From: Maria Backlund (Maria.Backlund_at_kiconsulting.se)
Date: Mon Aug 19 2002 - 10:14:09 CEST
Thanks for the help, we'll continue working on it later today. The link you sent us does unfortunatly not seem to work, could you please correct it and send it to us again?
Maria
-----Ursprungligt meddelande-----
Från: Sam Sgro [mailto:sam_at_freeswan.org]
Skickat: den 18 augusti 2002 23:00
Till: Maria Backlund
Kopia: users_at_lists.freeswan.org
Ämne: Re: [Users] ipsec with FreeS/Wan on Redhat
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 16 Aug 2002, Maria Backlund wrote:
> We have a network with a structure as below:
>
> 192.168.2.1 (client1)
> |
> 192.168.2.0 / 192.168.1.10 (server1)
> |
> 192.168.1.20 / 192.168.0.20 (gateway)
> |
> hub - 192.168.0.10 (server2)
> |
> 192.168.0.11 (client2)
>
> We've installed FreeS/Wan1.98 on both servers (where we use Redhat
> 7.2) and are now trying to set up a tunnel between them. We've tried
> to configure the ipsec.conf file but when we start ipsec the tunnel
> isn't created. A part of our ipsec.conf-file is:
> conn sample
> # left security gateway (public-network address)
> left=192.168.1.10
> # next hop to reach right
> leftnexthop=192.168.1.20
> # subnet behind left (omit if there is no subnet)
> leftsubnet=192.168.2.0/24
> # right s.g., subnet behind it, and next hop to reach left
> right=192.168.0.10
> rightnexthop=192.168.0.20
> rightsubnet=192.168.0.0/24
> auto=start
Unless you wish server1 and server2 to protect communication between machines
other than themselves, you shouldn't use the leftsubnet/rightsubnet parameters.
> We are not sure if this is correct for our network and would
> appreciate all suggestions. Once the ipsec.conf-file is ok, do we have
> to configure the ipsec.secrets as well? And how do we get the secure
> connection started? Should the tunnel be created automatically when we
> start ipsec, if all adjustments has been made correctly or do we have
> to start the tunnel manually? We've searched for info everywhere but
> can't seem to find a straight forward explanation... Hope you can
> help!
You still haven't exchanged authentication information; read this document:
http://www.freeswan.org/freeswan_trees/CURRENT-SNAP/doc/config.html
The "net-to-net" section is relevant, however you don't need to
include left/rightid or left/rightsubnet.
Use "ipsec showhostkey --left" on 192.168.1.10, and "ipsec showhostkey
- --right" on 192.168.0.10. Paste the output into the connection, and copy it to
both machines.
You should rename the connection to something other than "sample".
With auto=start, the tunnel will be brought up as freeswan boots. For testing,
use auto=add, and bring the connection up manually to see that it suceeds.
Read the config document for additional instructions.
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPWAKvkOSC4btEQUtAQGZjgP+JCMJP8VQDfuV/8wH6w0a9WzUNSQpq8o6
NzwluW5hnqlTD0NJtY9TN9ko9NTUR/xaTCEV6QZ41fh2PDYQlxCgf2ww1KwdhIsX
Vyvs18+nNCqe3Ax0Bp6h+hScX7XiBvweD178C8ub8rDh+tjyJ5zzMBesj0UScxRh
GH0J/vbjbqI=
=HEZI
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Mon Aug 19 2002 - 12:19:46 CEST