IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Re: dynamic ip

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Fri Jun 28 2002 - 20:53:52 CEST

Hi Heribert,

I don't see in the log that conn road warrior is loaded at all. Haven't
you shown us the whole log? ipsec auto --status should show the loaded
connections.

Regards

Andreas

P.S. Why don't you shut off the rp_filter by executing

echo 0 > /proc/sys/net/ipv4/conf/ppp0/rp_filter

Domany wrote:
> hi andreas,
>
> perhaps u can help me.
>
> i try to use ipsec/freeswan according to your article in
> c't 5/2002. I use the SuSE-distribution 8.0 with a compiled
> FreeS/WAN (ipsec) implementation. As i understand SuSE,
> the X.509 certifications are integrated:
> "Dieses Paket enthält Unterstützung für X.509 Zertifikate, indem der Patch von
> http://www.strongsec.com/freeswan/ integriert wurde".
>
> I use a DSL-modem with dynamic-IP.
>
> IF i start ipsec with "ipsec setup" i get the following messages:
> ipsec_setup: WARNING: ipsec0 has route filtering turned on, KLIPS may not work
> ipsec_setup: (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = `1', should be 0)
> ipsec_setup: WARNING: ppp0 has route filtering turned on, KLIPS may not work
> ipsec_setup: (/proc/sys/net/ipv4/conf/ppp0/rp_filter = `1', should be 0)
>
> If i start ipsec with no(!) internet connection:
> Jun 28 10:25:51 linux ipsec_setup: KLIPS debug `none'
> Jun 28 10:25:52 linux ipsec_setup: KLIPS ipsec0 on ppp0
> 192.168.99.1/255.255.255.255 pointopoint 192.168.99.99
> Jun 28 10:25:52 linux ipsec_setup: ...FreeS/WAN IPsec started
> Jun 28 10:25:52 linux ipsec_setup: ^M^[[82C^[[10D^[[1;32mdone^[[m^O
> Jun 28 10:25:53 linux ipsec__plutorun: /usr/lib/ipsec/_plutoload: fg: no job
> control
>
> If i start ipsec with (!) internet connection:
> Jun 28 13:35:34 linux ipsec_setup: Starting FreeS/WAN IPsec 1.95...
> Jun 28 13:35:47 linux ipsec_setup: KLIPS debug `none'
> Jun 28 13:35:47 linux ipsec_setup: KLIPS ipsec0 on ppp0
> 80.128.75.250/255.255.255.255 pointopoint 217.5.98.9
> Jun 28 13:35:47 linux ipsec_setup: WARNING: ipsec0 has route filtering turned
> on, KLIPS may not work
> Jun 28 13:35:47 linux ipsec_setup: (/proc/sys/net/ipv4/conf/ipsec0/rp_filter
> = `1', should be 0)
> Jun 28 13:35:47 linux ipsec_setup: WARNING: ppp0 has route filtering turned
> on, KLIPS may not work
> Jun 28 13:35:47 linux ipsec_setup: (/proc/sys/net/ipv4/conf/ppp0/rp_filter =
> `1', should be 0)
>
> I generated the private, ca and crtl key.
>
> ipsec.secrets:
> : RSA gatewayKey.pem Abc...
>
> ipsec.conf:
> config setup
> interfaces=%defaultroute
> klipsdebug=none
> plutodebug=none
> plutoload=%search
> plutostart=%search
> uniqueids=yes
> conn %default
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> left=%defaultroute
> leftid="C=DE, O=Kool AG, CN=gateway.kool.net"
> conn roadwarrior
> right=%any
> auto=add
>
> Mit herzlichem Dank voraus,
> Heribert Domany
> 

-- 
======================================================================
Andreas Steffen                 e-mail: andreas.steffen_at_strongsec.com
strongSec GmbH                  phone:  +41 76 340 25 56
Alter Zürichweg 20              home:   http://www.strongsec.com
CH-8952 Schlieren (Switzerland)
==========================================[strong internet security]==

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST