[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 01473) SSH Sentinel 1.3 and FreeS/WAN 1.97 interoperability problems
- To: usagi-users@xxxxxxxxxxxxxx
- Subject: (usagi-users 01473) SSH Sentinel 1.3 and FreeS/WAN 1.97 interoperability problems
- From: Yaroslav Popovitch <yp@xxxxxxx>
- Date: Tue, 21 May 2002 23:02:24 +0200
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2
I have problems connecting PC (Win98 + SSH Sentinel 1.3) to PC (Linux +
FreeS/WAN 1.97, kernel-2.4.12).
I configured both machines . Both SSH sentinel and FreeS/WAN said that
connection was established.
FreeS/WAN shows the tunnel.
The main problem that packets are not passed through the VPN tunnel [to
subnet]. IP FORWARDING is enabled.
Window's route showed that there is not route for 10.3.0.0 subnet.
In SSH Sentinel I set that I am connecting(VPN connection,tunnel, all
settings according to documentation) to secure gateway 212.7.2.128,
remote network 10.3.0.0/16
[root@lifekeeper1 root]# cat /proc/net/ipsec_eroute
0 10.3.0.0/16 -> 212.7.2.86/32 => tun0x1002@xxxxxxxxxx
[root@lifekeeper1 root]# cat /proc/sys/net/ipv4/ip_forward
1
[root@lifekeeper1 root]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
212.7.2.86 212.7.2.86 255.255.255.255 UGH 0 0 0
ipsec0
212.7.2.0 * 255.255.255.0 U 0 0 0 eth0
212.7.2.0 * 255.255.255.0 U 0 0 0
ipsec0
10.3.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
[root@lifekeeper1 root]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
My configuration:
[root@lifekeeper1 root]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:01:02:B1:5A:3E
inet addr:212.7.2.128 Bcast:212.7.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:791 errors:0 dropped:0 overruns:1 frame:0
TX packets:555 errors:0 dropped:0 overruns:0 carrier:0
collisions:10
eth0:0 Link encap:Ethernet HWaddr 00:01:02:B1:5A:3E
inet addr:10.3.0.128 Bcast:10.3.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
ipsec0 Link encap:Ethernet HWaddr 00:01:02:B1:5A:3E
inet addr:212.7.2.128 Mask:255.255.255.0
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
[root@lifekeeper1 root]# cat /etc/ipsec.conf
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
type=tunnel
left=212.7.2.128
leftsubnet=10.3.0.0/16
authby=rsasig
keyexchange=ike
keyingtries=1
ikelifetime=240m
keylife=20m
leftid=@xxxxxxxxxxxxxxxxxxx
leftrsasigkey=%cert
rightrsasigkey=%cert
auth=esp
pfs=yes
compress=yes
conn vpn
right=%any
auto=add
Where I did mistake ?
Cheers,YP
--
Mr. Yaroslav Popovitch - tel. +372 6419975
SOT Finnish Software Engineering Ltd. - fax +372 6419876
Kreutzwaldi 7-4, 10124 TALLINN - http://www.sot.com/
ESTONIA - http://sotlinux.net/