Link to home
Start Free TrialLog in
Avatar of beardog1113
beardog1113Flag for China

asked on

IPSEC.service failed to start up on Centos

hello experts
for i am a new for Linux, while i am trying to start up IPSEC service i got below error and failed, could you guide me how to identify the problem and fixed?
thank you

[root@izj6cj3u8v3v07l4w3162fz ~]# systemctl start ipsce
Failed to start ipsce.service: Unit not found.
[root@izj6cj3u8v3v07l4w3162fz ~]# systemctl start ipsec
Job for ipsec.service failed because the control process exited with error code. See "systemctl status ipsec.service" and "journalctl -xe" for details.
[root@izj6cj3u8v3v07l4w3162fz ~]# systemctl status ipsec.service
鈼?ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
   Loaded: loaded (/usr/lib/systemd/system/ipsec.service; enabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Fri 2017-11-17 14:42:55 CST; 7s ago
     Docs: man:ipsec(8)
           man:pluto(8)
           man:ipsec.conf(5)
  Process: 3074 ExecStartPre=/usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig (code=exited, status=3)

Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service: control process exited, code=exited status=3
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Unit ipsec.service entered failed state.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service failed.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service holdoff time over, scheduling restart.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: start request repeated too quickly for ipsec.service
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Unit ipsec.service entered failed state.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service failed.
Avatar of beardog1113
beardog1113
Flag of China image

ASKER

below is the ipsec.conf

config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=

[lns default]
ip range = 172.31.213.227-172.31.213.230
local ip = 172.31.213.226
refuse chap = yes
refuse pap = yes
require authentication = yes
name=izj6cj3u8v3v07l4w3162fz
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
Avatar of David Favor
Your journal shows the problem Failed to start Internet Key Exchange, so likely best to refer to your CentOS docs + try to get your IKE daemon running manually. In other words, there's likely a way to start this daemon in foreground for debugging. Once you can start it manually, likely IPSEC can start it when required.

All this said... Usually IPSEC may be over kill.

Usually SSL or application based tunneling tends to be far easier to setup + maintain.
hi David
then what is the command to start IKE daemon?

thank you
ASKER CERTIFIED SOLUTION
Avatar of David Favor
David Favor
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
thank you