Hi, I am trying to compile and use source code of libreswan-3.16 on centos7 machine.
I compiled and instaled it as per below mentioned link: http://libreswan.googlecode.com/git/README I configured /etc/ipsec.conf file as shown below: # /etc/ipsec.conf - Libreswan IPsec configuration file # Uncomment when using this configuration file with openswan #version 2 # # Manual: ipsec.conf.5 config setup # which IPsec stack to use, "netkey" (the default), "klips" or "mast". # For MacOSX use "bsd" protostack=klips # # Normally, pluto logs via syslog. If you want to log to a file, # specify below or to disable logging, eg for embedded systems, use # the file name /dev/null # Note: SElinux policies might prevent pluto writing to a log file at # an unusual location. logfile=/var/log/pluto.log # # Do not enable debug options to debug configuration issues! # # plutodebug "all", "none" or a combation from below: # "raw crypt parsing emitting control controlmore kernel pfkey # natt x509 dpd dns oppo oppoinfo private". # Note: "private" is not included with "all", as it can show confidential # information. It must be specifically specified # examples: plutodebug="all" # plutodebug="all crypt" # Again: only enable plutodebug when asked by a developer #plutodebug=none # # Enable core dumps (might require system changes, like ulimit -C) # This is required for abrtd to work properly # Note: SElinux policies might prevent pluto writing the core at # unusual locations dumpdir=/var/run/pluto/ # # NAT-TRAVERSAL support # exclude networks used on server side by adding %v4:!a.b.c.0/24 # It seems that T-Mobile in the US and Rogers/Fido in Canada are # using 25/8 as "private" address space on their wireless networks. # This range has never been announced via BGP (at least upto 2015) virtual_private=%v4: 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 nhelpers=1 #ipsecinterfaces="eth0" # For example connections, see your distribution's documentation directory, # or https://libreswan.org/wiki/ # # There is also a lot of information in the manual page, "man ipsec.conf" # It is best to add your IPsec connections as separate files in /etc/ipsec.d/ #include /etc/ipsec.d/*.conf conn sampple137 # IKEv1 or IKEv2 Protocol ikev2=insist authby=secret # Cloud VPN Gateway IP address left=192.168.10.5 # Non-IPSec side subnet leftsubnet=192.168.20.0/24 #leftsourceip=%config # IPSec side Home Hub IP address #right=192.168.10.9 right=%any #dpdtimeout=10 #dpddelay=10 #dpdaction=clear # IPSec side Client (Behind HH) subnet rightsubnet=192.168.40.0/24 #rightsourceip=192.168.40.0/24 #rightsourceip=%dhcp # IKE Phase1 config - used during Phase2 key negotiation ike=aes128-sha1;modp1024 # IKE Phase2 config - used during traffic phase2=esp phase2alg=aes128-sha1 # Perfect Forward Secrecy pfs=yes # Phase1/Phase2 rekey rekey=no # phase 1 life time #ikelifetime=8h # phase 2 life time #keylife=1h #rekeymargin=10s #keyingtries=2 # IPSec mode - Tunnel / Transport type=tunnel auto=add After doing so, when I execute: ipsec setup start I receive this error: FAILURE to load KLIPS/MAST module Redirecting to: systemctl start ipsec.service Job for ipsec.service failed because the control process exited with error code. See "systemctl status ipsec.service" and "journalctl -xe" for details. Please, help me in configuring it, as I might be doing something wrong in configuration. -- Best Regards, Yogesh Purohit
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
