Hello, it looks like the usual way to do ipsec on centos5 won't work anymore on centos6 I installed ipsec-tools but an interface type IPsec is not recognized by the kernel ifup ipsec0 Device does not seem to be present, delaying initialization. I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5 any hints ? thank you Rick
On 03/04/2013 10:45 AM, Riccardo Veraldi wrote:> Hello, > it looks like the usual way to do ipsec on centos5 won't work anymore on > centos6 > > I installed ipsec-tools but an interface type IPsec is not recognized by > the kernel > > ifup ipsec0 > Device does not seem to be present, delaying initialization. > > > I am not planning to use the awful OpenSwan, I Want to sue the Kame > implementation which was working fine on CentOS5 > > any hints ? > > thank you > > Rick > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >Hmm... I have been using ipsec-tools on linux for a long time and was never had it create and ipsec0 device. Only when I was using FreeSwan years ago, did I see and ipsec device. -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark at netwolves.com http://www.netwolves.com
Am 04.03.2013 um 17:41 schrieb Steve Clark <sclark at netwolves.com>:> On 03/04/2013 10:45 AM, Riccardo Veraldi wrote: >> Hello, >> it looks like the usual way to do ipsec on centos5 won't work anymore on >> centos6 >> >> I installed ipsec-tools but an interface type IPsec is not recognized by >> the kernel >> >> ifup ipsec0 >> Device does not seem to be present, delaying initialization. >> >> >> I am not planning to use the awful OpenSwan, I Want to sue the Kame >> implementation which was working fine on CentOS5 >> >> any hints ? >> >> thank you >> >> Rick >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > Hmm... > > I have been using ipsec-tools on linux for a long time and was never had it create and ipsec0 device. > > Only when I was using FreeSwan years ago, did I see and ipsec device.this is specific to rhel5 - they have /etc/sysconfig/network-scripts/ifup-ipsec for that. in rhel6 this possibility was replaced https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Migration_Planning_Guide/sect-Migration_Guide-Package_Changes-Other_Package_Changes.html -- LF
On 03/04/2013 04:45 PM, Riccardo Veraldi wrote: [snip]> I am not planning to use the awful OpenSwan, I Want to sue the Kame > implementation which was working fine on CentOS5I don't have experience with the Kame implementation. Maybe have a look at Libreswan which was forked from Openswan 2.6.38. It has a ton of bugfixes and patches over Openswan and there is an EL6 repo which should work on CentOS6 too. More info: http://libreswan.org https://download.libreswan.org/ https://github.com/libreswan https://lists.libreswan.org/mailman/listinfo https://twitter.com/libreswan #swan IRC channel on FreeNode AFAIK one the of the main developers and driving forces behind Libreswan is employed by Red Hat so it would not surprise me if Libreswan were to replace Openswan in EL7. Regards, Patrick
On 03/04/2013 07:45 AM, Riccardo Veraldi wrote:> I am not planning to use the awful OpenSwan, I Want to sue the Kame > implementation which was working fine on CentOS5No can do. As Leon pointed out, ipsec-tools was discontinued. The documentation for ipsec-tools was always *awful* and the examples that were included in the documentation definitely did not match common configurations. Getting a tunnel up to any other type of OS was a nightmare. Good riddance.
Hello, I managed to make ipsec-tools work on CentOS 6.x here is how I did it: http://unix.wikinet.org/wiki/Configure_IPSec_on_CentOS_6.x_using_Kame_implementation#Modify_network_scripts thanks Rick On 3/5/13 12:01 AM, Gordon Messmer wrote:> On 03/04/2013 07:45 AM, Riccardo Veraldi wrote: >> I am not planning to use the awful OpenSwan, I Want to sue the Kame >> implementation which was working fine on CentOS5 > No can do. As Leon pointed out, ipsec-tools was discontinued. The > documentation for ipsec-tools was always *awful* and the examples that > were included in the documentation definitely did not match common > configurations. Getting a tunnel up to any other type of OS was a > nightmare. Good riddance. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
On 03/05/2013 08:13 AM, Riccardo Veraldi wrote:> I managed to make ipsec-tools work on CentOS 6.x > here is how I did it:Yes, you got a tunnel working between two systems both running ipsec-tools on Linux. Try to link with anything else. The configuration that you present will not work with Openswan on Linux, ipsecctl on OpenBSD, Cisco or Sonicwall firewalls. Whatever your feelings about those other stacks, ipsec-tools use on Red Hat remains poorly documented (non-existent since the package was discontinued) and not inter-operable without undocumented options.