Re: [Users] FreeS/WAN, X.509, and Windows Roadies

From: Igmar Palsenberg (maillist_at_jdimedia.nl)
Date: Fri Dec 27 2002 - 18:28:04 CET

• Next message: Igmar Palsenberg: "Re: [Users] Cannot ping internal hosts but only internal interface"
• Previous message: Jeffrey C. Ollie: "Re: [Users] Help Please - want to use Open Source"
• In reply to: bruceablk_at_ida.net: "*****SPAM***** [Users] FreeS/WAN, X.509, and Windows Roadies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

> I tried to get FreeS/WAN working with both SSH Sentinel and Windows 2000
> ipsec according to Nate Carlson's how to. If I don't get this working I am
> going to have to fall back on a commercial solution such as Cisco or Sonic
> Wall. I would really like to use FreeS/WAN + X.509.

Post configs and a how your network is organized.

> My log indicates that an SA is established for ISAKMP and IPsec. However I
> cannot get to any resources. FreeS/WAN is not my gateway for the
> workstations on my LAN, would that matter?

Yes. It won't work if the default gateway doesn't make sense.

> I would appreciate any help that I could get to get this working. I have
> been succesful with many other Open Source tools, this one is kicking my butt.
>
> Bruce
>
> Here is a tcpdump of my ipsec0 interface:
>
> [root_at_warrior etc]# tcpdump -nl -i ipsec0
> tcpdump: listening on ipsec0
> 18:06:20.460796 111.222.333.61.isakmp > 206.206.30.187.isakmp: isakmp:
> phase 1 ? ident: [|sa] (DF)
> 18:06:21.270172 111.222.333.61.isakmp > 206.206.30.187.isakmp: isakmp:
> phase 1 ? ident: [|ke] (DF)
> 18:06:23.409274 111.222.333.61.isakmp > 206.206.30.187.isakmp: isakmp:
> phase 1 ? ident[E]: [|id] (DF)
> 18:06:23.500251 111.222.333.61.isakmp > 206.206.30.187.isakmp: isakmp:
> phase 1 ? ident[E]: [|id] (DF)
> 18:06:24.942591 111.222.333.61.isakmp > 206.206.30.187.isakmp: isakmp:
> phase 2/others ? oakley-quick[E]: [|hash] (DF)
> 18:06:25.365236 206.206.30.187 > 172.17.5.20: icmp: echo request
> 18:06:29.395544 206.206.30.187 > 172.17.5.20: icmp: echo request
> 18:06:30.615994 206.206.30.187 > 172.17.5.20: icmp: echo request
> 18:06:31.616496 206.206.30.187 > 172.17.5.20: icmp: echo request
> 18:06:32.616738 206.206.30.187 > 172.17.5.20: icmp: echo request

You don't get any packets back.

Make the FreeSWAN the default gw and let that machine do the routing.

I've only used Sentinel with DHCP-over-IPSEC, so that't the only thing I
can give advise about.

        Regards,

                Igmar

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Igmar Palsenberg: "Re: [Users] Cannot ping internal hosts but only internal interface"
• Previous message: Jeffrey C. Ollie: "Re: [Users] Help Please - want to use Open Source"
• In reply to: bruceablk_at_ida.net: "*****SPAM***** [Users] FreeS/WAN, X.509, and Windows Roadies"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Dec 28 2002 - 05:21:10 CET