[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

freeswan on testing/2.4.18 kernel



I'm trying to get FreeS/WAN working on two old Pentium machines which are on the same subnet. This is just for testing before I open the firewall to an FreeS/WAN IPSec server so that I can have a VPN from home to work :)

The two mahcines have an IP address of 192.168.51 and 192.168.0.52. My /etc/ipsec.conf looks like this (see end of message). I've tried with and without the leftsubnet and rightsubnet settings but I can't seem to get a netmask of 255.255.255.255 in the route tables.

I'm using debian 2.4.18-585tsc kernels and have applied the freeswan patches from the unstable distrobution (export PATCH_THE_KERNEL=YES and make-kpkg ...).

After starting ipsec with "/etc/init.d/ipsec restart", I get the following which seems incorrect. Notice the netmasks are NOT 255.255.255.255!!!


$ ipsec look
ned Fri Apr 12 13:31:32 EST 2002
ipsec0->eth0 mtu=16260(1500)->1500
Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.0.2 0.0.0.0 UG 40 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 ipsec0

$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.0.0     *               255.255.255.0   U     0      0        0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0 ipsec0
default         firewall.ctam.l 0.0.0.0         UG    0      0        0 eth0


$ cat /etc/ipsec.conf
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.



# basic configuration
config setup
   # THIS SETTING MUST BE CORRECT or almost nothing will work;
   # %defaultroute is okay for most simple cases.
   interfaces=%defaultroute
   # Debug-logging controls:  "none" for (almost) none, "all" for lots.
   klipsdebug=all
   plutodebug=all
   # Use auto= parameters in conn descriptions to control startup actions.
   plutoload=%search
   plutostart=%search
   # Close down old connection when new one using same ID shows up.
   uniqueids=yes



# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)
conn %default
   keyingtries=0
   disablearrivalcheck=no
   authby=rsasig
   #authby=secret
   leftrsasigkey=%dns
   rightrsasigkey=%dns



# VPN connection
# ned.ctam.com.au <-> homer.ctam.com.au
conn ned-homer
   # Left security gateway, subnet behind it, next hop toward right.
   left=192.168.0.52
   leftsubnet=192.168.0.52/32
   # Right security gateway, subnet behind it, next hop toward left.
   right=192.168.0.51
   rightsubnet=192.168.0.51/32
   # To authorize this connection, but not actually start it, at startup,
   # uncomment this.
   auto=add




--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: