Ok - here's the situation. I'm looking doing some work from home, so I
want to VPN my home network with my lab network at work. Here's the
setup:
Both networks are basically the same in setup. They look like:
linux workstations <--> linux masqing box <--> internet
On the home network, I use an internal class C network: 192.168.2.0/24
and at work we use 192.168.1.0/24.
My ipsec.conf on each side looks like the following:
config setup
interfaces="ipsec0=eth1"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=0
disablearrivalcheck=yes
authby=rsasig
conn panam-cole
left = 63.127.199.26
leftsubnet = 192.168.2.0/24
leftnexthop = 63.127.199.25
leftrsasigkey = 0sAQNkta3 [snipped for brevity]
right = 209.187.117.100
rightsubnet = 192.168.1.0/24
rightnexthop = 209.187.117.65
rightrsasigkey=0sAQPBb4 [snipped for brevity]
auto = start
One thing I should mention is that the kernel patches I'm using are for
freeswan 1.96 and freeswan itself is 1.99. Before anybody jumps on me
TOO much about that, I'll say this. It was working. 8)
Both machines that are VPNs are also NATing for their internal
networks. I'm making sure that it is not NATing for the private
networks by adding a -d ! 192.168.0.0/16 into the nat rule. I'm using
kernel 2.4.18 with iptables.
Like I said before, it's rather peculiar because it *was* working. I
had to finish assembling the box here at Pan Am so I took it down. When
it came back up, the logs claim that the ipsec connection is active, and
if I turn on klipsdebug to all I can see that "something is happening",
but my pings and ssh's don't make it through.
Any thoughts on what could be wrong? Or even what to do as a next
diagnostic step?
--
"... one of the main causes of the fall of the Roman Empire was that,
lacking zero, they had no way to indicate successful termination of
their C programs." -- Robert Firth
Cole Tuininga
Lead Developer
Code Energy, Inc
[EMAIL PROTECTED]
PGP Key ID: 0x43E5755D
_______________________________________________
gnhlug-discuss mailing list
[EMAIL PROTECTED]
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
