beardog1113
asked on
IPSEC.service failed to start up on Centos
hello experts
for i am a new for Linux, while i am trying to start up IPSEC service i got below error and failed, could you guide me how to identify the problem and fixed?
thank you
[root@izj6cj3u8v3v07l4w316 2fz ~]# systemctl start ipsce
Failed to start ipsce.service: Unit not found.
[root@izj6cj3u8v3v07l4w316 2fz ~]# systemctl start ipsec
Job for ipsec.service failed because the control process exited with error code. See "systemctl status ipsec.service" and "journalctl -xe" for details.
[root@izj6cj3u8v3v07l4w316 2fz ~]# systemctl status ipsec.service
鈼?ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
Loaded: loaded (/usr/lib/systemd/system/i psec.servi ce; enabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2017-11-17 14:42:55 CST; 7s ago
Docs: man:ipsec(8)
man:pluto(8)
man:ipsec.conf(5)
Process: 3074 ExecStartPre=/usr/libexec/ ipsec/addc onn --config /etc/ipsec.conf --checkconfig (code=exited, status=3)
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service: control process exited, code=exited status=3
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Unit ipsec.service entered failed state.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service failed.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service holdoff time over, scheduling restart.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: start request repeated too quickly for ipsec.service
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Unit ipsec.service entered failed state.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service failed.
for i am a new for Linux, while i am trying to start up IPSEC service i got below error and failed, could you guide me how to identify the problem and fixed?
thank you
[root@izj6cj3u8v3v07l4w316
Failed to start ipsce.service: Unit not found.
[root@izj6cj3u8v3v07l4w316
Job for ipsec.service failed because the control process exited with error code. See "systemctl status ipsec.service" and "journalctl -xe" for details.
[root@izj6cj3u8v3v07l4w316
鈼?ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
Loaded: loaded (/usr/lib/systemd/system/i
Active: failed (Result: start-limit) since Fri 2017-11-17 14:42:55 CST; 7s ago
Docs: man:ipsec(8)
man:pluto(8)
man:ipsec.conf(5)
Process: 3074 ExecStartPre=/usr/libexec/
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service: control process exited, code=exited status=3
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Unit ipsec.service entered failed state.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service failed.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service holdoff time over, scheduling restart.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: start request repeated too quickly for ipsec.service
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: Unit ipsec.service entered failed state.
Nov 17 14:42:55 izj6cj3u8v3v07l4w3162fz systemd[1]: ipsec.service failed.
Your journal shows the problem Failed to start Internet Key Exchange, so likely best to refer to your CentOS docs + try to get your IKE daemon running manually. In other words, there's likely a way to start this daemon in foreground for debugging. Once you can start it manually, likely IPSEC can start it when required.
All this said... Usually IPSEC may be over kill.
Usually SSL or application based tunneling tends to be far easier to setup + maintain.
All this said... Usually IPSEC may be over kill.
Usually SSL or application based tunneling tends to be far easier to setup + maintain.
ASKER
hi David
then what is the command to start IKE daemon?
thank you
then what is the command to start IKE daemon?
thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you
ASKER
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0
oe=off
protostack=netkey
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=yes
ikelifetime=8h
keylife=1h
type=transport
left=
[lns default]
ip range = 172.31.213.227-172.31.213.
local ip = 172.31.213.226
refuse chap = yes
refuse pap = yes
require authentication = yes
name=izj6cj3u8v3v07l4w3162
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes