[Swan] facing error in klips module
Yogesh Purohit
yogeshpurohit2 at gmail.com
Mon Feb 15 06:19:08 UTC 2016
Hi,
I am trying to compile and use source code of libreswan-3.16 on centos7
machine.
I compiled and instaled it as per below mentioned link:
http://libreswan.googlecode.com/git/README
I configured /etc/ipsec.conf file as shown below:
# /etc/ipsec.conf - Libreswan IPsec configuration file
# Uncomment when using this configuration file with openswan
#version 2
#
# Manual: ipsec.conf.5
config setup
# which IPsec stack to use, "netkey" (the default), "klips" or
"mast".
# For MacOSX use "bsd"
protostack=klips
#
# Normally, pluto logs via syslog. If you want to log to a file,
# specify below or to disable logging, eg for embedded systems, use
# the file name /dev/null
# Note: SElinux policies might prevent pluto writing to a log file
at
# an unusual location.
logfile=/var/log/pluto.log
#
# Do not enable debug options to debug configuration issues!
#
# plutodebug "all", "none" or a combation from below:
# "raw crypt parsing emitting control controlmore kernel pfkey
# natt x509 dpd dns oppo oppoinfo private".
# Note: "private" is not included with "all", as it can show
confidential
# information. It must be specifically specified
# examples:
plutodebug="all"
# plutodebug="all crypt"
# Again: only enable plutodebug when asked by a developer
#plutodebug=none
#
# Enable core dumps (might require system changes, like ulimit -C)
# This is required for abrtd to work properly
# Note: SElinux policies might prevent pluto writing the core at
# unusual locations
dumpdir=/var/run/pluto/
#
# NAT-TRAVERSAL support
# exclude networks used on server side by adding %v4:!a.b.c.0/24
# It seems that T-Mobile in the US and Rogers/Fido in Canada are
# using 25/8 as "private" address space on their wireless networks.
# This range has never been announced via BGP (at least upto 2015)
virtual_private=%v4:
10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
nhelpers=1
#ipsecinterfaces="eth0"
# For example connections, see your distribution's documentation directory,
# or https://libreswan.org/wiki/
#
# There is also a lot of information in the manual page, "man ipsec.conf"
# It is best to add your IPsec connections as separate files in
/etc/ipsec.d/
#include /etc/ipsec.d/*.conf
conn sampple137
# IKEv1 or IKEv2 Protocol
ikev2=insist
authby=secret
# Cloud VPN Gateway IP address
left=192.168.10.5
# Non-IPSec side subnet
leftsubnet=192.168.20.0/24
#leftsourceip=%config
# IPSec side Home Hub IP address
#right=192.168.10.9
right=%any
#dpdtimeout=10
#dpddelay=10
#dpdaction=clear
# IPSec side Client (Behind HH) subnet
rightsubnet=192.168.40.0/24
#rightsourceip=192.168.40.0/24
#rightsourceip=%dhcp
# IKE Phase1 config - used during Phase2 key negotiation
ike=aes128-sha1;modp1024
# IKE Phase2 config - used during traffic
phase2=esp
phase2alg=aes128-sha1
# Perfect Forward Secrecy
pfs=yes
# Phase1/Phase2 rekey
rekey=no
# phase 1 life time
#ikelifetime=8h
# phase 2 life time
#keylife=1h
#rekeymargin=10s
#keyingtries=2
# IPSec mode - Tunnel / Transport
type=tunnel
auto=add
After doing so, when I execute: ipsec setup start
I receive this error:
FAILURE to load KLIPS/MAST module
Redirecting to: systemctl start ipsec.service
Job for ipsec.service failed because the control process exited with error
code. See "systemctl status ipsec.service" and "journalctl -xe" for details.
Please, help me in configuring it, as I might be doing something wrong in
configuration.
--
Best Regards,
Yogesh Purohit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160215/630026b7/attachment.html>
More information about the Swan
mailing list