Hello evryone,
I'm trying to set up an IPSec Tunnel between 2 office using racoon.
One side is running PfSense, the other a custom linux based router.
The tunnel connects (phase 1 & 2 are ok) and I can ping the tunnel IP
addresses but can't get traffic across the internal subnets. So it
looks something like this (IP address are changed):
PfSense (Office 1):
- Ext IP: 98.76.54.32
- Int IP: 192.168.0.1/24
- IPSec IP: 172.16.0.2
Linux (Office 2):
- Ext IP: 12.34.56.78
- Int IP: 192.168.1.1/24
- IPSec IP: 172.16.0.1
my racoon.conf on the linux side looks like this (IPs changed again obviously):
path pre_shared_key "/etc/racoon/psk.txt" ;
remote anonymous
{
exchange_mode aggressive ;
my_identifier address 98.76.54.32 ;
lifetime time 24 hour ;
ike_frag on;
mode_cfg on;
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 12 hour ;
encryption_algorithm 3des, blowfish, des, rijndael ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
the IPSec status shows it connecting and I can ping the 172.16.0.2
address from the linux router but not the 192.168.0.1. I would assume
I need to add some routes, so I tried this:
ip route add 172.16.0.0/24 dev eth0
ip route add 192.168.0.0/24 via 172.16.0.2
but it didn't work. I'm not very familar with IPSec on linux but I've
been told there shouldn't be a new ethernet device listed. Any ideas
where I'm going wrong with this?
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
