Hello! IPsec should work from 84.8 kernel according to https://openvz.org/IPsec but I found explicit reference about IPsec only in 84.10: http://openvz.org/Download/kernel/rhel6-testing/042stab084.10
Did you restart CT after loading kernel modules for l2tp? On Sun, Jun 22, 2014 at 7:05 PM, Rene C. <ope...@dokbua.com> wrote: > Ok I gave your suggestion a shot, using your link through Google > translate and http://www.maxwhale.com/how-to-install-l2tp-vpn-on-centos/ > for comparison. > > Everything seems to go well until the 'ipsec verify' part when it says: > > [root@vps1418 /]# ipsec verify > Checking your system to see if IPsec got installed and started correctly: > Version check and ipsec on-path [OK] > Linux Openswan U2.6.32/K(no kernel code presently loaded) > Checking for IPsec support in kernel [FAILED] > SAref kernel support [N/A] > Checking that pluto is running [OK] > Pluto listening for IKE on udp 500 [FAILED] > Pluto listening for NAT-T on udp 4500 [FAILED] > Checking for 'ip' command [OK] > Checking /bin/sh is not /bin/dash [OK] > Checking for 'iptables' command [OK] > Opportunistic Encryption Support [DISABLED] > > I think the biggest problem here is the "Checking for IPsec support in > kernel"? > > I use 2.6.32-042stab085.20 - I know it's not the latest kernel, but > supposedly ipsec support should be in kernels after stab084? > > > > On Sat, Jun 21, 2014 at 7:28 PM, Pavel Odintsov > <pavel.odint...@gmail.com> wrote: >> Hello! >> >> In modern version of OpenVZ you can use l2tp with ipsec support >> instead OpenVPN: http://habrahabr.ru/company/FastVPS/blog/205162/ >> (sorry this manual in russian language but it's very simple). It's >> very useable because you do not need any special clients on Windows >> hosts. Maybe you can try this? >> >> >> >> On Sat, Jun 21, 2014 at 2:11 PM, Benjamin Henrion <zoo...@gmail.com> wrote: >>> On Sat, Jun 21, 2014 at 8:47 AM, Rene C. <ope...@dokbua.com> wrote: >>>> I got the openvpn part itself down, no problem, but getting it to work >>>> in a container is a lot of hassle. Many pages, but most are outdated >>>> and things keeps changing. Anyone know how to get it to work TODAY? >>>> >>>> The server is an otherwise normal server with public ip addresses and >>>> works with cpanel, no problem that far. The problem is getting an >>>> openvpn service to work in it. >>>> >>>> I've already added the tun device, and I can connect to the server >>>> with the openvpn client, just can't continue from there, so some >>>> routing is missing. >>>> >>>> I've followed the general routing instructions but because openvz >>>> doesn't support MASQ it doesn't work. >>>> >>>> - which modules to insmod on the hwnode >>> >>> Just make sure "tun" is present in lsmod. >>> >>>> - which modules to add into /etc/vz/vz.conf >>> >>> The same. "tun" should be part of the list of modules in vz.conf, so >>> it gets loaded at vz start. >>> >>>> - which modules to add into /etc/vz/<ct>.conf >>> >>> And the for the CTID you want to run openvpn access in: >>> >>> https://openvz.org/VPN_via_the_TUN/TAP_device#Granting_container_an_access_to_TUN.2FTAP >>> >>> Can you provide openvpn-client debug messages? >>> >>> -- >>> Benjamin Henrion <bhenrion at ffii.org> >>> FFII Brussels - +32-484-566109 - +32-2-4148403 >>> "In July 2005, after several failed attempts to legalise software >>> patents in Europe, the patent establishment changed its strategy. >>> Instead of explicitly seeking to sanction the patentability of >>> software, they are now seeking to create a central European patent >>> court, which would establish and enforce patentability rules in their >>> favor, without any possibility of correction by competing courts or >>> democratically elected legislators." >>> _______________________________________________ >>> Users mailing list >>> Users@openvz.org >>> https://lists.openvz.org/mailman/listinfo/users >> >> >> >> -- >> Sincerely yours, Pavel Odintsov >> _______________________________________________ >> Users mailing list >> Users@openvz.org >> https://lists.openvz.org/mailman/listinfo/users > _______________________________________________ > Users mailing list > Users@openvz.org > https://lists.openvz.org/mailman/listinfo/users -- Sincerely yours, Pavel Odintsov _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
