Menu
▾
▴
Re: [Devil-Linux-discuss] FW: IPSec Problems : 1.4 RC3
|
From: Frank W. <Fra...@ct...> - 2010-05-08 15:42:19
|
Hi, I have several IPSec tunnels up with with fixed IPs and shared secrets. You have to use the ipsec-tools suite with DL 1.4... The old ipsec.conf won't work. I can coach you thru it on monday if you want.... Regards, Frank "Heiko Zuerker" <he...@zu...> wrote: >I thought Serge mentioned that he has a road warrior setup running. > >Please keep in mind that the ipsec implementations between 1.2 and 1.4 >are very different, since the 2.6 Kernel brings now its own >implementation. > >Heiko > >> -----Original Message----- >> From: Udo Lembke [mailto:udo...@al...] >> Sent: Friday, May 07, 2010 11:11 AM >> To: dev...@li... >> Subject: Re: [Devil-Linux-discuss] FW: IPSec Problems : 1.4 RC3 >> >> Hi Scott, >> i try to upgrade an ipsec-router from an old 1.2.15 to 1.4RC3. >> I got no error during ipsec-start like you, but till now i don't >> get my >> config running (connection to a linksys-router; normaly no great >> thing). >> Now, where i read your post i'm not sure that's lying on my >> config!?! >> >> Has someone a running IPsec installation with DL1.4RC3? >> >> Best regards >> >> Udo >> >> Scott Schaefer schrieb: >> > I replaced my 7-year old LRP-based firewall with Devil Linux two >> days >> > ago. I am quite pleased, with one exception ... I am having >> difficulty >> > with IPSEC. >> > >> > I am an oldster, trying to understanad this modern stuff, so my >> problems >> > are likely user error. It seems, however, that the >> implementation is in >> > rapid transition, and I am unsure of what components and/or >> > configurations are being used; e.g. is pluto daemon still used, >> or does >> > setkey + racoon + newer kernel capabilities suffice ?? Any help >> is >> > appreciated; please note in advance that I may not be able to try >> any >> > suggestions for 24-36 hours. >> > >> > >> > 1) Checking IPSEC in setup menu of services causes startup to >> hang. >> > Unchecking allows machine to boot and run without problems. >> > >> > After startup, if I edit /etc/sysyconfig/config to set >> START_IPSEC=yes, >> > and attempt to manually start, I get: >> > >> > /etc/init.d # ./ipsec start >> > >> > Starting strongSwan 4.2.16 IPsec [starter]... >> > insmod /lib/modules/2.6.32.9-grsec/kernel/net/ipv4/ah4.ko >> > insmod /lib/modules/2.6.32.9-grsec/kernel/net/ipv4/esp4.ko >> > insmod /lib/modules/2.6.32.9-grsec/kernel/net/xfrm/xfrm_ipcomp.ko >> > insmod /lib/modules/2.6.32.9-grsec/kernel/net/ipv4/ipcomp.ko >> > insmod /lib/modules/2.6.32.9-grsec/kernel/net/ipv4/tunnel4.ko >> > insmod /lib/modules/2.6.32.9- >> grsec/kernel/net/ipv4/xfrm4_tunnel.ko >> > insmod /lib/modules/2.6.32.9-grsec/kernel/net/xfrm/xfrm_user.ko >> > >> > >> > After 90 seconds with no further response, I can <Ctrl>-C back to >> OS >> > prompt. It appears that all kernel modules loaded, and host of >> other >> > crypto modules also loaded successfully. >> > >> > ... >> > >> >> >> ------------------------------------------------------------------- >> ----------- >> >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > >------------------------------------------------------------------------------ > >_______________________________________________ >Devil-linux-discuss mailing list >Dev...@li... >https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > Frank Weis -- _______________________________________________ Centre de Technologie de l'Education 29 avenue John F. Kennedy L-1855 Luxembourg-Kirchberg email: Fra...@ct... tél.: +352 247-85973 fax: +352 333797 _______________________________________________ |
