Hi All,
New migrant from LET here, wondered if any of you could shed some light on this for me.
I have a variety of VPS services, most of which are just hobby use. VPN, Squid3 etc.
I am trying to get L2TP over IPSec working on CentOS 6 OpenVZ using Racoon. On my RamNode OpenVZ, it works without problem. I have written a script to set it up automatically and it works first time, everytime. However, when I run it on any other OpenVZ VPS, I get an error message when I execute the following command to initialise Racoon (the IPSec layer):
echo -e "flush;\n\
spdflush;\n\
spdadd 0.0.0.0/0[0] 0.0.0.0/0[1701] udp -P in ipsec esp/transport//require;\n\
spdadd 0.0.0.0/0[1701] 0.0.0.0/0[0] udp -P out ipsec esp/transport//require;\n"\
| setkey -c
Error:
pfkey_open: Address family not supported by protocol
I can only assume it is due to a kernel module not enabled, but which one? A lot of Google searching suggests that af_key is not enabled causing the error, but it doesn't seem to be present on the server that it is working fine on:
[root@centos ~]# modprobe af_key
FATAL: Module af_key not found.
Even kernel versions are identical between the working VPS and the error generating VPS:
[root@centos ~]# uname -r
2.6.32-042stab076.8
Any help would be very much appreciated. I intend to release this script as public domain once it's polished, but I cannot see why it will run on some OpenVZ but not others. Even if there was just a way to test whether it will work or not in advance.
Thanks!
New migrant from LET here, wondered if any of you could shed some light on this for me.
I have a variety of VPS services, most of which are just hobby use. VPN, Squid3 etc.
I am trying to get L2TP over IPSec working on CentOS 6 OpenVZ using Racoon. On my RamNode OpenVZ, it works without problem. I have written a script to set it up automatically and it works first time, everytime. However, when I run it on any other OpenVZ VPS, I get an error message when I execute the following command to initialise Racoon (the IPSec layer):
echo -e "flush;\n\
spdflush;\n\
spdadd 0.0.0.0/0[0] 0.0.0.0/0[1701] udp -P in ipsec esp/transport//require;\n\
spdadd 0.0.0.0/0[1701] 0.0.0.0/0[0] udp -P out ipsec esp/transport//require;\n"\
| setkey -c
Error:
pfkey_open: Address family not supported by protocol
I can only assume it is due to a kernel module not enabled, but which one? A lot of Google searching suggests that af_key is not enabled causing the error, but it doesn't seem to be present on the server that it is working fine on:
[root@centos ~]# modprobe af_key
FATAL: Module af_key not found.
Even kernel versions are identical between the working VPS and the error generating VPS:
[root@centos ~]# uname -r
2.6.32-042stab076.8
Any help would be very much appreciated. I intend to release this script as public domain once it's polished, but I cannot see why it will run on some OpenVZ but not others. Even if there was just a way to test whether it will work or not in advance.
Thanks!