[Openswan Users] No suitable connection for peer

Oliver Tomkins oliver.tomkins at alliedvehicles.co.uk
Thu Sep 29 12:10:11 CEST 2005


Thanks,

KLIPS it is then.

I'm using FC4 - I've followed the instructions as per

http://www.openswan.org/code/repo/

"Then simply run yum update and yum install openswan. If you want to use 
KLIPS instead of NETKEY, also run: yum install openswan-klips"

An ipsec verify:

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.0/K2.6.12-1.1456_FC4smp (netkey)
Checking for IPsec support in kernel                            [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Checking for 'setkey' command for NETKEY IPsec stack support    [OK]
Opportunistic Encryption Support                                [DISABLED]


Still shows NETKEY as the method - how do I force it to use KLIPS?

Thanks,

Olly.



Paul Wouters wrote:
> On Wed, 28 Sep 2005, Oliver Tomkins wrote:
> 
>> Looking at Jacco's pages he says that "kernel 2.6.x with 
>> NAT-after-IPsec" is broken,  has this issue been resolved with the 
>> 2.4.0 release with a 2.6.12 or will I need to go back to using KLIPS?
> 
> Use klips or try the netfilter patch-o-matic stuff, which is probably 
> broken on
> 2.6.12+ I think because of the huge amount of changes to the network layer.
> 
> Paul
> 

The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, please notify the sender immediately by reply e-mail and delete this message. Allied Vehicles cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network.
For details of our products and services please visit our website at www.alliedvehicles.co.uk


More information about the Users mailing list