IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Newbie question...? Connection ipsec0 over wireless...

From: beh_at_icemark.net
Date: Mon Mar 18 2002 - 23:19:58 CET

Hi there,

  I am having some trouble getting FreeS/WAN to work on my
system. The intended use is to run IPsec over a wireless lan.

I have managed to make the two systems talk to each other, and
also, the connection can be brought up - the routes set on the
wireless client look a little strange to me, and if I ping from the
server to the wireless client, I can see the ping packets arrive at
the wireless client (using tcpdump ipsec0), but the response
packets are seemingly lost - at least, tcpdump ipsec0 on the server
only sees packets leaving for the other side, but never receiving
anything...

This is the configuration used:

    # basic configuration
    config setup
            # THIS SETTING MUST BE CORRECT or almost nothing will work;
            # %defaultroute is okay for most simple cases.
            interfaces="ipsec0=eth1"
            # Debug-logging controls: "none" for (almost) none, "all" for lots.
            klipsdebug=none
            plutodebug=none
            # Use auto= parameters in conn descriptions to control startup actions.
            plutoload=%search
            plutostart=%search
            # Close down old connection when new one using same ID shows up.
            uniqueids=yes

    # defaults for subsequent connection descriptions
    # (mostly to fix internal defaults which, in retrospect, were badly chosen)
    conn %default
            pfs=yes
            type=tunnel
            keylife=2h
            keyingtries=0
            disablearrivalcheck=no
            authby=rsasig
            auto=add

    conn bere-wireless
            # Left security gateway, subnet behind it, next hop toward xxx.
            leftid=@berenium.internal.icemark.net
            left=192.168.221.233
            leftsubnet=212.40.16.212/32
            #leftsubnet=192.168.0.0/24
            #leftnexthop=10.101.102.103
            # RSA 2048 bits berenium Sun Mar 17 23:08:53 2002
            leftrsasigkey=[...keydata...]
            # Right security gateway, subnet behind it, next hop toward left.
            rightid=@varuleon.internal.icemark.net
            right=192.168.221.247
            rightsubnet=0.0.0.0/0
            # RSA 2048 bits varuleon Sun Mar 17 23:09:53 2002
            rightrsasigkey=[...keydata...]

The route table on the client end looks like this, if the
connection is brought up:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.234.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
192.168.235.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
192.168.221.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.221.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0
0.0.0.0 192.168.221.247 128.0.0.0 UG 0 0 0 ipsec0
128.0.0.0 192.168.221.247 128.0.0.0 UG 0 0 0 ipsec0
0.0.0.0 192.168.221.247 0.0.0.0 UG 0 0 0 eth1

Any clue, where ther two cidr /1 routes to IPsec come from? Also,
why isn't the default route set to ipsec0?

Any idea, how I can make this work?

If further information is needed, please let me know...

     Benedikt

  BEAUTY, n. The power by which a woman charms a lover and terrifies a
    husband.
                        (Ambrose Bierce, The Devil's Dictionary)

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:45 CEST