From: Matthias Gorjup (matthias.gorjup_at_siol.net)
Date: Tue Oct 29 2002 - 21:40:27 CET
At the moment I only have two PCs (I'll get more boxes in a two weeks).
Which scenario (remote access, network-to-network...) should I choose to
start playing with ipsec on these two boxes?
How can I test the succesfull ipsec onnection?
I already tried to do one thing:
added following ipsec.conf to both machines:
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces="ipsec0=eth0"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup
actions.
pluto=yes
plutoload=vpn
plutostart=vpn
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
conn vpn
type=tunnel
auto=start
keyexchange=ike
auth=esp
keylife=2h
keyingtries=0
left=10.0.0.1
leftsubnet=10.0.0.0/24
right=10.0.0.2
rightsubnet=10.0.0.0/24
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
#auto=add
and started ipsec on both machines.
ipsec look shows following:
linux Tue Oct 29 21:39:44 CET 2002
ipsec0->eth0 mtu=16260(1500)->1500
Destination Gateway Genmask Flags MSS Window irtt Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 40 0 0
ipsec0
But it seems to me ipsec doesn't work properly. Even if I stop the ipsec, I
can still ping, ftp, ssh from one machine to another...
Matthias
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Wed Oct 30 2002 - 05:20:34 CET