Peter Rundle <[email protected]> writes:
> thanks again for the info re the routing tools setting the preferred
> source address.
No worries. :)
>>Wait until after you get ISAKMP and IPSec routing working, /then/ say
>>it is the wrong tool. ;)
>
> LOL, yes I meant it was "the wrong tool to talk to a Juniper Netscreen". And
> as I'm rapidly finding out getting the IPSEC to just load and run is a
> battle. I'm wondering if IPSec is supported by this centOS version with kernel
> 2.6.18-028stab060.8 #1 SMP
>
> The /lib/modules directory is empty and lsmod returns no modules
> loaded in the kernel.
That isn't right! The RHEL kernel should have a whole bunch of modules,
and their being missing is not a good sign.
> I've read up a bit and it seems that openswan is not required?
OpenSWAN used to provide the in-kernel parts; now they provide as ISAKMP
daemon and management tools, as do a bunch of other people. So, no,
they are no longer required.
> Apparently you install ipsec-tools, edit say ifcfg-ipsec0 in
> /etc/sysconfig/network-scripts and then run ifup ipsec0
>
> But when I do so I get this error message
>
> ERROR: libipsec failed pfkey open (Address family not supported by
> protocol)
> racoon: something error happened while pfkey initializing.
So, the kernel doesn't have IPSec support at present...
> If I try to do a modprobe then I get:
>
> FATAL: Could not load /lib/modules/2.6.18-028stab060.8/modules.dep: No
> such file or directory
>
> Hmmm, might be a long road ahead, sigh
...because your kernel is screwed. Try reinstalling that to get all the
modules in place, then give IPSec a shot again. :)
Regards,
Daniel
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
