Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] dynamic ip

From: Domany (I.H.Domany_at_t-online.de)
Date: Fri Jun 28 2002 - 14:05:13 CEST

Next message: Hanumanth Rao: "[Users] DUPLICATED PACKET ERROR"
Previous message: Cord Kielhorn: "Re: [Users] IPSEC header?"
Next in thread: Andreas Steffen: "[Users] Re: dynamic ip"
Reply: Andreas Steffen: "[Users] Re: dynamic ip"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hi andreas,

perhaps u can help me.

i try to use ipsec/freeswan according to your article in
c't 5/2002. I use the SuSE-distribution 8.0 with a compiled
FreeS/WAN (ipsec) implementation. As i understand SuSE,
the X.509 certifications are integrated:
"Dieses Paket enthält Unterstützung für X.509 Zertifikate, indem der Patch von
http://www.strongsec.com/freeswan/ integriert wurde".

I use a DSL-modem with dynamic-IP.

IF i start ipsec with "ipsec setup" i get the following messages:
ipsec_setup: WARNING: ipsec0 has route filtering turned on, KLIPS may not work
ipsec_setup: (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = `1', should be 0)
ipsec_setup: WARNING: ppp0 has route filtering turned on, KLIPS may not work
ipsec_setup: (/proc/sys/net/ipv4/conf/ppp0/rp_filter = `1', should be 0)

If i start ipsec with no(!) internet connection:
Jun 28 10:25:51 linux ipsec_setup: KLIPS debug `none'
Jun 28 10:25:52 linux ipsec_setup: KLIPS ipsec0 on ppp0
192.168.99.1/255.255.255.255 pointopoint 192.168.99.99
Jun 28 10:25:52 linux ipsec_setup: ...FreeS/WAN IPsec started
Jun 28 10:25:52 linux ipsec_setup: ^M^[[82C^[[10D^[[1;32mdone^[[m^O
Jun 28 10:25:53 linux ipsec__plutorun: /usr/lib/ipsec/_plutoload: fg: no job
control

If i start ipsec with (!) internet connection:
Jun 28 13:35:34 linux ipsec_setup: Starting FreeS/WAN IPsec 1.95...
Jun 28 13:35:47 linux ipsec_setup: KLIPS debug `none'
Jun 28 13:35:47 linux ipsec_setup: KLIPS ipsec0 on ppp0
80.128.75.250/255.255.255.255 pointopoint 217.5.98.9
Jun 28 13:35:47 linux ipsec_setup: WARNING: ipsec0 has route filtering turned
on, KLIPS may not work
Jun 28 13:35:47 linux ipsec_setup: (/proc/sys/net/ipv4/conf/ipsec0/rp_filter
= `1', should be 0)
Jun 28 13:35:47 linux ipsec_setup: WARNING: ppp0 has route filtering turned
on, KLIPS may not work
Jun 28 13:35:47 linux ipsec_setup: (/proc/sys/net/ipv4/conf/ppp0/rp_filter =
`1', should be 0)

I generated the private, ca and crtl key.

ipsec.secrets:
: RSA gatewayKey.pem Abc...

ipsec.conf:
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes
conn %default
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        left=%defaultroute
        leftid="C=DE, O=Kool AG, CN=gateway.kool.net"
conn roadwarrior
        right=%any
        auto=add

Mit herzlichem Dank voraus,
Heribert Domany

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Hanumanth Rao: "[Users] DUPLICATED PACKET ERROR"
Previous message: Cord Kielhorn: "Re: [Users] IPSEC header?"
Next in thread: Andreas Steffen: "[Users] Re: dynamic ip"
Reply: Andreas Steffen: "[Users] Re: dynamic ip"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST