Security Basics mailing list archives
Linux FreeS/WAN road warrior problem
From: Andrej <andrej () rikom si>
Date: Sat, 21 Jun 2003 14:08:51 +0200 (CEST)
Hello I have set up a network that can be found on http://www.sk-branik.si/ipsec.txt. I have succesfully compiled and installed freeswan 2.0 on router and linux2. Before running freeswan I have checked that all hosts can ping each other - I can ping from linux2 to router (both interfaces) and linux1, etc. Now to my problem, when I start ipsec on linux2 with "ipsec auto --up road" the tunnel is established, but I can't ping linux1. Here's the output of tcpdump on an notebook that was connected to the same HUB that linux2 and router(eth1) : 12:35:04.348781 192.168.200.2 > 192.168.15.100: ESP(spi=0x948a6234,seq=0x1d) 12:35:05.359466 192.168.200.2 > 192.168.15.100: ESP(spi=0x948a6234,seq=0x1e) 12:35:06.359355 192.168.200.2 > 192.168.15.100: ESP(spi=0x948a6234,seq=0x1f) 12:35:07.359278 192.168.200.2 > 192.168.15.100: ESP(spi=0x948a6234,seq=0x20) 12:35:08.359258 192.168.200.2 > 192.168.15.100: ESP(spi=0x948a6234,seq=0x21) On linux2 my ipsec.conf looks like this : ... conn road left=192.168.200.2 leftnexthop=%defaultroute leftid=@linux.wlan leftrsasigkey=<key> right=192.168.15.100 rightsubnet=192.168.15.0/24 rightid=@gw.wlan rightrsasigkey=<key> auto=add On router my ipsec.conf looks like this : ... conn road left=192.168.15.100 leftid=@gw.wlan leftsubnet=192.168.15.0/24 leftrsasigkey=<key> rightnexthop=%defaultroute right=%any rightid=@linux.wlan rightrsasigkey=<key> auto=add Basicly I'm trying to establish a secure tunnel from linux2 to the LAN behind router (192.168.15.0/24). What am I doing wrong? P.S.: The linux2 and router machine both run RH 7.3 with kernel 2.4.20 and fresswan compiled as modules (make oldmod ; make minstall). Many thanks for your help and have a nice day, Andrej. --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Linux FreeS/WAN road warrior problem Andrej (Jun 23)
- Re: Linux FreeS/WAN road warrior problem Dana Epp (Jun 24)
- Re: Linux FreeS/WAN road warrior problem Andrej (Jun 24)
- Re: Linux FreeS/WAN road warrior problem Dana Epp (Jun 24)