IPSec (FreeS/WAN) anyone??

Federico Voges fvoges
Mon May 17 11:48:28 PDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I'm trying to setup a VPN between 2 Linux servers using FreeS/WAN
(network to network).

Right now, everything seems to ok (pluto says the tunnel is up, routes
looks ok, etc) except that not a single packet makes it through the
tunnel (ie. no ping).

First suspect was the firewall script (shorewall with all the settings
for ipsec), so I just dropped all rules on both severs and changed all
policies to ACCEPT (also checked for /proc/sys/net/ipv4/ip_forward =
1).

Here's my ipsec.conf (keys truncated for easy reading):
#### START ####
config setup
    interfaces=%defaultroute
    klipsdebug=none
    plutodebug=all
    plutoload=%search
    plutostart=%search

# defaults for subsequent connection descriptions
conn %default
    keyingtries=0
    disablearrivalcheck=no
    authby=rsasig


conn bue-nqn
    left=hoerbiger.ipdinamica.com       # Local vitals
    leftsubnet=192.168.10.0/24          #
    leftid=@bue.hoerbiger.com.ar        #
    leftrsasigkey=0sAQNMdaf0YJ00...
    leftnexthop=%defaultroute           # correct in many situations
    right=hoerbiger-nqn.ipdinamica.com  # Remote vitals
    rightsubnet=192.168.11.0/24         #
    rightid=@nqn.hoerbiger.com.ar       #
    rightrsasigkey=0sAQN2C0tZXXY...
    rightnexthop=%defaultroute          # correct in many situations
    auto=start                          # authorizes but doesn't start
this
                                        # connection at startup

#### END ####

Notes, both ens are connected to internet with ADSL using dynamic IP,
that's why I used hostnames instead of IPs. That shouldn't be a problem
(at least until one of the ends gets a new IP).

I have the logs from both servers as well as some info from route,
ipsec, etc. If you can help, just tell me what you need and I'll send
it.

TIA!

Federico Voges
Socio gerente

Intrasoft
Malabia 2137 14 A
(1425) Buenos Aires
Argentina

Te/Fax: 54-11-4833-5182
e-mail: fvoges at intrasoft.com.ar
Web: http://www.intrasoft.com.ar

-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 3.0

iQA/AwUBPu4v/hRcJRaVKt4XEQKNSQCfQekLDol+SgC9jzn9CBBHUl6eVPAAn0Wc
3/NQnkWI55TYr4r0xhnMvD54
=CsCJ
-----END PGP SIGNATURE-----

More information about the Linux-users mailing list