From: Ken Bantoft (ken_at_freeswan.ca)
Date: Thu Oct 10 2002 - 21:34:05 CEST
On Thu, 10 Oct 2002, Bing Zhang wrote:
> I have two linux boxes that are my gateway and router. Both are running NAT
> and firewall. One is running FreeSwan 1.98b and iptables, the other one is
> freeswan 1.5 with ipchains. They are going to use pre-shared secrets.
>
> On the 1.98b one, if I do ipsec verify, it complains that ipchains is
> missing. I think this is not critical as long as I open port 500 and
> protocol 50, 51 inside my iptables.
It's a bug - it means you have /etc/sysconfig/ipchains (probably empty) so
FreeS/WAN checks for ipchains modules.
> Basically I want to ask whether this is possible if both ends are using NAT?
> Any sample configs and catches I need to pay attention? I set it up and it
> is not working, :-(. I want to debug it, but do not know how to proceed it.
If they are the NAT boxes (ie: IP Masquerading) then yes, this is a common
configuration. Plenty of sample configs are included in the current docs,
on http://www.freeswan.org - it's a straightforward config.
--
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"We can factor the number 15 with quantum computers. We
can also factor the number 15 with a dog trained to bark
three times." -- Robert Harley, 5/12/01, Sci.crypt
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Oct 11 2002 - 05:20:24 CEST