freeswan on testing/2.4.18 kernel

[Brendan J Simon]

I'm trying to get FreeS/WAN working on two old Pentium machines which 
are on the same subnet.  This is just for testing before I open the 
firewall to an FreeS/WAN IPSec server so that I can have a VPN from home 
to work :)

The two mahcines have an IP address of 192.168.51 and 192.168.0.52.  My 
/etc/ipsec.conf looks like this (see end of message).  I've tried with 
and without the leftsubnet and rightsubnet settings but I can't seem to 
get a netmask of 255.255.255.255 in the route tables.

I'm using debian 2.4.18-585tsc kernels and have applied the freeswan 
patches from the unstable distrobution (export PATCH_THE_KERNEL=YES and 
make-kpkg ...).

After starting ipsec with "/etc/init.d/ipsec restart", I get the 
following which seems incorrect.  Notice the netmasks are NOT 
255.255.255.255!!!

$ ipsec look
ned Fri Apr 12 13:31:32 EST 2002
ipsec0->eth0 mtu=16260(1500)->1500
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
0.0.0.0         192.168.0.2     0.0.0.0         UG       40 0          0 
eth0
192.168.0.0     0.0.0.0         255.255.255.0   U        40 0          0 
eth0
192.168.0.0     0.0.0.0         255.255.255.0   U        40 0          0 
ipsec0

$ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 
ipsec0
default         firewall.ctam.l 0.0.0.0         UG    0      0        0 eth0

$ cat /etc/ipsec.conf
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.

# basic configuration
config setup
   # THIS SETTING MUST BE CORRECT or almost nothing will work;
   # %defaultroute is okay for most simple cases.
   interfaces=%defaultroute
   # Debug-logging controls:  "none" for (almost) none, "all" for lots.
   klipsdebug=all
   plutodebug=all
   # Use auto= parameters in conn descriptions to control startup actions.
   plutoload=%search
   plutostart=%search
   # Close down old connection when new one using same ID shows up.
   uniqueids=yes

# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)
conn %default
   keyingtries=0
   disablearrivalcheck=no
   authby=rsasig
   #authby=secret
   leftrsasigkey=%dns
   rightrsasigkey=%dns

# VPN connection
# ned.ctam.com.au <-> homer.ctam.com.au
conn ned-homer
   # Left security gateway, subnet behind it, next hop toward right.
   left=192.168.0.52
   leftsubnet=192.168.0.52/32
   # Right security gateway, subnet behind it, next hop toward left.
   right=192.168.0.51
   rightsubnet=192.168.0.51/32
   # To authorize this connection, but not actually start it, at startup,
   # uncomment this.
   auto=add

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]