Hello, it looks like the usual way to do ipsec on centos5 won't work anymore on centos6
I installed ipsec-tools but an interface type IPsec is not recognized by the kernel
ifup ipsec0 Device does not seem to be present, delaying initialization.
I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5
any hints ?
thank you
Rick
On 03/04/2013 10:45 AM, Riccardo Veraldi wrote:
Hello, it looks like the usual way to do ipsec on centos5 won't work anymore on centos6
I installed ipsec-tools but an interface type IPsec is not recognized by the kernel
ifup ipsec0 Device does not seem to be present, delaying initialization.
I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5
any hints ?
thank you
Rick _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hmm...
I have been using ipsec-tools on linux for a long time and was never had it create and ipsec0 device.
Only when I was using FreeSwan years ago, did I see and ipsec device.
On 03/04/2013 04:45 PM, Riccardo Veraldi wrote: [snip]
I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5
I don't have experience with the Kame implementation. Maybe have a look at Libreswan which was forked from Openswan 2.6.38. It has a ton of bugfixes and patches over Openswan and there is an EL6 repo which should work on CentOS6 too. More info:
http://libreswan.org https://download.libreswan.org/ https://github.com/libreswan https://lists.libreswan.org/mailman/listinfo https://twitter.com/libreswan #swan IRC channel on FreeNode
AFAIK one the of the main developers and driving forces behind Libreswan is employed by Red Hat so it would not surprise me if Libreswan were to replace Openswan in EL7.
Regards, Patrick
On 03/04/2013 07:45 AM, Riccardo Veraldi wrote:
I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5
No can do. As Leon pointed out, ipsec-tools was discontinued. The documentation for ipsec-tools was always *awful* and the examples that were included in the documentation definitely did not match common configurations. Getting a tunnel up to any other type of OS was a nightmare. Good riddance.
Hello, I managed to make ipsec-tools work on CentOS 6.x
here is how I did it:
http://unix.wikinet.org/wiki/Configure_IPSec_on_CentOS_6.x_using_Kame_implem...
thanks
Rick
On 3/5/13 12:01 AM, Gordon Messmer wrote:
On 03/04/2013 07:45 AM, Riccardo Veraldi wrote:
I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5
No can do. As Leon pointed out, ipsec-tools was discontinued. The documentation for ipsec-tools was always *awful* and the examples that were included in the documentation definitely did not match common configurations. Getting a tunnel up to any other type of OS was a nightmare. Good riddance. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 03/05/2013 08:13 AM, Riccardo Veraldi wrote:
I managed to make ipsec-tools work on CentOS 6.x here is how I did it:
Yes, you got a tunnel working between two systems both running ipsec-tools on Linux. Try to link with anything else. The configuration that you present will not work with Openswan on Linux, ipsecctl on OpenBSD, Cisco or Sonicwall firewalls. Whatever your feelings about those other stacks, ipsec-tools use on Red Hat remains poorly documented (non-existent since the package was discontinued) and not inter-operable without undocumented options.
-
Gordon Messmer -
Patrick Lists -
Riccardo Veraldi -
Steve Clark