Yes.. I can see it now.. I am using trixbox (freepbx) bundled centos. <br><br>So now how do I setup the keys etc.. below is the latest output.<br><br>[trixbox1.localdomain ~]# ipsec verify<br>Checking your system to see if IPsec got installed and started correctly:<br>
Version check and ipsec on-path [OK]<br>Linux Openswan U2.6.21/K2.6.18-164.11.1.el5 (netkey)<br>Checking for IPsec support in kernel [OK]<br><b>NETKEY detected, testing for disabled ICMP send_redirects [FAILED]</b><br>
<br> Please disable /proc/sys/net/ipv4/conf/*/send_redirects<br> or NETKEY will cause the sending of bogus ICMP redirects!<br><b><br>NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]</b><br><br> Please disable /proc/sys/net/ipv4/conf/*/accept_redirects<br>
or NETKEY will accept bogus ICMP redirects!<br><br>Checking for RSA private key (/etc/ipsec.secrets) [OK]<br>Checking that pluto is running [OK]<br>Two or more interfaces found, checking IP forwarding [OK]<br>
Checking NAT and MASQUERADEing <br>Checking for 'ip' command [OK]<br>Checking for 'iptables' command [OK]<br>
<br>Opportunistic Encryption DNS checks:<br> <b> Looking for TXT in forward dns zone: trixbox1.localdomain [MISSING]</b><br> <b> Does the machine have at least one non-private address? [FAILED]</b><br><br>[trixbox1.localdomain ~]# uname -a<br>
Linux trixbox1.localdomain 2.6.18-164.11.1.el5 #1 SMP Wed Jan 20 07:39:04 EST 2010 i686 i686 i386 GNU/Linux<br><br><br><br><div class="gmail_quote">On Tue, Aug 23, 2011 at 3:05 PM, Kevin Keane <span dir="ltr"><<a href="mailto:subscription@kkeane.com">subscription@kkeane.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div link="blue" vlink="purple" lang="EN-US"><div><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Try “service ipsec start”. That will start the ipsec daemon (pluto), and may also load some kernel modules.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">If that doesn’t help: Which version of CentOS and what kernel are you running? Use the command “uname –a”.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">I just set up openswan on two CentOS 5.6 servers. I didn’t need any special configuration for the kernel. One instance used the stock CentOS kernel, the other used a Rackspace kernel.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D">Everything else in your output looks good; you can ignore the remaining items. The DNS entries are only needed for opportunistic encryption.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:#1F497D"><u></u> <u></u></span></p><div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt"><div><div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt">From:</span></b><span style="font-size:10.0pt"> <a href="mailto:users-bounces@openswan.org" target="_blank">users-bounces@openswan.org</a> [mailto:<a href="mailto:users-bounces@openswan.org" target="_blank">users-bounces@openswan.org</a>] <b>On Behalf Of </b>Vigyan Kaushik<br>
<b>Sent:</b> Tuesday, August 23, 2011 11:54 AM<br><b>To:</b> <a href="mailto:users@openswan.org" target="_blank">users@openswan.org</a><br><b>Subject:</b> [Openswan Users] Installing Openswan on CentOs<u></u><u></u></span></p>
</div></div><div><div></div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">Hi All,<br><br>I am installing Openswan for IPSec VPN connection from my iphone and ipad. I can not find a good detailed documentation on the openswan install so I tried using Yum to install the package in my Centos 5.<br>
<br><br>After installing if I run ipsec verify, I am not seeing the status of majorty things OK which means, I may have to setup/configure it further... One of the check is about the Kernel support. Can you please see the output below and suggest something?<br>
<br><br>[trixbox1.localdomain ~]# ipsec verify<br>Checking your system to see if IPsec got installed and started correctly:<br>Version check and ipsec on-path [OK]<br>Linux Openswan U2.6.21/K(no kernel code presently loaded)<br>
Checking for IPsec support in kernel [FAILED]<br>Checking for RSA private key (/etc/ipsec.secrets) [OK]<br>Checking that pluto is running [FAILED]<br>
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")<br>Two or more interfaces found, checking IP forwarding [FAILED]<br> whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")<br>
Checking NAT and MASQUERADEing <br>Checking for 'ip' command [OK]<br>Checking for 'iptables' command [OK]<br>
<br>Opportunistic Encryption DNS checks:<br> Looking for TXT in forward dns zone: trixbox1.localdomain [MISSING]<br> Does the machine have at least one non-private address? [FAILED]<br><br>Thanks,<br>VK<u></u><u></u></p>
</div></div></div></div></div><br>_______________________________________________<br>
<a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br></blockquote></div><br>