IPSEC.service failed to start up on Centos

hello experts
for i am a new for Linux, while i am trying to start up IPSEC service i got below error and failed, could you guide me how to identify the problem and fixed?
thank you

[root@izj6cj3u8v3v07l4w3162fz ~]# systemctl start ipsce
Failed to start ipsce.service: Unit not found.
[root@izj6cj3u8v3v07l4w3162fz ~]# systemctl start ipsec
Job for ipsec.service failed because the control process exited with error code. See "systemctl status ipsec.service" and "journalctl -xe" for details.
[root@izj6cj3u8v3v07l4w3162fz ~]# systemctl status ipsec.service
鈼?ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
   Loaded: loaded (/usr/lib/systemd/system/ipsec.service; enabled; vendor preset: disabled)
   Active: failed (Result: start-limit) since Fri 2017-11-17 14:42:55 CST; 7s ago
     Docs: man:ipsec(8)
           man:pluto(8)
           man:ipsec.conf(5)
  Process: 3074 ExecStartPre=/usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig (code=exited, status=3)

Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service: control process exited, code=exited status=3
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Unit ipsec.service entered failed state.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service failed.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service holdoff time over, scheduling restart.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: start request repeated too quickly for ipsec.service
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Unit ipsec.service entered failed state.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service failed.
beardog1113Asked:
Who is Participating?
 
David FavorConnect With a Mentor Linux/LXD/WordPress/Hosting SavantCommented:
You'll have to refer to your Distro + packages installed to determine the correct incantation for starting IKE.

I just use TLS/SSL to wrap connections. Been a long while since I considered using IPSEC, as this requires both local machine + all machines being contacted to be running compatible versions of IPSEC or conversations hang/die/glitch.
0
 
beardog1113Author Commented:
below is the ipsec.conf

config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=

[lns default]
ip range = 172.31.213.227-172.31.213.230
local ip = 172.31.213.226
refuse chap = yes
refuse pap = yes
require authentication = yes
name=izj6cj3u8v3v07l4w3162fz
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
0
 
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Your journal shows the problem Failed to start Internet Key Exchange, so likely best to refer to your CentOS docs + try to get your IKE daemon running manually. In other words, there's likely a way to start this daemon in foreground for debugging. Once you can start it manually, likely IPSEC can start it when required.

All this said... Usually IPSEC may be over kill.

Usually SSL or application based tunneling tends to be far easier to setup + maintain.
0
 
beardog1113Author Commented:
hi David
then what is the command to start IKE daemon?

thank you
0
 
beardog1113Author Commented:
thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.