Feizhou wrote: > Hi Simone, > > Are you using CentOS 4? > > If you are, the 2.6 kernel comes with openswan, freeswan is dead. > > CentOS 4 comes with ipsec-tools to configure ipsec tunnels. I believe ipsec tools (and configuration utilities) in CentOS4 use native 2.6 kernel IPSec (no *swan). I also don't see openswan packages included in the CentOS4 distribution. Anyhow, native IPSec Linux kernel support in CentOS4 is totaly broken at the moment. Things should improve with U1 and be completely fixed in U2 (hopefully). In the meantime, for those that want to use it, there's test kernel and updated ipsec-tools packages on Bill Notting's page: http://people.redhat.com/notting/ipsec/ The kernel packages contains fixes for IPSec related kernel panics and racoon keying loop problem when AH tunnel is used. I don't think all the fixes from 2.6.9-5.0.3.EL.notting.ipsec are present in 2.6.9-5.0.5.EL kernel (so folks might want to stick with Bill's kernel package). Also, those attempting to configure IPSec "the Red Hat way" (instead of manually writing their own init.d scritps), must check out these bug reports and manually apply some or all fixes to ifup-ipsec and ifdown-ipsec scripts. Make sure to read all comments. patches to make AH tunnel optional (and more): https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=122452 route patch: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=146169 overlapping networks: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150862 I've attached latest ifup-ipsec and ifdown-ipsec scripts that work for me to bug #122452 (as a patch against stock scrtips). -- Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7