I gave that a shot and I appear to have broken something.
Let me start at the begining...
My working wireless configuration from the laptop
looks like the following
laptop% route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
172.16.166.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
172.16.13.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth1
eth0 is down. The vmnet's are for vmware and they are attached to
eth0.
On the ap it looks like this...
ap% route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 1 0 0 eth0
ap% ifconfig
eth0 Link encap:Ethernet HWaddr 00:40:33:D3:06:99
inet addr:192.168.1.15 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:85138 errors:0 dropped:0 overruns:0 frame:0
TX packets:342825 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0x6f00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:467 errors:0 dropped:0 overruns:0 frame:0
TX packets:467 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
wlan0 Link encap:Ethernet HWaddr 00:05:5D:F0:FC:CC
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10832 errors:0 dropped:0 overruns:0 frame:0
TX packets:7791 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:5 Base address:0x100
I'm behind a NAT'ing firewall with a private domain of 192.168.1.0
and the wireless is being NAT'ed once again by the ap machine and
it's on a 192.168.2.0 network.
Through guessed configurations I was able to get ipsec to a point
where I could ping the wlan0 interface from my wireless eth1 interface
but was unable to get any further. I think I've mangled the
ipsec.conf file to a point were I need to start over.
Am I even able to NAT the ipsec through the eth0 or is this wrong? Does
it do it's own NATing?
Thanks for reading my ramble,
Brad
On Fri, 2002-03-29 at 12:31, Nate Carlson wrote:
> On 29 Mar 2002, Brad Colbert wrote:
> > What I would like to do it run IPSec on the wireless link between the
> > laptop and the Linux AP. I've found no examples that I can decipher
> > that represent my setup. My ipsec.conf entries on both machines look
> > like the following:
>
> This works fine for me on a Road-Warrior type setup.. so on the AP box,
> it'd be 'right=%any' instead of right=<ip>.. this way, it won't add the
> route for it until you connection, so you can pass ipsec through before
> the link comes up.
>
> If this doesn't work, give us more debug info from your logs. :)
>
> ----------------------------------------------------------------------
> | nate carlson | natecars_at_natecarlson.com |
> | brainbench mvp for linux admin -- http://www.brainbench.com |
> ----------------------------------------------------------------------
>
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:47 CEST