Hi there
I'm using redhat 8.0, a custom 2.4.18-27.8.0 kernel and
Linux FreeS/WAN 2.00
See `ipsec --copyright' for copyright information.
X.509-1.3.5 distributed by Andreas Steffen <[EMAIL PROTECTED]>
installed.
I have an internal network on 10.x.x./24, and a public IP address on PPP0
which is a PCI ADSL card (pppoatm)
I'd like to be able to set up network-network connections, and roadwarrior
connections at some point in the future.
I can't get pluto to detect and accept the use of the interfaces I have,
I've tried a few different bits of config to achieve this:
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=all
plutodebug=all
interfaces=%defaultroute
#interfaces="ipsec0=eth0 ipsec1=ppp0"
plutoopts="--interface ppp0"
Neither of these work, they both produce a fairly similar error which at
present looks like:
Jul 31 23:49:50 ponsonby ipsec_setup: KLIPS debug `all'
Jul 31 23:49:51 ponsonby ipsec_setup: KLIPS ipsec0 on ppp0
62.49.xx.yy/255.255.255.255 pointopoint 213.120.aa.bb
Jul 31 23:49:52 ponsonby ipsec_setup: ...FreeS/WAN IPsec started
Jul 31 23:49:55 ponsonby ipsec__plutorun: 003 no public interfaces found
Jul 31 23:49:55 ponsonby ipsec__plutorun: 022 "packetdefault": we have no
ipsecN interface for either end of this connection
Jul 31 23:49:55 ponsonby ipsec__plutorun: ...could not route conn
"packetdefault"
<snip>
Jul 31 23:49:56 ponsonby ipsec__plutorun: 022 "private": we have no ipsecN
interface for either end of this connection
Jul 31 23:49:56 ponsonby ipsec__plutorun: ...could not route conn "private"
The interface does use some odd addressing/masking but it exists:
[EMAIL PROTECTED] root]# ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:62.49.xx.yy P-t-P:213.120.aa.bb Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1458 Metric:1
RX packets:6023094 errors:0 dropped:0 overruns:0 frame:0
TX packets:4179892 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2791622825 (2662.2 Mb) TX bytes:225408373 (214.9 Mb)
I've read a number of mails of people who've had this problem - none of them
seem to give me the answer :)
http://frell.ambush.de/archives/freeswan-users/5718.html
http://www.sandelman.ottawa.on.ca/linux-ipsec/html/2001/07/msg00723.html
I found this in the documentation
http://www.freeswan.nl/freeswan_trees/freeswan-2.00-rc1/doc/faq.html#no.inte
rface
which suggests I have should need ipsec0 to have the same addressing as ppp0
(is that correct?)
[EMAIL PROTECTED] root]# ifconfig ipsec0
ipsec0 Link encap:Point-to-Point Protocol
inet addr:62.49.xx.yy Mask:255.255.255.255
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
My routing table is:
[EMAIL PROTECTED] root]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
213.120.aa.bb 0.0.0.0 255.255.255.255 UH 40 0 0
ppp0
213.120.aa.bb 0.0.0.0 255.255.255.255 UH 40 0 0
ipsec0
10.0.0.0 0.0.0.0 255.255.255.0 U 40 0 0
eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 213.120.aa.bb 0.0.0.0 UG 40 0 0
ppp0
[EMAIL PROTECTED] root]# ipsec verify
Checking your system to see if IPsec got installed and started correctly
Version check and ipsec on-path [OK]
Checking for KLIPS support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Unknown pluto state, not listening on port udp 500 Unknown pluto
state, not listening on port udp 500 DNS checks.
Looking for forward key for ponsonby [NO KEY]
Does the machine have at least one non-private address [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADING
I'm a bit confused by what you're supposed to use for 'left' and 'right'.
My external IP resolves to hostname.domainname.co.uk. I've got an internal
DNS environment which uses "hostname.domainname.co.uk" as the zone, so for
example this host (the firewall and ipsec) machine has interfaces of:
eth0 = ponsonby.hostname.ispdomain.co.uk (its inside address, resolvable off
internal dns), and
ppp0 = hostname.ispdomain.co.uk.uk (its outside address, which is internet
resolvable, but I can't change any DNS data for the internet side. I have
the correct (internet) a record for "hostname.ispdomain.co.uk", in my
internal DNS)
hostname gives "ponsonby", is this going to affect any configuration which
freeswan/ipsec is using ??
Can anyone help me with this type of config ?
Gavin Davenport
