can <Ctrl>-C back to OS > prompt. It appears that all kernel modules loaded, and host of other > crypto modules also loaded successfully. > > ... > |
