# pfkey_open error on L2TP VPN server



## mark (May 27, 2013)

Hi All,

New migrant from LET here, wondered if any of you could shed some light on this for me.

I have a variety of VPS services, most of which are just hobby use. VPN, Squid3 etc.

I am trying to get L2TP over IPSec working on CentOS 6 OpenVZ using Racoon. On my RamNode OpenVZ, it works without problem. I have written a script to set it up automatically and it works first time, everytime. However, when I run it on any other OpenVZ VPS, I get an error message when I execute the following command to initialise Racoon (the IPSec layer):


echo -e "flush;\n\
spdflush;\n\
spdadd 0.0.0.0/0[0] 0.0.0.0/0[1701] udp -P in ipsec esp/transport//require;\n\
spdadd 0.0.0.0/0[1701] 0.0.0.0/0[0] udp -P out ipsec esp/transport//require;\n"\
| setkey -c

Error:


pfkey_open: Address family not supported by protocol

I can only assume it is due to a kernel module not enabled, but which one? A lot of Google searching suggests that af_key is not enabled causing the error, but it doesn't seem to be present on the server that it is working fine on:


[[email protected] ~]# modprobe af_key 
FATAL: Module af_key not found.

Even kernel versions are identical between the working VPS and the error generating VPS:


[[email protected] ~]# uname -r
2.6.32-042stab076.8

Any help would be very much appreciated. I intend to release this script as public domain once it's polished, but I cannot see why it will run on some OpenVZ but not others. Even if there was just a way to test whether it will work or not in advance.

Thanks!


----------

