[Openswan Users] Running Openswan in CentOS 5

openswan at thefeds.net openswan at thefeds.net
Mon Feb 2 19:04:50 EST 2009 

I am using Openswan with CentOS 5.0 with the latest (5.2) kernel.

I am using the latest testing release as it fixed some problems compared 
to the latest stable release. It is easy to compile and RPM using the 
included Fedora spec file. I tried using the CentOS provided version but I 
had a lot of rekeying problems.

I am not using L2TP, I am using a GRE tunnel.

My configs look like:

config setup
     # NAT-TRAVERSAL support, see README.NAT-Traversal
     nat_traversal=no
     # On CentOS 5 there appears to be a problem identifying the protocol 
stack
     # to use. So we give it a clue.
     protostack=netkey
     # turn ip_forward on and off depending on whether we have any VPNs
     forwardcontrol=yes

conn tun01a01d
     left=<lip>
     right=<rip>
     leftnexthop=<lgw>
     rightnexthop=<rgw>
     leftupdown=/etc/_updown
     rightupdown=/etc/_updown
     authby=secret
     pfs=yes
     esp=aes256-sha1
     ike=aes256-sha1
     #pfsgroup=modp1536
     type=transport
     dpddelay=2
     dpdtimeout=10
     dpdaction=restart
     keylife=4h
     ikelifetime=5h
     rekeyfuzz=2%
     rekeymargin=180s
     auto=start

Tim

On Mon, 2 Feb 2009, Arnel B. Espanola wrote:

> Does anyone here successfully implemented Openswan in CentOS 5? If so
> can you please advise what version of openswan and l2tp should I
> install. I've been having issues with it and I already tried different
> version of openswan but to no avail.
>
> Thanks.
> Arnel
>
> Arnel B. Espanola wrote:
>> So it means I have to continue using the older version until the bugs
>> are fixed in the latest version?
>>
>> Arnel
>>
>> Paul Wouters wrote:
>>> On Fri, 30 Jan 2009, Arnel B. Espanola wrote:
>>>
>>>> I've been running this version of Openswan on Fedora 6 for a while
>>>> without a problem. And I'm using xl2tpd-1.1.11-2.fc6 for L2TP.
>>>>
>>>> Linux Openswan U2.4.5/K2.6.22.14-72.fc6 (netkey)
>>>>
>>>> But recently I decided to install the latest version of Openswan on
>>>> CentOS5 and I'm having issues with it and I couldn't find the solution
>>>> for it. And I installed L2TP from source, l2tpd-0.69cvs20051030-1jdl.
>>>> Not sure if the L2TP is what causing the problem.
>>>>
>>>> Linux Openswan U2.6.19/K2.6.18-92.1.22.el5 (netkey)
>>>>
>>>>
>>>> I just copied the my ipsec.config from old version. And kept some
>>>> default config from the new version.
>>> http://bugs.xelerance.com/view.php?id=1004
>>>
>>> Paul
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

More information about the Users mailing list