|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
[Users] road warrior
Date: Sun Apr 27 2003 - 02:22:08 EDT
Hi all !
Not easy that freeswan but it’s free ☺
Here is my problem
192.168.10.101 -]
eth1 -]Linux box
111.111.111.1 -]
cable modem
INTERNET 222.222.222.1 Cisco
222.222.222.4 Linux box
What I would like is 222.222.222.4 to be a road warrior that has a static ip to be able to ping 192.168.10.101 and if possible the old subnet but iptables will be involved so ...
111.111.111.1 is cable modem on eth1 192.168.10.101 is Linux box Freeswan iptables 222.222.222.1 is cisco router 222.222.222.4 is linux ( freeswan )
Freeswan on 192.168.10.101 or 111.111.111.1 Gateway conn vpn
left=111.111.111.1
leftid=@111.cable.com
leftsubnet=192.168.10.0/24
leftrsasigkey=0sAQO7YRcF
rightnexthop=222.222.22.1
right=222.222.222.4
rightid=@222.modem.com
rightrsasigkey=0sAQOhgW$
auto=add
conn vpn
left=222.222.222.4
leftnexthop=%defaultroute
leftid=@222.modem.com
leftrsasigkey=0sAQOhgW
right=111.111.111.1
rightsubnet=192.168.10.0/24
rightid=@111.cable.com
rightrsasigkey=0sAQO7YRcF
auto=add
Apr 27 01:07:46 111.111 ipsec_setup: ...FreeS/WAN IPsec started
Apr 27 01:07:46 111.111 pluto[9842]: added connection description "vpn"
Apr 27 01:07:46 111.111 pluto[9842]: listening for IKE messagesApr 27 01:07:46 111.111 pluto[9842]: adding interface ipsec0/eth0 111.111.111.1
Apr 27 01:07:46 111.111 pluto[9842]: loading secrets from "/etc/ipsec.secrets"
Apr 27 01:08:07 111.111 pluto[9842]: "vpn" #1: responding to Main Mode
Apr 27 01:08:13 111.111 pluto[9842]: "vpn" #1: sent MR3, ISAKMP SA established
Apr 27 01:08:17 111.111 pluto[9842]: "vpn" #2: responding to Quick Mode
Apr 27 01:08:21 111.111. pluto[9842]: "vpn" #2: route-client output: SIOCADDRT: Network is unreachable
Apr 27 01:08:21 111.111 pluto[9842]: "vpn" #2: route-client output: /usr/local/lib/ipsec/_updown: `route add -net 222.222.222.4 netmask 255.255.255.255 dev ipsec0 gw 222.222.222.4' failed
Apr 27 01:08:21 111.111 pluto[9842]: "vpn" #2: route-client output: /usr/local/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
But if I change ipsec.conf for gateway to gateway it works I able to ping subnet to subnet
Subnet are 192.168.10.0/24 on left side and 192.168.20.0/24 on the on right side but a can't ping Gateway to gateway just like the doc state :)
Now
The doc on web site
But if I put it like this it complain about %defaultroute
-On your laptop, copy this template to /etc/ipsec.conf. (on Mandrake, /etc/freeswan/ipsec.conf). Substitute -- -the information you've gathered for our example data.
-conn road
- left=%defaultroute # Picks up our dynamic IP
- leftnexthop=%defaultroute #
- leftid=@road.example.com # Local information
- leftrsasigkey=0sAQPIPN9uI... #
- right=1.2.3.4 # Remote information
- rightsubnet=42.42.42.0/24 #
- rightid=@xy.example.com #
- rightrsasigkey=0sAQOnwiBPt... #
- auto=add # authorizes but doesn't start this # connection at startupThe template for the gateway is different. Notice -- -how it reverses left and right, in keeping with our convention that Left is Local, Right Remote. Be sure to --switch your rsasigkeys in keeping with this.
- ssh2 xy.example.com
- vi /etc/ipsec.confand add:
-conn road - left=1.2.3.4 # Gateway's information - leftid=@xy.example.com # - leftsubnet=42.42.42.0/24 # - leftrsasigkey=0sAQOnwiBPt... # - rightnexthop=%defaultroute # correct in many situations - right=%any # Wildcard: we don't know the laptop's IP - rightid=@road.example.com # - rightrsasigkey=0sAQPIPN9uI... # - auto=add # authorizes but doesn't start this - # connection at startup
Any help would be appreciated working on this for the past 3 day and I'm out of ideals
Thanks
Guinou
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users Received on Sun Apr 27 04:14:05 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:01:28 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |