[Openswan Users] Installing Openswan on CentOs

Kevin Keane subscription at kkeane.com
Tue Aug 23 15:05:01 EDT 2011 

Try "service ipsec start". That will start the ipsec daemon (pluto), and may also load some kernel modules.

If that doesn't help: Which version of CentOS and what kernel are you running? Use the command "uname -a".

I just set up openswan on two CentOS 5.6 servers. I didn't need any special configuration for the kernel. One instance used the stock CentOS kernel, the other used a Rackspace kernel.

Everything else in your output looks good; you can ignore the remaining items. The DNS entries are only needed for opportunistic encryption.

From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On Behalf Of Vigyan Kaushik
Sent: Tuesday, August 23, 2011 11:54 AM
To: users at openswan.org
Subject: [Openswan Users] Installing Openswan on CentOs

Hi All,

I am installing Openswan for IPSec VPN connection from my iphone and ipad. I can not find a good detailed documentation on the openswan install so I tried using Yum to install the package in my Centos 5.


After installing if I run ipsec verify, I am not seeing the status of majorty things OK which means, I may have to setup/configure it further... One of the check is about the Kernel support. Can you please see the output below and suggest something?


[trixbox1.localdomain ~]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.21/K(no kernel code presently loaded)
Checking for IPsec support in kernel                            [FAILED]
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [FAILED]
  whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Two or more interfaces found, checking IP forwarding            [FAILED]
  whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]

Opportunistic Encryption DNS checks:
   Looking for TXT in forward dns zone: trixbox1.localdomain    [MISSING]
   Does the machine have at least one non-private address?      [FAILED]

Thanks,
VK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110823/d21d7379/attachment.html

More information about the Users mailing list