[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Please Help Me] FreeS-WAN Question (I has had a nervous breakdown..)



Hello List :

I'm trying to get FreeS-WAN working --- so far without success.  

i have been already tried it 5 days!!!!!! and i had surveyed many many website about freeswan.....

but my FreeS-SWAN still NOT Working NOW ........

My question is :
1. FreeS-WAN need use iptables or ipchains to forward ipsec package???
2. I dont have any FQDN in my FreeS-WAN server!!!! It doesn't matter??? 
3. i patched my 2.4.18 kernel for ipsec option !!!! however,i still need to use other kernel option  (alike : Networking options ---> <*>   IP: tunneling)
4. i "THINK"My ipsec.conf is correct! so that ipsec have been connected between Left-Freeswan and Right-Freeswan server


My VPN Environment :
++++HomeVPN Server+++++++++	    ++++School VPN Server++++++
+ 192.168.10.254 ---- 61.220.72.227+............. +61.228.14.226 ---- 192.168.8.66 +
+++++++++++++++++++++++++	 ++++++++++++++++++++++++
  |		   					  |
++++ClientA++++					+ +++ClientB++++
+192.168.10.222+    		     		            + 192.168.8.200 +
++++++++++++				             ++++++++++++
========================================
Home VPN Server :
eth0 => Public IP  : 61.220.72.227
eth1 => Private IP : 192.168.10.254

School VPN Server :
ppp0 => Public IP : 61.228.14.226
eth1  => Private IP : 192.168.8.99

ClientA : 192.168.10.222
ClientB : 192.168.8.200

My ISP Gateway is 61.220.72.254 in LEFT
My school Gateway is 61.231.216.254 in RIGHT
=========================================
#####My /etc/ipsec.conf#######
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn %default
        keyingtries=0
        disablearrivalcheck=no
        authby=rsasig

conn axahome-vpn2
leftid=@navigation.idv.tw
        leftrsasigkey=0sAQN9shuGWaYnFj.............==
        left=61.220.72.227
        leftsubnet=192.168.10.0/24
        leftnexthop=61.220.72.254

rightid=@vpn2.hinet.dail
        rightrsasigkey=0sAQNzY2gAwdeDde...........==
        right=61.228.14.226
        rightsubnet=192.168.8.0/24
        rightnexthop=61.231.216.254
auto=start

======================================

when i type " ipsec whack --status" on Home-VPN-Server and School-VPN-Server ! Result as following :


#####Home-VPN-Server######
axanet:/etc# ipsec whack --status
000 interface ipsec0/eth0 61.220.72.227
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1
000
000 "axahome-vpn2": 192.168.10.0/24===61.220.72.227[@navigation.idv.tw]---61.220.72.254...61.231.216.254---61.228.14.226[@vpn2.hinet.dail]===192.168.8.0/24
000 "axahome-vpn2":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "axahome-vpn2":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted
000 "axahome-vpn2":   newest ISAKMP SA: #4; newest IPsec SA: #2; eroute owner: #2
000 "axahome-vpn2":   ESP algorithms wanted: 3/000-1/000, 3/000-2/000,
000 "axahome-vpn2":   ESP algorithms loaded: 3/168-1/128, 3/168-2/160,
000
000 #3: "axahome-vpn2" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_EXPIRE in 273s
000 #2: "axahome-vpn2" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 22369s; newest IPSEC; eroute owner
000 #2: "axahome-vpn2" esp.49654542@61.228.14.226 esp.b4eec260@61.220.72.227 tun.1002@61.228.14.226 tun.1001@61.220.72.227
000 #4: "axahome-vpn2" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2165s; newest ISAKMP

#####School-VPN-Server#####
vpn2:~# ipsec whack --status
000 interface ipsec0/ppp0 61.228.14.226
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1
000
000 "axahome-vpn2": 192.168.8.0/24===61.228.14.226[@vpn2.hinet.dail]---61.231.216.254...61.220.72.254---61.220.72.227[@navigation.idv.tw]===192.168.10.0/24
000 "axahome-vpn2":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "axahome-vpn2":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: ppp0; erouted
000 "axahome-vpn2":   newest ISAKMP SA: #6; newest IPsec SA: #4; eroute owner: #4
000 "axahome-vpn2":   ESP algorithms wanted: 3/000-1/000, 3/000-2/000,
000 "axahome-vpn2":   ESP algorithms loaded: 3/168-1/128, 3/168-2/160,
000
000 #5: "axahome-vpn2" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 56s
000 #4: "axahome-vpn2" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 22424s; newest IPSEC; eroute owner
000 #4: "axahome-vpn2" esp.b4eec260@61.220.72.227 esp.49654542@61.228.14.226 tun.1004@61.220.72.227 tun.1003@61.228.14.226
000 #6: "axahome-vpn2" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 2584s; newest ISAKMP
000 #2: "axahome-vpn2" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 21866s
000 #2: "axahome-vpn2" esp.13a32d99@61.220.72.227 esp.49654541@61.228.14.226 tun.1002@61.220.72.227 tun.1001@61.228.14.226
===========================================================================


when i type " ipsec look" on Home-VPN-Server and School-VPN-Server ! Result as following :

