From: Shyamal Thatte (sthatte_at_madasafish.com)
Date: Thu Dec 26 2002 - 18:38:46 CET
Hello,
Am trying to create a tunnel between my home machine and the office
network which has a Checkpoint firewall. All other users use Windows
laptops which seem to work fine with the SecuRemote client. I am the
only one with a Linux machine :(
I have Redhat 7.2, have upgraded the kernel to 2.4.18-18.7.x and
installed both
freeswan-1.99_2.4.18_18.7.x-0
freeswan-module-1.99_2.4.18_18.7.x-0
my problem is the security adminstrator has asked me to use a static IP
address which my ISP says they cannot allocate.
Was trawling through the net for any information about a workaround,
found some information on the freeswan list about iptables and NAT, also
there is an article about using iproute2 to use an alias but that too fails.
ipsec verify (after ipsec start shows the following)
Checking your system to see if IPsec got installed and started correctly
Version check and ipsec on-path [OK]
Checking for KLIPS support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Checking if IPchains has port 500 hole (all) [BLOCKED]
Checking if IPchains has port 500 hole (default) [BLOCKED]
Checking if IPchains has port 500 hole (ipsec0) [BLOCKED]
Checking if IPchains has port 500 hole (lo) [BLOCKED]
Checking if IPchains has port 500 hole (ppp0) [BLOCKED]
DNS checks.
Looking for forward key for localhost.localdomain [OK]
Looking for KEY in reverse map: 215.31.1.213.in-addr.arpa [FAILED]
Does the machine have at least one non-private address [OK]
my ipsec.conf is
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
#interfaces=%defaultroute
interfaces="ipsec0=ppp0"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup
actions. plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
disablearrivalcheck=no
keyingtries=2
keylife=120m
ikelifetime=120m
rekeymargin=1m
rekeyfuzz=50%
# keyingtries=1
# authby=rsasig
# leftrsasigkey=%dnsondemand
# rightrsasigkey=%dnsondemand
conn me-to-office-net
type=tunnel
left=194.75.37.251 -- my office gateway
leftsubnet=172.24.0.0/16 -- the internal network
right=192.168.168.168 -- this is the ip which I have aliased
using ip addr add
keyexchange=ike
authby=secret
auth=esp
pfs=no
auto=add
Nothing seems to work as when I try
ipsec auto --up me-to-office-net
022 "me-to-office-net": we have no ipsecN interface for either end of
this connection
how do I alias my machine to have a static IP for the office connection
?? The shared secret on the firewall has been set for 192.168.168.168
I can ping my office gateway machine but a traceroute fails ... would
that be a reason ?
If I can get this working can standardize a build for all Road Warriors
who want to use Linux from their laptops.
Regards
Shyamal
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Dec 27 2002 - 05:21:18 CET