Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Working Road Warrior Config

From: Brian (blanda_at_mnsi.net)
Date: Sat Jun 29 2002 - 03:34:19 CEST

Next message: james tan: "[Users] Questions on Freeswan"
Previous message: Linas Vepstas: "Re: [Users] running freeswan as user nobody - anyone?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

IPSec with FreeSWan as the server and SSH Sentinel 1.31 as the windows
client

Here is a working config for road warrior:

1.) I used PSK (or Pre-Shared Secret)

2.) Suse Linux 8.0 PRo

This is my LAB IPSec setup:

Windows 2000 Pro
Ip address 192.168.0.50 or private address , I have SSH Sentinel loaded on
my Win2K

Linux Box (Suse) Freeswan 1.96 complied (two nic)
Ip address 192.168.0.45 255.255.255.0 eth0
Ip address 10.1.1.1 255.255.255.0 eth1 (10.1.1.0/255.255.255.0)

Windows 98se Computer sitting on the eth1 segment
ip address 10.1.1.2 255.255.255.0
Gateway 10.1.1.1

I had to setup routing on my Linux box, I used this

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -j ACCEPT

I was now able to ping from 10.1.1.2 to 192.168.0.50

Here is my IPSec config

config setup
       interfaces="ipsec0=eth0"
       klipsdebug=none
       plutodebug=none
       plutoload=%search
       plutostart=%search
       uniqueids=yes

conn %default
keyingtries=1
authby=secret

conn tunnel-one
      type=tunnel
      left=192.168.0.45 ( my eth0 interface)
      leftnexthop=
      leftsubnet=10.1.1.0/255.255.255.0 (this is my eth1 segment)
      right= %any (this is my windows 2000 pro box, with SSH
Sentinel)
      keyexchange =ike
      ikelifetime= 240m
      pfs = yes
      keylife = 1h
      #rightsubnet = /255.255.255.0
      rightnexthop =
      compress = no
      auto = add

------------------------------------------

Here is my ipsec.secrets config

192.168.0.45 %any: PSK "junk"

-------------------------------------------

Here is a map of my network

Win2KPro -----------> Linux (Ipsec)
192.168.0.50 192.168.0.45 eth0 (left)
road warrior 10.1.1.1 eth1
(right) (10.1.1.0) (leftsubnet) ------> window98se
(10.1.1.2) gateway 10.1.1.1

192.168.0.50 could be a DHCP or a private address , I just use that address
in my lab.
I used a ethernet crossover cable between my W2K pro and my Linux box.
Remember that you must use
the same pre-shared key "junk" when you configure SSH Sentinel. There is a
section at the SSH Sentinel
site that shows you how configure SSH Sentinel.

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: james tan: "[Users] Questions on Freeswan"
Previous message: Linas Vepstas: "Re: [Users] running freeswan as user nobody - anyone?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST