On Mon, Mar 9, 2009 at 12:19 PM, Akhil Jain <akhil_jain111 at yahoo.co.in> wrote: > Hi , > > I read somewhere that : > IPsec will be loaded if ?/etc/inet/ipsecinit.conf exists. And in my system > this file doesn't exist. So Just wanted to confirm that IPsec is running or > not. Please help. > > Moreover when i did modinfo | grep ipsec then it shows: > 102 7bada000 ? 68a0 141 ? 1 ?ipsecesp (IPsec ESP STREAMS driver 1.14) > 102 7bada000 ? 68a0 ? - ? 1 ?ipsecesp (IPsec ESP STREAMS module 1.14) > 103 ?1344660 ? e270 140 ? 1 ?ipsecah (IPsec AH STREAMS driver 1.14) > 103 ?1344660 ? e270 ? - ? 1 ?ipsecah (IPsec AH STREAMS module 1.14) > > But when i captured IP packets with help of snoop they didn't have any AH or > ESP header in them. > > So is it a possibility that IPSec modules are loaded in kernel but still not > running ? In the simplest case you need to edit these files properly: /etc/inet/ipsecinit.conf /etc/inet/ike/config /etc/inet/secret/ike.preshared /etc/inet/secret/ipseckeys
You should also run in.iked in debug mode and analyze the logs: # /usr/lib/inet/in.iked -d -- Regards, Piotr Jasiukajtis | estibi | SCA OS0072 http://estseg.blogspot.com
