Peter Rundle <[email protected]> writes: >> That isn't right! The RHEL kernel should have a whole bunch of modules, >> and their being missing is not a good sign. > > [snip] >> ...because your kernel is screwed. Try reinstalling that to get all the >> modules in place, then give IPSec a shot again. :) > > The thick plottens! > > The box that I'm trying to make be the VPN peer is a Virtual machine which is > running Virtuoso and it's kernel has been deliberately "screwed" to prevent > kernel modules from being installed because "they represent a security threat > to the other VMs" at the ISP.
Oh. This is a VE inside a Virtuozzo system? (The commercial version of OpenVZ, specifically, and a "containers" solution.) Your ISP response isn't terribly technically accurate, then. (I should have noted that from the specific kernel version. Tsk.) Inside the VE you can't load kernel modules, and they shouldn't have bothered putting a kernel image on disk — the kernel is not accessible to you, which is also why lsmod returns nothing. > Seems that there is only one kernel running that is shared by all the > virtual machines, not sure of the details but bottom line is, no > kernel modules! Well, not that are accessible to you. However, two options: http://wiki.openvz.org/VPN_using_IPsec http://perso.telecom-paristech.fr/~beyssac/pipsec/ I would take the second option, since it seems that vpnc has some issues with the Juniper VPN implementation. If the ISP can provide a TUN interface, which isn't a security risk to them and is virtualized, as well as routing for the traffic types needed[1], then pipsecd should work just fine. Regards, Daniel Footnotes: [1] Which is probably the less likely option, sadly, unless your friend paid for a dedicated IP for his system. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
