Re: IPSec WinXP interop

To: Valentin Vidic <vvidic@public.srce.hr>
Cc: debian-security@lists.debian.org, users@mj2.freeswan.org
Subject: Re: IPSec WinXP interop
From: Antony Gelberg <antony@antgel.co.uk>
Date: Wed, 31 Dec 2003 14:23:28 +0000
Message-id: <[🔎] 20031231142328.GA9911@brain.pulsesol.com>
In-reply-to: <[🔎] 20031229025143.GA20339@brain.pulsesol.com>
References: <[🔎] 20031224004931.GA8747@brain.pulsesol.com> <[🔎] 20031225151839.GA1155@lastan> <[🔎] 20031226001823.GA19822@brain.pulsesol.com> <[🔎] 20031226005542.GA3533@lastan> <[🔎] 20031229025143.GA20339@brain.pulsesol.com>

Right, I've upgraded to freeswan 2.01 from backports.org.  This was
because the 1.96 that I was using from Woody didn't recognise the
leftprotoport and rightprotoport commands.  I apt-got the source,
grepped, and sure enough they weren't there.  This leads me to believe
that the 

But now I have a different problem.  Upon reboot (recompiled the kernel
with the 2.01 patch), I couldn't ssh in.  Doh!  I was just able to get
onsite, and there was a problem with the routing table.

Kernel IP routing table
Destination     Gateway         Genmask         Metric Ref    Use
Iface
localnet        *               255.255.255.240 0      0        0 eth1
localnet        *               255.255.255.240 0      0        0 ipsec0
10.0.0.0        *               255.0.0.0       0      0        0 eth0
default         195.54.235.73   128.0.0.0       0      0        0 ipsec0
128.0.0.0       195.54.235.73   128.0.0.0       0      0        0 ipsec0
default         195.54.235.73   0.0.0.0         0      0        0 eth1

What happens is that pings in or out cause the ipsec0 packet transmit
count to increase, and that's about it.  I had to /etc/init.d/stop ipsec
to get connectivity back.

I've googled a bit and don't see the answer.  Best I could come up with
was http://lists.virus.org/freeswan-0307/msg00363.html.  This states
that OE can cause freeswan to take over the default route.  But I don't
want OE, and I can't for the life of me work out how to switch it off.
I think it has something to do with the default policies that 1.96
didn't have, but I also can't work out how to switch them off.

A

Reply to:

Follow-Ups:
- Re: [Users] IPSec WinXP interop
  - From: Reinhold Plew <freeswan@aedon-its.de>
- Re: [Users] IPSec WinXP interop
  - From: Andreas Steffen <andreas.steffen@strongsec.net>

References:
- IPSec WinXP interop
  - From: Antony Gelberg <antony@antgel.co.uk>
- Re: IPSec WinXP interop
  - From: Valentin Vidic <vvidic@public.srce.hr>
- Re: IPSec WinXP interop
  - From: Antony Gelberg <antony@antgel.co.uk>
- Re: IPSec WinXP interop
  - From: Valentin Vidic <vvidic@public.srce.hr>
- Re: IPSec WinXP interop
  - From: Antony Gelberg <antony@antgel.co.uk>

Prev by Date: Re: Need recomendations for https proxy that serves as a firewall proxy
Next by Date: Re: Need recomendations for https proxy that serves as a firewall proxy
Previous by thread: Re: IPSec WinXP interop
Next by thread: Re: [Users] IPSec WinXP interop
Index(es):
- Date
- Thread