Hi, I am in the process of trying to configure IPSEC/Freeswan. I have downloaded the source for Freeswan 1.97 and patched my kernel 2.4.18 (on redhat 7.2).
Go it to reboot and it seems to be working (ipsec, pluto etc), configured the /etc/ipsec.conf file to test against their site oetest.freeswan.org. I can ping the site and point lynx towards it and view the web pages. I can also ping other none ipsec sites for eg www.yahoo.com.au. Now the linux box acts as firewall/NAT machine, so I tried to ping the test site from an inside/locallan machine, it worked. Now when I try and ping a non ipsec site, it gets no response. I have modified my iptables tables to MASQ against ipsec+ and allow traffic in and out. It works when I modify the ipsec.conf file to not allow any ipsec tunnels. I have used iptables to capture packets from inside machine <-> www.yahoo.com.au and it seems like the packet gets MASQ and for some reason it show up in the FORWARD table (un MASQ, strange, but does the same even when ipsec is down, ie NAT is working) Now I am presuming that I should be able to access non IPSEC sites/networks whilst at the same time accessing IPSEC sites/networks, can somebody confirm this ? The default is opportunistic, as in there is no defined end point, it just tries a connection to each site. Could this be the problem with pinging www.yahoo.com.au, could their firewall drop UDP 500 be the problem? My end result is I would like to be able to allow my laptop to connect to it via pre shared keys. But I want to have full NAT capabilities from the inside LAN. Thanks Alex -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
