Yep, rebooted the container. Here's the modules present:
[root@server18 ~]# lsmod Module Size Used by esp4 5406 0 xfrm_ipcomp 4626 0 xfrm4_mode_tunnel 2019 0 pppol2tp 22749 0 pppox 2712 1 pppol2tp ppp_async 7874 0 ppp_generic 25400 3 pppol2tp,pppox,ppp_async slhc 5821 1 ppp_generic crc_ccitt 1733 1 ppp_async vzethdev 8221 0 vznetdev 18952 10 pio_nfs 17576 0 pio_direct 28261 9 pfmt_raw 3213 0 pfmt_ploop1 6320 9 ploop 116096 23 pio_nfs,pio_direct,pfmt_raw,pfmt_ploop1 simfs 4448 0 vzrst 196693 0 vzcpt 148911 1 vzrst nfs 442438 3 pio_nfs,vzrst,vzcpt lockd 77189 2 vzrst,nfs fscache 55684 1 nfs auth_rpcgss 44949 1 nfs nfs_acl 2663 1 nfs sunrpc 268245 6 pio_nfs,nfs,lockd,auth_rpcgss,nfs_acl vziolimit 3719 0 vzmon 24462 8 vznetdev,vzrst,vzcpt ip6table_mangle 3669 0 nf_nat_ftp 3523 0 nf_conntrack_ftp 12929 1 nf_nat_ftp iptable_nat 6302 1 nf_nat 23213 3 vzrst,nf_nat_ftp,iptable_nat xt_length 1338 0 xt_hl 1547 0 xt_tcpmss 1623 0 xt_TCPMSS 3461 1 iptable_mangle 3493 0 xt_multiport 2716 0 xt_limit 2134 0 nf_conntrack_ipv4 9946 5 iptable_nat,nf_nat nf_defrag_ipv4 1531 1 nf_conntrack_ipv4 ipt_LOG 6405 0 xt_DSCP 2849 0 xt_dscp 2073 0 ipt_REJECT 2399 12 tun 19157 0 xt_owner 2258 0 vzdquota 55339 0 [permanent] vzevent 2179 1 vzdev 2733 5 vzethdev,vznetdev,vziolimit,vzmon,vzdquota iptable_filter 2937 5 ip_tables 18119 3 iptable_nat,iptable_mangle,iptable_filter ip6t_REJECT 4711 2 nf_conntrack_ipv6 8353 2 nf_defrag_ipv6 11188 1 nf_conntrack_ipv6 xt_state 1508 4 nf_conntrack 80313 9 vzrst,vzcpt,nf_nat_ftp,nf_conntrack_ftp,iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state ip6table_filter 3033 1 ip6_tables 18988 2 ip6table_mangle,ip6table_filter ipv6 322874 1627 vzrst,ip6table_mangle,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6 iTCO_wdt 7147 0 iTCO_vendor_support 3072 1 iTCO_wdt i2c_i801 11375 0 i2c_core 31084 1 i2c_i801 sg 29446 0 lpc_ich 12819 0 mfd_core 1911 1 lpc_ich e1000e 267426 0 ptp 9614 1 e1000e pps_core 11490 1 ptp ext4 419456 11 jbd2 93779 1 ext4 mbcache 8209 1 ext4 sd_mod 39005 6 crc_t10dif 1557 1 sd_mod ahci 42263 4 video 20978 0 output 2425 1 video dm_mirror 14432 0 dm_region_hash 12101 1 dm_mirror dm_log 9946 2 dm_mirror,dm_region_hash dm_mod 84369 19 dm_mirror,dm_log On Mon, Jun 23, 2014 at 12:52 AM, Pavel Odintsov <pavel.odint...@gmail.com> wrote: > Hello! > > IPsec should work from 84.8 kernel according to > https://openvz.org/IPsec but I found explicit reference about IPsec > only in 84.10: http://openvz.org/Download/kernel/rhel6-testing/042stab084.10 > > Did you restart CT after loading kernel modules for l2tp? > > On Sun, Jun 22, 2014 at 7:05 PM, Rene C. <ope...@dokbua.com> wrote: >> Ok I gave your suggestion a shot, using your link through Google >> translate and http://www.maxwhale.com/how-to-install-l2tp-vpn-on-centos/ >> for comparison. >> >> Everything seems to go well until the 'ipsec verify' part when it says: >> >> [root@vps1418 /]# ipsec verify >> Checking your system to see if IPsec got installed and started correctly: >> Version check and ipsec on-path [OK] >> Linux Openswan U2.6.32/K(no kernel code presently loaded) >> Checking for IPsec support in kernel [FAILED] >> SAref kernel support [N/A] >> Checking that pluto is running [OK] >> Pluto listening for IKE on udp 500 [FAILED] >> Pluto listening for NAT-T on udp 4500 [FAILED] >> Checking for 'ip' command [OK] >> Checking /bin/sh is not /bin/dash [OK] >> Checking for 'iptables' command [OK] >> Opportunistic Encryption Support [DISABLED] >> >> I think the biggest problem here is the "Checking for IPsec support in >> kernel"? >> >> I use 2.6.32-042stab085.20 - I know it's not the latest kernel, but >> supposedly ipsec support should be in kernels after stab084? >> >> >> >> On Sat, Jun 21, 2014 at 7:28 PM, Pavel Odintsov >> <pavel.odint...