I have an update and how-to install FreeSWan ...from SuSE 8.0 Pro
The install instructions are at the bottom of this doc..
Note:
I using the Linux:/# as the linux command prompt below
IPSec with FreeSWan as the server and SSH Sentinel 1.31 as the windows
client
Here is a working config for road warrior:
1.) I used PSK (or Pre-Shared Secret)
2.) Suse Linux 8.0 PRo
This is my LAB IPSec setup:
Windows 2000 Pro
Ip address 192.168.0.50 or private address , I have SSH Sentinel loaded on
my Win2K
Linux Box (Suse) Freeswan 1.96 complied (two nic)
Ip address 192.168.0.45 255.255.255.0 eth0
Ip address 10.1.1.1 255.255.255.0 eth1 (10.1.1.0/255.255.255.0)
Windows 98se Computer sitting on the eth1 segment
ip address 10.1.1.2 255.255.255.0
Gateway 10.1.1.1
I had to setup routing on my Linux box, I used this
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -j ACCEPT
-------------------------------------------------------
Firewall out on my eth0 or my so called WAN interface...is also works
iptables -I INPUT -i eth0 -p tcp --sport 1024: --dport 1723 -j ACCEPT
iptables -I INPUT -i eth0 -p udp --sport 67 --dport 68 -j ACCEPT
iptables -I INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
iptables -I INPUT -i eth0 -p udp --dport 5050 -j ACCEPT
iptables -I INPUT -i eth0 -p esp -j ACCEPT
iptables -I INPUT -i eth0 -p ah -j ACCEPT
iptables -I INPUT -i eth0 -p 47 -j ACCEPT
iptables -P INPUT DROP
----------------------------------------------------------------------------
---I was now able to ping from 10.1.1.2 to 192.168.0.50 when I brought up the tunnel.
Here is my IPSec config
config setup interfaces="%defaultroute" or "ipsec0=eth0" or "ipsec0=ppp0" klipsdebug=none plutodebug=none plutoload=%search plutostart=%search uniqueids=yes
conn %default keyingtries=1 authby=secret
conn tunnel-one type=tunnel left=192.168.0.45 or "%defaultroute" ---> ( my eth0 interface) leftnexthop= leftsubnet=10.1.1.0/255.255.255.0 --> (this is my eth1 segment) right= %any ---> (this is my windows 2000 pro box, with SSH Sentinel) keyexchange =ike ikelifetime= 240m pfs = yes keylife = 1h #rightsubnet = /255.255.255.0 rightnexthop = compress = no auto = add
------------------------------------------
Here is my ipsec.secrets config
192.168.0.45 %any: PSK "junk"
-------------------------------------------
Here is a map of my network
Win2KPro -----------> Linux (Ipsec) 192.168.0.50 192.168.0.45 eth0 (left) road warrior 10.1.1.1 eth1 (right) (10.1.1.0) (leftsubnet) ------> window98se (10.1.1.2) gateway 10.1.1.1
192.168.0.50 could be a DHCP or a private address , I just use that address in my lab. I used a ethernet crossover cable between my W2K pro and my Linux box. Remember that you must use the same pre-shared key "junk" when you configure SSH Sentinel. There is a section at the SSH Sentinel site that shows you how configure SSH Sentinel for pre-share key.
-------------------------------------------------------------
Note: make sure from the # and type in ifconfig [enter]
Linux:/#ifconfig
You should see an interface called ipsec0 (tunnel) and it should have the ip address of either the eth0 in my case or the ppp0 (DSL) interface. every case will differ.
----------------------------------------------------------------------
Installing FressSWAN
I would complete these steps from Xwindows, you will need to run ,make config (command line only) or make xconfig (which is a gui way of selecting the kernel options)
1.) Install Kernel source code first (2.4.18)
2.) Install FreeSwan from the Suse Cd
3.) cd/usr/src/ [enter]
4.) cd kernel-modules [enter]
5.) cd zz_freeswan [enter]
6.) make menugo [enter] The screen should start scrolling with kernel info
7.) then cd into this directory, cd/usr/src/linux then run make xconfig you should see the Liunx Kernel Configuration screen.
8.) Click under networking options
9.) Scroll to the bottom, you should see right after the Network testing all the IPSec section,if you don't, you will need to step back to option 5 and repeat 5,6,7.
10.)I use the default options(IPsec section) check, I would not change anything here
11.) once everything looks good in the kernel config , then click you wany back using the main menu button.
12.) Click save and exit button
13.)Then a box will appear Kernel build instructions and click OK
14.)The Menu box will disapear and drop you the command line.
15.)now do a, make dep [enter] (should take a few mins)
16.)now do a, make clean [enter] (should take a few seconds)
17.)now do a, make bzImage [enter] ( this could take awhile)
18.)now do a, make modules [enter] (this will take a long time,I have a 800 mhz with 512 megs of Ram and it takes me about 1 hours)
19.)now do a, make modules_install ( few seconds )
20.)now copy the bzImage file which is in this directory /usr/src/arch/i386/boot and copy it to /boot
Linux:/#cd /
Linux:/#cp /usr/src/arch/i386/boot/bzImage /boot/bzImage [enter] (note the letter I is captial and the rest is lowercase.
21.) Please verify the bzImage image with the date of when you complied the new kernel. (my size kernel is about 980,000 kb, about a meg in size)
Linux:/#ls -la [enter]
22.) you will need to enter this directory /etc
Linux:/#cd / Linux:/#cd /etc
23.) from the # type in Linux:/#pico lilo.conf [enter]
you will need to add another section at the bottom of this config.
image = /boot/bzImage label = IPSEC initrd = /boot/initrd.suse
then save your chages by doing a [alt][x] and say yes
24.)then you need to run one more command, lilo [enter]
Linux:/#lilo [enter]
Then re-boot and select IPSec as your kernel option.
_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST