Hey all I'm having some difficulty setting up a VPN between 2 LRP boxes.
They are both running Dachstein RC1 with the patched kernel, IPSec 1.5 and
Seawall. Here's a quick lil diagram of the network layout (sorry if its not
very good but it should convey the necessary info).
|-----------------|
| 192.168.2.0/24 |-> 24.156.190.xxx -> 24.156.190.1 -> Internet
|-----------------| eth0 gateway |
V
P
N
|-----------------| |
| 192.168.1.0/24 |-> 24.42.252.xxx -> 24.42.252.140 -> Internet
|-----------------| eth0 gateway
if at all possible I'd like to set up a VPN between these 2 subnets, and I
think I've configured it properly but I still can't ping hosts on either.
At boot up I can run ipsec manual --up simon_andrew and it doesn't generate
any errors and the routing table looks okay:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
192.168.1.0 24.156.190.1 255.255.255.0 UG 0 0 0
ipsec0
24.156.190.0 * 255.255.254.0 U 0 0 0 eth0
24.156.190.0 * 255.255.254.0 U 0 0 0
ipsec0
default 24.156.190.1 0.0.0.0 UG 0 0 0 eth0
The routing table looks fine on the other box as well. The proper ports are
open (UDP 500, proto's 50 & 51) on both ends. I'm wondering if it has
something to do with my config or if this kind of setup is not possible.
ipsec.conf:
<snip>
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces="ipsec0=eth0"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=all
plutodebug=all
# Use auto= parameters in conn descriptions to control startup
actions.
plutoload=%search
plutostart=%search
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# Parameters for manual-keying testing (DON'T USE OPERATIONALLY).
# Note: only one test connection at a time can use these
parameters!
spi=0x200
esp=3des-md5-96
espenckey=0x01234567_89abcdef_02468ace_13579bdf_12345678_9abcdef0
espauthkey=0x12345678_9abcdef0_2468ace0_13579bdf
# If RSA authentication is used, get keys from DNS.
leftrsasigkey=%dns
rightrsasigkey=%dns
# sample connection
conn simon_andrew
# Left security gateway, subnet behind it, next hop toward right.
left=24.156.190.43
leftsubnet=192.168.2.0/24
leftnexthop=24.156.190.1
leftfirewall=yes
# Right security gateway, subnet behind it, next hop toward left.
right=24.42.252.140
rightsubnet=192.168.1.0/24
rightnexthop=24.252.140.129
rightfirewall=yes
# Authorize this connection, but don't actually start it, at
startup.
auto=add
# To use RSA authentication (not legal in US until 20 Sept 2000),
# uncomment this next line.
#authby=rsasig
Any and all help would be greatly appreciated.
Simon
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
