[GRLUG] IPSec & CentOS
Adam Tauno Williams
awilliam at whitemice.org
Thu Jan 29 09:29:59 EST 2009
I'm trying to setup an IPSec connection where one end is a CentOS box.
This seems pretty straight forward according to the manual
<http://www.linuxtopia.org/online_books/centos_linux_guides/centos_linux_security_guide/s1-ipsec-net2net.html>. Currently I'm just using a simple pre-shared key (PSK). But it doesn't get as far as even failing in some interesting way:
[root at vpn ~]# ifup ipsec0
RTNETLINK answers: Invalid argument
That response is immediate.
The only output seems to be in /var/log/messages:
kernel: NET: Registered protocol family 10
kernel: lo: Disabled Privacy Extensions
kernel: IPv6 over IPv4 tunneling driver
kernel: NET: Registered protocol family 15
racoon: ERROR: racoon: MLS support is not enabled.
racoon: INFO: @(#)ipsec-tools 0.6.5
(http://ipsec-tools.sourceforge.net)
racoon: INFO: @(#)This product linked OpenSSL 0.9.8b 04 May 2006
(http://www.openssl.org/)
racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=8)
racoon: INFO: 127.0.0.1[500] used for NAT-T
racoon: INFO: X.X.X.X[500] used as isakmp port (fd=9)
racoon: INFO: X.X.X.X[500] used for NAT-T
racoon: INFO: 192.168.1.72[500] used as isakmp port (fd=10)
racoon: INFO: 192.168.1.72[500] used for NAT-T
racoon: INFO: ::1[500] used as isakmp port (fd=11)
racoon: INFO: fe80::250:56ff:fea8:5816%eth0[500] used as isakmp port
(fd=12)
racoon: INFO: fdb5:60da:9b8a:1:250:56ff:fea8:7d21[500] used as isakmp
port (fd=13)
racoon: INFO: fe80::250:56ff:fea8:7d21%eth1[500] used as isakmp port
(fd=14)
- where X.X.X.X is the public interface of the host.
Any ideas? It is such a helpful error message.
More information about the grlug
mailing list