[CentOS] VPN
Aleksandar Milivojevic
amilivojevic at pbl.ca
Mon May 30 14:15:41 UTC 2005
Feizhou wrote:
> Hi Simone,
>
> Are you using CentOS 4?
>
> If you are, the 2.6 kernel comes with openswan, freeswan is dead.
>
> CentOS 4 comes with ipsec-tools to configure ipsec tunnels.
I believe ipsec tools (and configuration utilities) in CentOS4 use
native 2.6 kernel IPSec (no *swan). I also don't see openswan packages
included in the CentOS4 distribution.
Anyhow, native IPSec Linux kernel support in CentOS4 is totaly broken at
the moment. Things should improve with U1 and be completely fixed in U2
(hopefully). In the meantime, for those that want to use it, there's
test kernel and updated ipsec-tools packages on Bill Notting's page:
http://people.redhat.com/notting/ipsec/
The kernel packages contains fixes for IPSec related kernel panics and
racoon keying loop problem when AH tunnel is used. I don't think all
the fixes from 2.6.9-5.0.3.EL.notting.ipsec are present in
2.6.9-5.0.5.EL kernel (so folks might want to stick with Bill's kernel
package).
Also, those attempting to configure IPSec "the Red Hat way" (instead of
manually writing their own init.d scritps), must check out these bug
reports and manually apply some or all fixes to ifup-ipsec and
ifdown-ipsec scripts. Make sure to read all comments.
patches to make AH tunnel optional (and more):
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=122452
route patch:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=146169
overlapping networks:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150862
I've attached latest ifup-ipsec and ifdown-ipsec scripts that work for
me to bug #122452 (as a patch against stock scrtips).
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the CentOS
mailing list