<html><body bgcolor="#FFFFFF"><div>Hi</div><div><br></div><div>Are u Sure The kernel package comes from redhat and not your virtual server hosting company?<br><br><br></div><div><br>Le 4 déc. 2010 à 14:30, Hammad <<a href="mailto:raohammad@gmail.com">raohammad@gmail.com</a>> a écrit :<br><br></div><div></div><blockquote type="cite"><div><div dir="ltr">Hi,<br><br>Now thats a bit disturbing... I have now CentOS but still the same /lib/modules/.... is missing. Its a fresh installation<br><br>Mike: How did you cater this situation? Any ideas?<br><br>[root@vps ~]# <span style="background-color: rgb(255, 255, 102);">service ipsec start</span><br>
ipsec_setup: FATAL: Could not load /lib/modules/2.6.18-028stab068.9/modules.dep: No such file or directory<br>ipsec_setup: Starting Openswan IPsec 2.6.21...<br>ipsec_setup: multiple ip addresses, using 127.0.0.1 on venet0<br>
<br>[root@vps ~]# <span style="background-color: rgb(255, 204, 102);">uname -a</span><br>Linux <a href="http://vps.flexilogix.com"><a href="http://vps.flexilogix.com">vps.flexilogix.com</a></a> 2.6.18-028stab068.9 #1 SMP Tue Mar 30 17:22:31 MSD 2010 i686 athlon i386 GNU/Linux<br>
<br><br>[root@vps ~]# <span style="background-color: rgb(255, 204, 102);">ipsec verify</span><br>Checking your system to see if IPsec got installed and started correctly:<br>Version check and ipsec on-path [OK]<br>
Linux Openswan U2.6.21/K(no kernel code presently loaded)<br>Checking for IPsec support in kernel [FAILED]<br>Checking for RSA private key (/etc/ipsec.secrets) [OK]<br>Checking that pluto is running [FAILED]<br>
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")<br>Checking for 'ip' command [OK]<br>Checking for 'iptables' command [OK]<br>
<br>Opportunistic Encryption DNS checks:<br> Looking for TXT in forward dns zone: <a href="http://vps.flexilogix.com"><a href="http://vps.flexilogix.com">vps.flexilogix.com</a></a> [MISSING]<br> Does the machine have at least one non-private address? [OK]<br>
Looking for TXT in reverse dns zone: 20.69.65.216.in-addr.arpa. [MISSING]<br><br>Regards,<br>Hammad<br><br><div class="gmail_quote">On Sat, Dec 4, 2010 at 9:51 AM, Hammad <span dir="ltr"><<a href="mailto:raohammad@gmail.com"><a href="mailto:raohammad@gmail.com">raohammad@gmail.com</a></a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div dir="ltr">Hi Paul,<br>No its not a custom compiled (by me) in fact I bought VPS and this is the ubuntu version I got (jaunty 9.0.4).<br>
<br>Hi Mike,<div class="im"><br><br>> WARNING: Couldn't open directory /lib/modules/2.6.18-</div><div><div class="im">
028stab068.9: No<br>
> such file or directory<br><br></div>I overcame this problem. I 'd 2.6.18-028stab059.6 directory in place but not the one mentioned in error; I created a soft-link with same name pointing to actual dir and installation succeeded well ;)<br>
<br><br>So our problem is again back to original, ipsec is not supported by kernel...<div class="im"><br><br>> Are you currently actively running and OpenVZ kernel on that machine?<br><br></div>I suppose yes this VPS is using OpenVZ.<div class="im">
<br><br>
> What version are you at? From there site, it looks like 028stab070.14<br>> is the latest in the RHEL/CentOS stable 2.6.18 line.<br><br></div># uname -a<br>Linux <a href="http://vps.flexilogix.com" target="_blank"><a href="http://vps.flexilogix.com">vps.flexilogix.com</a></a> 2.6.18-028stab068.9 #1 SMP Tue Mar 30 17:22:31 MSD 2010 i686 GNU/Linux<br>
</div><div class="im"><br>> You must have built that Openswan 2.6.31 package yourself, the latest<br>> RHEL/CentOS 5.x Openswan is 2.6.21. Did you merely compile it or actually build your own rpms?<br><br></div>Yes, I actually compiled openswan 2,6,31 from sources<br>
<br>I've come to know from Ubuntu Support groups that there is no ipsec package for ubuntu jaunty 9.0.4 and its no more updated since Oct 23 2010. So I suppose its the time to switch back to CentOS that is my actual playground... <br>
