[Openswan Users] No suitable connection for peer

Oliver Tomkins oliver.tomkins at alliedvehicles.co.uk
Fri Sep 30 10:19:46 CEST 2005


Thanks again Paul,

I had actually rebooted the box.

When I follow your instructions I get the following

[root at minitoo key]# service ipsec stop
#ipsec_setup: Stopping Openswan IPsec...
[root at minitoo key]# rmmod af_key esp4 ah4 ipcomp
ERROR: Module af_key does not exist in /proc/modules
[root at minitoo key]# modprobe ipsec
FATAL: Module ipsec not found.
[root at minitoo key]# service ipsec start
ipsec_setup: Starting Openswan IPsec 2.4.0...
ipsec_setup: insmod 
/lib/modules/2.6.12-1.1456_FC4smp/kernel/net/key/af_key.ko
ipsec_setup: insmod /lib/modules/2.6.12-1.1456_FC4smp/kernel/net/ipv4/ah4.ko
ipsec_setup: insmod 
/lib/modules/2.6.12-1.1456_FC4smp/kernel/net/ipv4/esp4.ko
ipsec_setup: insmod 
/lib/modules/2.6.12-1.1456_FC4smp/kernel/net/ipv4/ipcomp.ko
ipsec_setup: insmod 
/lib/modules/2.6.12-1.1456_FC4smp/kernel/net/ipv4/xfrm4_tunnel.ko
[root at minitoo key]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.0/K2.6.12-1.1456_FC4smp (netkey)
Checking for IPsec support in kernel                            [OK]
Checking for RSA private key (/etc/ipsec.secrets)               [FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Checking for 'setkey' command for NETKEY IPsec stack support    [OK]
Opportunistic Encryption Support                               [DISABLED]

Any ideas?

Thanks,

Olly.


Paul Wouters wrote:
> On Thu, 29 Sep 2005, Oliver Tomkins wrote:
> 
>> "Then simply run yum update and yum install openswan. If you want to 
>> use KLIPS instead of NETKEY, also run: yum install openswan-klips"
>>
>> An ipsec verify:
>>
>> Checking your system to see if IPsec got installed and started correctly:
>> Version check and ipsec on-path                                 [OK]
>> Linux Openswan U2.4.0/K2.6.12-1.1456_FC4smp (netkey)
> 
>> Still shows NETKEY as the method - how do I force it to use KLIPS?
> 
> service ipsec stop
> rmmod af_key esp4 ah4 ipcomp
> modprobe ipsec
> service ipsec start
> 
> if no kernel modules are loaded, KLIPS is attempted first. So a reboot 
> would
> have worked too :)
> 
> Paul
> 

The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, please notify the sender immediately by reply e-mail and delete this message. Allied Vehicles cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network.
For details of our products and services please visit our website at www.alliedvehicles.co.uk


More information about the Users mailing list