Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Linux FreeS/WAN road warrior problem

From: Andrej <andrej () rikom si>
Date: Sat, 21 Jun 2003 14:08:51 +0200 (CEST)
Hello

I have set up a network that can be found on
http://www.sk-branik.si/ipsec.txt. I have succesfully
compiled and installed freeswan 2.0 on router and linux2. Before running
freeswan I have checked that all hosts can ping each other - I can ping
from linux2 to router (both interfaces) and linux1, etc. Now to my
problem, when I start ipsec on linux2 with "ipsec auto --up road" the
tunnel is established, but I can't ping linux1. Here's the output of
tcpdump on an notebook that was connected to the same HUB that linux2 and
router(eth1) :

12:35:04.348781 192.168.200.2 > 192.168.15.100:
ESP(spi=0x948a6234,seq=0x1d)
12:35:05.359466 192.168.200.2 > 192.168.15.100:
ESP(spi=0x948a6234,seq=0x1e)
12:35:06.359355 192.168.200.2 > 192.168.15.100:
ESP(spi=0x948a6234,seq=0x1f)
12:35:07.359278 192.168.200.2 > 192.168.15.100:
ESP(spi=0x948a6234,seq=0x20)
12:35:08.359258 192.168.200.2 > 192.168.15.100:
ESP(spi=0x948a6234,seq=0x21)


On linux2 my ipsec.conf looks like this :

...
conn road
        left=192.168.200.2
        leftnexthop=%defaultroute
        leftid=@linux.wlan
        leftrsasigkey=<key>
        right=192.168.15.100
        rightsubnet=192.168.15.0/24
        rightid=@gw.wlan
        rightrsasigkey=<key>
        auto=add


On router my ipsec.conf looks like this :

...
conn road
    left=192.168.15.100
    leftid=@gw.wlan
    leftsubnet=192.168.15.0/24
    leftrsasigkey=<key>
    rightnexthop=%defaultroute
    right=%any
    rightid=@linux.wlan
    rightrsasigkey=<key>
    auto=add

Basicly I'm trying to establish a secure tunnel from linux2 to the LAN
behind router (192.168.15.0/24). What am I doing wrong?

P.S.: The linux2 and router machine both run RH 7.3 with kernel 2.4.20 and
fresswan compiled as modules (make oldmod ; make minstall).

Many thanks for your help and have a nice day,

        Andrej.


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: