<div dir="ltr"><font size="3">Hi,</font><div><font size="3"><br></font></div><div><font size="3"> I am trying to compile and use source code of libreswan-3.16 on centos7 machine.</font></div><div><font size="3"><br></font></div><div><font size="3">I compiled and instaled it as per below mentioned link:</font></div><div><font size="3"><a href="http://libreswan.googlecode.com/git/README">http://libreswan.googlecode.com/git/README</a></font></div><div><font size="3"><br></font></div><div><font size="3">I configured /etc/ipsec.conf file as shown below:</font></div><div><font size="3"><br></font></div><div><font size="3"><div># /etc/ipsec.conf - Libreswan IPsec configuration file</div><div><br></div><div># Uncomment when using this configuration file with openswan</div><div>#version 2</div><div>#</div><div># Manual: ipsec.conf.5</div><div><br></div><div>config setup</div><div> # which IPsec stack to use, "netkey" (the default), "klips" or "mast".</div><div> # For MacOSX use "bsd"</div><div> protostack=klips</div><div> #</div><div> # Normally, pluto logs via syslog. If you want to log to a file,</div><div> # specify below or to disable logging, eg for embedded systems, use</div><div> # the file name /dev/null</div><div> # Note: SElinux policies might prevent pluto writing to a log file at</div><div> # an unusual location.</div><div> logfile=/var/log/pluto.log</div><div> #</div><div> # Do not enable debug options to debug configuration issues!</div><div> #</div><div> # plutodebug "all", "none" or a combation from below:</div><div> # "raw crypt parsing emitting control controlmore kernel pfkey</div><div> # natt x509 dpd dns oppo oppoinfo private".</div><div> # Note: "private" is not included with "all", as it can show confidential</div><div> # information. It must be specifically specified</div><div> # examples:</div><div> plutodebug="all"</div><div> # plutodebug="all crypt"</div><div> # Again: only enable plutodebug when asked by a developer</div><div> #plutodebug=none</div><div> #</div><div> # Enable core dumps (might require system changes, like ulimit -C)</div><div> # This is required for abrtd to work properly</div><div> # Note: SElinux policies might prevent pluto writing the core at</div><div> # unusual locations</div><div> dumpdir=/var/run/pluto/</div><div> #</div><div> # NAT-TRAVERSAL support</div><div> # exclude networks used on server side by adding %v4:!a.b.c.0/24</div><div> # It seems that T-Mobile in the US and Rogers/Fido in Canada are</div><div> # using 25/8 as "private" address space on their wireless networks.</div><div> # This range has never been announced via BGP (at least upto 2015)</div><div> virtual_private=%v4:<a href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10</a></div><div> nhelpers=1</div><div> #ipsecinterfaces="eth0"</div><div><br></div><div># For example connections, see your distribution's documentation directory,</div><div># or <a href="https://libreswan.org/wiki/">https://libreswan.org/wiki/</a></div><div>#</div><div># There is also a lot of information in the manual page, "man ipsec.conf"</div><div><div># It is best to add your IPsec connections as separate files in /etc/ipsec.d/</div><div>#include /etc/ipsec.d/*.conf</div><div><br></div><div>conn sampple137</div><div> # IKEv1 or IKEv2 Protocol</div><div> ikev2=insist</div><div> authby=secret</div><div> # Cloud VPN Gateway IP address</div><div> left=192.168.10.5</div><div> # Non-IPSec side subnet</div><div> leftsubnet=<a href="http://192.168.20.0/24">192.168.20.0/24</a></div><div> #leftsourceip=%config</div><div> # IPSec side Home Hub IP address</div><div> #right=192.168.10.9</div><div> right=%any</div><div> #dpdtimeout=10</div><div> #dpddelay=10</div><div> #dpdaction=clear</div><div> # IPSec side Client (Behind HH) subnet</div><div> rightsubnet=<a href="http://192.168.40.0/24">192.168.40.0/24</a></div><div> #rightsourceip=<a href="http://192.168.40.0/24">192.168.40.0/24</a></div><div> #rightsourceip=%dhcp</div><div> # IKE Phase1 config - used during Phase2 key negotiation</div><div> ike=aes128-sha1;modp1024</div><div> # IKE Phase2 config - used during traffic</div><div> phase2=esp</div><div> phase2alg=aes128-sha1</div><div> # Perfect Forward Secrecy</div><div> pfs=yes</div><div> # Phase1/Phase2 rekey</div><div> rekey=no</div><div> # phase 1 life time</div><div> #ikelifetime=8h</div><div> # phase 2 life time</div><div> #keylife=1h</div><div> #rekeymargin=10s</div><div> #keyingtries=2</div><div> # IPSec mode - Tunnel / Transport</div><div> type=tunnel</div><div> auto=add</div></div><div><br></div><div>After doing so, when I execute: ipsec setup start</div><div><br></div><div>I receive this error:</div><div><br></div><div><div>FAILURE to load KLIPS/MAST module</div><div>Redirecting to: systemctl start ipsec.service</div><div>Job for ipsec.service failed because the control process exited with error code. See "systemctl status ipsec.service" and "journalctl -xe" for details.</div></div><div><br></div><div>Please, help me in configuring it, as I might be doing something wrong in configuration.</div><div><br></div></font><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">Best Regards,<div><br></div><div>Yogesh Purohit</div></div></div>
</div></div>