Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Re: [Bugs] FS 1.97 and Virtual IP's

From: Mike Thomas (mike_at_bedarra.com)
Date: Tue Jun 11 2002 - 20:50:14 CEST

Next message: Jean-Francois Nadeau: "RE: [Users] Cisco VPN Cliente for Windows"
Previous message: Isamp: "[Users] Cisco VPN Cliente for Windows"
In reply to: Michael Richardson: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Next in thread: Michael Richardson: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Reply: Michael Richardson: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> {Please keep me on the CC, as I do not read users@ regularly}
>
> >>>>> "Mike" == Mike Thomas <mike_at_bedarra.com> writes:
> Mike> Hello,
>
> Mike> I believe a bug or incompatibility exists between FS and
systems with
> Mike> Virtual IP's that are on a different net than the default
gateway:
>
> Mike> The scenario:
>
> Mike> eth0: 198.64.129.55 Bcast:198.64.129.63 Mask:255.255.255.192
> Mike> eth0:1 198.64.133.69 Bcast:198.64.133.255
Mask:255.255.255.252
> Mike> eth0:1 198.64.133.70 Bcast:198.64.133.255
Mask:255.255.255.252
>
> Mike> I am attempting to run FS on eth0:1 (I cannot use eth0 as my
provider does
> Mike> not guarantee the ip will not change), ipsec.conf contains:
>
> Mike> interfaces=ipsec0=eth0:1
> Mike> leftnexthop=198.64.129.1
>
> Okay, basic things:
> 1) there is nothing in KLIPS that prevents you from layering ipsec0
> on top of "eth0". You can specify "left=198.64.133.69" in the conn
> just fine, and it will work.

I am using left=198.64.133.69 as left, do you mean use eth0 as the
interface?

here is the full ipsec.conf:

config setup
        # THIS SETTING MUST BE CORRECT or almost nothing will work;
        # %defaultroute is okay for most simple cases.
        interfaces=ipsec0=eth0:1
        #interfaces=%defaultroute
        # Debug-logging controls: "none" for (almost) none, "all" for lots.
        klipsdebug=none
        plutodebug=all
        # Use auto= parameters in conn descriptions to control startup
actions.
        plutoload=%search
        plutostart=%search
        # Close down old connection when new one using same ID shows up.
        uniqueids=yes

# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
        keyingtries=0
        disablearrivalcheck=no
        authby=rsasig
        left=198.64.133.69
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        leftid="@C=CA, ST=Ontario, O=Bedarra, CN=FS Gateway"
        leftnexthop=198.64.133.70

conn gateway
        right=%any
        rightid="@C=CA, ST=Ontario, O=Bedarra, CN=FS Client"
        auto=add

>
> 2) except that pluto won't listen on all interfaces.
>
> If we could just fix #2, then you wouldn't have a problem, I think.
>

Mike.

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Jean-Francois Nadeau: "RE: [Users] Cisco VPN Cliente for Windows"
Previous message: Isamp: "[Users] Cisco VPN Cliente for Windows"
In reply to: Michael Richardson: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Next in thread: Michael Richardson: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Reply: Michael Richardson: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:13 CEST