[Openswan Users] openswan -- Not able to open /proc/sys/crypto/fips_enabled

Ray@truedays.org ray at truedays.org
Thu Apr 12 14:31:27 EDT 2012


I'm having trouble setting up a openswan (openswan-2.6.32-10.el6_2.x86_64)
on Centos 6.2 (64-bit) (installed using centos default repo).

This is the output I see when starting:

[root at localhost ~]# service ipsec start
ipsec_setup: Starting Openswan IPsec U2.6.32/K3.2.14...
ipsec_setup: /usr/libexec/ipsec/addconn Not able to open
/proc/sys/crypto/fips_enabled, returning non-fips mode

Additionally I can't seem to solve the [failed]'s in ipsec verify:

[root at localhost ~]# ipsec verify    #(OKs edited out)
Checking your system to see if IPsec got installed and started correctly:
...     [OK]
 SAref kernel support                                           [N/A]
 Pluto listening for NAT-T on udp 4500                          [FAILED]
Two or more interfaces found, checking IP forwarding            [FAILED]

What's worse is I don't know what issue if any is a fail point, or if
they're simply warning-ish fails, where I can safely proceed.

Environment context:
2 servers cento6.2-x64 with mirrored setup
Currently both servers are right next to each other, but eventually they'll
be at two different geographical locations, not nat'ed eth0 public facing,
eth1 internal.
eth0 (192.168.5.[110,120]) -> router -> internet
eth1 (10.0.5.[110,120]) -> directly connected to each other (crossover)
end-goal: l2tpv3 tunnel over ipsec
ipsec familiarity=nil :-[
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openswan.org/pipermail/users/attachments/20120412/dd1a2123/attachment.html>

More information about the Users mailing list