<br>Thanks for your help all.<br><font color="#888888">Hammad ( aka Hammond :) )</font><div><div></div><div class="h5"><br><br><div class="gmail_quote">On Sat, Dec 4, 2010 at 2:32 AM, Michael H. Warfield <span dir="ltr"><<a href="mailto:mhw@wittsend.com" target="_blank"><a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a></a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Paul (and Hammond),<br>
<div><div></div><div><br>
On Fri, 2010-12-03 at 11:49 -0500, Paul Wouters wrote:<br>
> On Fri, 3 Dec 2010, Hammad wrote:<br>
><br>
> > Here is the output of commands...<br>
> > root@vps:/usr/local# modprobe ipsec<br>
> > WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.<br>
> > FATAL: Module ipsec not found.<br>
> ><br>
> > root@vps:/usr/local# modprobe af_key<br>
> > WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.<br>
> > FATAL: Module af_key not found.<br>
> ><br>
> > root@vps:/usr/local# ipsec --version<br>
> > Linux Openswan U2.6.31/K(no kernel code presently loaded)<br>
> > See `ipsec --copyright' for copyright information.<br>
<br>
> Your kernel has no IPsec support. Perhaps you are missing the right modules directory, or support<br>
> was not compiled on that kernel. Seems like this is a non-distribution, custom built kernel?<br>
<br>
</div></div>It doesn't show up in this last message but in an earlier post I saw<br>
this...<br>
<div><br>
> WARNING: Couldn't open directory /lib/modules/2.6.18-028stab068.9: No<br>
> such file or directory<br>
<br>
</div>That tells me two things.<br>
<br>
1) He's running an OpenVZ kernel. That's one of their revision strings<br>
and that's one of their releases for the RHEL distro. Not too terribly<br>
old but back several clicks.<br>
<br>
2) He was, at that time, running on a kernel which had been updated<br>
(possibly by a mainline distro kernel or possibly by a newer OpenVZ<br>
kernel) and the running kernel had been uninstalled by yum so the<br>
modules directory no longer existed.<br>
<br>
Now... That being said... Prior to swapping all of my OpenVZ VM's (> 3<br>
dozen) over to LXC to get back on a more current kernel with in-tree<br>
container virtualization, I was an extensive user of OpenVZ. Those<br>
kernels certainly do have IPsec compiled in as modules. I've used it.<br>
<br>
Hammond,<br>
<br>
Are you currently actively running and OpenVZ kernel on that machine?<br>
<br>
What version are you at? From there site, it looks like 028stab070.14<br>
is the latest in the RHEL/CentOS stable 2.6.18 line.<br>
<br>
What are you running (uname -a) and what do you have installed?<br>
<br>
Did you install it from their site with yum or downloaded it or build a<br>
custom build (which I often had done with newer releases)? (One flaw<br>
with their yum repo is that it doesn't properly setup the install only<br>
and a couple of other conditions to prevent removing the running<br>
kernel).<br>
<br>
You must have built that Openswan 2.6.31 package yourself, the latest<br>
RHEL/CentOS 5.x Openswan is 2.6.21. Did you merely compile it or<br>
actually build your own rpms?<br>
<br>
What's in your grub.conf file and are you running on the latest kernel<br>
which was installed?<br>
<br>
> Paul<br>
<br>
Regards,<br>
Mike<br>
<font color="#888888">--<br>
Michael H. Warfield (AI4NB) | (770) 985-6132 | <a href="mailto:mhw@WittsEnd.com"><a href="mailto:mhw@WittsEnd.com">mhw@WittsEnd.com</a></a><br>
/\/\|=mhw=|\/\/ | (678) 463-0932 | <a href="http://www.wittsend.com/mhw/" target="_blank"><a href="http://www.wittsend.com/mhw/">http://www.wittsend.com/mhw/</a></a><br>
NIC whois: MHW9 | An optimist believes we live in the best of all<br>
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!<br>
</font></blockquote></div><br></div></div></div>
</blockquote></div><br></div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@openswan.org">Users@openswan.org</a></span><br><span><a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy"><a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></a></span><br><span>Building and Integrating Virtual Private Networks with Openswan: </span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br></div></blockquote></body></html>