[openstack-dev] [VPNaas]How to load kernel module with IPSec?

Paul Michali pc at michali.net
Mon Jun 29 13:13:56 UTC 2015


Ah, so Icehouse... From what I recall, there were two problems running RHEL
type operating systems with *Swan. First, they use LibSwan instead of
OpenSwan. Second, there were some config/setup problems with StrongSwan
based connections.

Recently, there were some commits to resolve these issues. For the kernel
issue that you have, see commit 72e1f670, which creates a LibSwan driver
and deals with the kernel module loading.  You may need to backport that
fix to run VPN under CentOS.

Regards,

Paul Michali (pc_m)


On Mon, Jun 29, 2015 at 8:26 AM Zhi Chang <changzhi at unitedstack.com> wrote:

> Hi, thanks for you reply.
> My OS is CentOS 6.5 and doing an OpenStack install, and my OpenStack
> verison is I.
>
> Regards,
> Zhi Chang
>
>
> ------------------ Original ------------------
> *From: * "Paul Michali"<pc at michali.net>;
> *Date: * Mon, Jun 29, 2015 06:37 PM
> *To: * "OpenStack Development Mailing List (not for usage questions)"<
> openstack-dev at lists.openstack.org>;
> *Subject: * Re: [openstack-dev] [VPNaas]How to load kernel module with
> IPSec?
>
> Curious as to what operating system you are using and which release?
>
> Are you running under DevStack or doing an OpenStack install?
>
> Regards,
>
> Paul Michali (pc_m)
>
> On Mon, Jun 29, 2015 at 6:31 AM Zhi Chang <changzhi at unitedstack.com>
> wrote:
>
>> Hi, all
>>     I have some questions about how to load kernel module of IPSec. I'm
>> using Openswan to build VPNaas and there is a error message says "no kernel
>> code presently loaded" when I run "ipsec verify". My solution is running
>> "service ipsec start" on host to load kernel module. Everything goes okay
>> when I run it. But I think the solution is too ungraceful. Does anyone
>> have a simple solution to resolve this problem instead of run "service
>> ipsec start"?
>>
>> Thx.
>> Zhi Chang
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150629/6ed69895/attachment.html>


More information about the OpenStack-dev mailing list