######Home-VPN-Server######
axanet:/etc# ipsec look
axanet Wed Aug 14 01:47:27 CST 2002
192.168.10.0/24    -> 192.168.8.0/24     => tun0x1002@61.228.14.226 esp0x49654542@61.228.14.226  (0)
ipsec0->eth0 mtu=16260(1500)->1500
esp0x49654542@61.228.14.226 ESP_3DES_HMAC_MD5: dir=out src=61.220.72.227 iv_bits=64bits iv=0xefb5347086538fc6 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(15,0,0)
esp0xb4eec260@61.220.72.227 ESP_3DES_HMAC_MD5: dir=in  src=61.228.14.226 iv_bits=64bits iv=0xc7afbffa387d075d ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(15,0,0)
tun0x1001@61.220.72.227 IPIP: dir=in  src=61.228.14.226 policy=192.168.8.0/24->192.168.10.0/24 flags=0x8<> life(c,s,h)=addtime(15,0,0)
tun0x1002@61.228.14.226 IPIP: dir=out src=61.220.72.227 life(c,s,h)=addtime(15,0,0)
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         61.220.72.254   0.0.0.0         UG       40 0          0 eth0
192.168.8.0     61.220.72.254   255.255.255.0   UG       40 0          0 ipsec0
61.220.72.0     0.0.0.0         255.255.255.0   U        40 0          0 eth0
61.220.72.0     0.0.0.0         255.255.255.0   U        40 0          0 ipsec0


#####School-VPN-Server#####
vpn2:/# ipsec look
vpn2 Wed Aug 14 01:50:11 CST 2002
192.168.8.0/24     -> 192.168.10.0/24    => tun0x1004@61.220.72.227 esp0xb4eec260@61.220.72.227  (0)
ipsec0->ppp0 mtu=16260(1492)->1492
esp0x13a32d99@61.220.72.227 ESP_3DES_HMAC_MD5: dir=out src=61.228.14.226 iv_bits=64bits iv=0x0e71780ff5cba10a ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(15114,0,0)
esp0x49654541@61.228.14.226 ESP_3DES_HMAC_MD5: dir=in  src=61.220.72.227 iv_bits=64bits iv=0x536166d476f7744c ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(15114,0,0)
esp0x49654542@61.228.14.226 ESP_3DES_HMAC_MD5: dir=in  src=61.220.72.227 iv_bits=64bits iv=0xf8a89acee79c0767 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(15369,0,0)
esp0xb4eec260@61.220.72.227 ESP_3DES_HMAC_MD5: dir=out src=61.228.14.226 iv_bits=64bits iv=0xe2aae253f39ac516 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(15369,0,0)
tun0x1001@61.228.14.226 IPIP: dir=in  src=61.220.72.227 policy=192.168.10.0/24->192.168.8.0/24 flags=0x8<> life(c,s,h)=addtime(15114,0,0)
tun0x1002@61.220.72.227 IPIP: dir=out src=61.228.14.226 life(c,s,h)=addtime(15114,0,0)
tun0x1003@61.228.14.226 IPIP: dir=in  src=61.220.72.227 policy=192.168.10.0/24->192.168.8.0/24 flags=0x8<> life(c,s,h)=addtime(15369,0,0)
tun0x1004@61.220.72.227 IPIP: dir=out src=61.228.14.226 life(c,s,h)=addtime(15369,0,0)
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         61.231.216.254  0.0.0.0         UG       40 0          0 ppp0
192.168.10.0    61.231.216.254  255.255.255.0   UG       40 0          0 ipsec0
61.231.216.254  0.0.0.0         255.255.255.255 UH       40 0          0 ipsec0
61.231.216.254  0.0.0.0         255.255.255.255 UH       40 0          0 ppp0


Everything is smooth ! NOT any error show up when i type "ipsec whack --status" and "ipsec look"

BUT!!!!!!BUT when i use SSH connect from 192.168.10.222 to 192.168.8.200!!!!! IT IS NOT WORKING!!!!!

I dont know why?! because its not ANY error or warning show up !!!! and its not record any ERROR in /var/log/syslog  and /var/log/auth
so that , i CAN NOT debug it......

Anyone got ideas as to the nature/solution of this problem?  y_y

Oooo My God!!!!Please,Please Help me.....




-- 
Trust & Unique ... 
Axacheng's PGP Public Key   http://www.navigation.idv.tw/pgpkey




Reply to: