[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

freeswan on testing/2.4.18 kernel

I'm trying to get FreeS/WAN working on two old Pentium machines which are on the same subnet. This is just for testing before I open the firewall to an FreeS/WAN IPSec server so that I can have a VPN from home to work :)

The two mahcines have an IP address of 192.168.51 and My /etc/ipsec.conf looks like this (see end of message). I've tried with and without the leftsubnet and rightsubnet settings but I can't seem to get a netmask of in the route tables.

I'm using debian 2.4.18-585tsc kernels and have applied the freeswan patches from the unstable distrobution (export PATCH_THE_KERNEL=YES and make-kpkg ...).

After starting ipsec with "/etc/init.d/ipsec restart", I get the following which seems incorrect. Notice the netmasks are NOT!!!

$ ipsec look
ned Fri Apr 12 13:31:32 EST 2002
ipsec0->eth0 mtu=16260(1500)->1500
Destination Gateway Genmask Flags MSS Window irtt Iface UG 40 0 0 eth0 U 40 0 0 eth0 U 40 0 0 ipsec0

$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface     *        U     0      0        0 eth0 * U 0 0 0 ipsec0
default         firewall.ctam.l         UG    0      0        0 eth0

$ cat /etc/ipsec.conf
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.

# basic configuration
config setup
   # THIS SETTING MUST BE CORRECT or almost nothing will work;
   # %defaultroute is okay for most simple cases.
   # Debug-logging controls:  "none" for (almost) none, "all" for lots.
   # Use auto= parameters in conn descriptions to control startup actions.
   # Close down old connection when new one using same ID shows up.

# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)
conn %default

# VPN connection
# ned.ctam.com.au <-> homer.ctam.com.au
conn ned-homer
   # Left security gateway, subnet behind it, next hop toward right.
   # Right security gateway, subnet behind it, next hop toward left.
   # To authorize this connection, but not actually start it, at startup,
   # uncomment this.

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: