pfkey_open error on L2TP VPN server


New Member
Hi All,

New migrant from LET here, wondered if any of you could shed some light on this for me.

I have a variety of VPS services, most of which are just hobby use. VPN, Squid3 etc.

I am trying to get L2TP over IPSec working on CentOS 6 OpenVZ using Racoon. On my RamNode OpenVZ, it works without problem. I have written a script to set it up automatically and it works first time, everytime. However, when I run it on any other OpenVZ VPS, I get an error message when I execute the following command to initialise Racoon (the IPSec layer):

echo -e "flush;\n\
spdadd[0][1701] udp -P in ipsec esp/transport//require;\n\
spdadd[1701][0] udp -P out ipsec esp/transport//require;\n"\
| setkey -c


pfkey_open: Address family not supported by protocol

I can only assume it is due to a kernel module not enabled, but which one? A lot of Google searching suggests that af_key is not enabled causing the error, but it doesn't seem to be present on the server that it is working fine on:

[[email protected] ~]# modprobe af_key
FATAL: Module af_key not found.

Even kernel versions are identical between the working VPS and the error generating VPS:

[[email protected] ~]# uname -r

Any help would be very much appreciated. I intend to release this script as public domain once it's polished, but I cannot see why it will run on some OpenVZ but not others. Even if there was just a way to test whether it will work or not in advance.