Can IPSec (either racoon or openswan) run without DNS on the connecting hosts? Does DNS need to be configured to talk to windows servers, too? We do not have DNS running inside our firewall, so: ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.12/K2.6.18-92.1.13.el5 (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing [OK] Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption DNS checks: Looking for TXT in forward dns zone: store191 [MISSING] Does the machine have at least one non-private address? [OK] Looking for TXT in reverse dns zone: 207.3.181.128.in-addr.arpa. [MISSING] Looking for TXT in reverse dns zone: 208.3.181.128.in-addr.arpa. [MISSING] Do I need to create false entries for dns? Our nsswitch.conf is set to all files, and dns is not defined there. We really don't want to set up a DNS server for this, if we can help it. Thanks, Peter Shulkin -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