@gmail.com> wrote: >>> Hello! >>> >>> In modern version of OpenVZ you can use l2tp with ipsec support >>> instead OpenVPN: http://habrahabr.ru/company/FastVPS/blog/205162/ >>> (sorry this manual in russian language but it's very simple). It's >>> very useable because you do not need any special clients on Windows >>> hosts. Maybe you can try this? >>> >>> >>> >>> On Sat, Jun 21, 2014 at 2:11 PM, Benjamin Henrion <zoo...@gmail.com> wrote: >>>> On Sat, Jun 21, 2014 at 8:47 AM, Rene C. <ope...@dokbua.com> wrote: >>>>> I got the openvpn part itself down, no problem, but getting it to work >>>>> in a container is a lot of hassle. Many pages, but most are outdated >>>>> and things keeps changing. Anyone know how to get it to work TODAY? >>>>> >>>>> The server is an otherwise normal server with public ip addresses and >>>>> works with cpanel, no problem that far. The problem is getting an >>>>> openvpn service to work in it. >>>>> >>>>> I've already added the tun device, and I can connect to the server >>>>> with the openvpn client, just can't continue from there, so some >>>>> routing is missing. >>>>> >>>>> I've followed the general routing instructions but because openvz >>>>> doesn't support MASQ it doesn't work. >>>>> >>>>> - which modules to insmod on the hwnode >>>> >>>> Just make sure "tun" is present in lsmod. >>>> >>>>> - which modules to add into /etc/vz/vz.conf >>>> >>>> The same. "tun" should be part of the list of modules in vz.conf, so >>>> it gets loaded at vz start. >>>> >>>>> - which modules to add into /etc/vz/<ct>.conf >>>> >>>> And the for the CTID you want to run openvpn access in: >>>> >>>> https://openvz.org/VPN_via_the_TUN/TAP_device#Granting_container_an_access_to_TUN.2FTAP >>>> >>>> Can you provide openvpn-client debug messages? >>>> >>>> -- >>>> Benjamin Henrion <bhenrion at ffii.org> >>>> FFII Brussels - +32-484-566109 - +32-2-4148403 >>>> "In July 2005, after several failed attempts to legalise software >>>> patents in Europe, the patent establishment changed its strategy. >>>> Instead of explicitly seeking to sanction the patentability of >>>> software, they are now seeking to create a central European patent >>>> court, which would establish and enforce patentability rules in their >>>> favor, without any possibility of correction by competing courts or >>>> democratically elected legislators." >>>> _______________________________________________ >>>> Users mailing list >>>> Users@openvz.org >>>> https://lists.openvz.org/mailman/listinfo/users >>> >>> >>> >>> -- >>> Sincerely yours, Pavel Odintsov >>> _______________________________________________ >>> Users mailing list >>> Users@openvz.org >>> https://lists.openvz.org/mailman/listinfo/users >> _______________________________________________ >> Users mailing list >> Users@openvz.org >> https://lists.openvz.org/mailman/listinfo/users > > > > -- > Sincerely yours, Pavel Odintsov > _______________________________________________ > Users mailing list > Users@openvz.org > https://lists.openvz.org/mailman/listinfo/users _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
