我正在尝试在我的 Ubuntu11.10 服务器上运行 OpenSWAN。到目前为止,我所做的就是从包管理器安装 openswan并尝试设置 conf 文件。但是,IPSec 支持似乎已损坏,因此 OpenSWAN 无法执行其操作。
尝试启动 IPSec
$ sudo ipsec setup --start
ipsec_setup: Starting Openswan IPsec 2.6.28...
ipsec_setup: No KLIPS support found while requested, desperately falling back to netkey
ipsec_setup: Even NETKEY support is not there, aborting
验证 IPSec
$ sudo ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.28/K(no kernel code presently loaded)
Checking for IPsec support in kernel [FAILED]
Checking that pluto is running [FAILED]
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
IPSec 版本
$ sudo ipsec version
Linux Openswan U2.6.28/K(no kernel code presently loaded)
See `ipsec --copyright' for copyright information.
Linux 构建:
$ uname -a
Linux metabox 2.6.18-028stab092.1 #1 SMP Wed Jul 20 19:47:12 MSD 2011 x86_64 x86_64 x86_64 GNU/Linux
我该如何解决 IPSec 的这个问题?这是一个托管 VPS,如果我能找到其他替代方案,我想避免重建内核。
答案1
如果没有存档 ISO 和存档包,我认为这是无法解决的。Natty repos 的 Contents-amd64.gz 摘录告诉我,grep 'linux-image-2.6.1' Contents-amd64从 11.10 开始,该查询返回一个空集。我能追溯到的最早版本是 2.6.38-8,如下所示grep 'linux-image-2.6.3' Contents-amd64 | sort -r
内核更新到最新版本即可。楼主能否告诉我内核更新到最新版本是否可行。聊天中另有说明。
答案2
您可以像这样加载所需的模块:
sudo modprobe af_key
然后将其添加到/etc/modules:
af_key