[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 01475) Re: SSH Sentinel 1.3 and FreeS/WAN 1.97 interoperability problems
- To: usagi-users@xxxxxxxxxxxxxx
- Subject: (usagi-users 01475) Re: SSH Sentinel 1.3 and FreeS/WAN 1.97 interoperability problems
- From: KANDA Mitsuru <mk@xxxxxxxxxxxxxx>
- Date: Thu, 23 May 2002 00:08:21 +0900
- In-reply-to: <3CEAB5E0.2020806@sot.com>
- References: <3CEAB5E0.2020806@sot.com>
- Reply-to: usagi-users@xxxxxxxxxxxxxx
Hello Yaroslav,
This mailing list is for linux ipv6 (mostly forcus on USAGI ipv6) stack.
If you have problems linux ipv4 stack or Freeswan(ipv4) stack,
please ask your question to appropriate mailing list.
(I think freeswan mailing list or SSH support is good for you.)
Regards,
-mk
At Tue, 21 May 2002 23:02:24 +0200,
Yaroslav Popovitch wrote:
>
> I have problems connecting PC (Win98 + SSH Sentinel 1.3) to PC (Linux +
> FreeS/WAN 1.97, kernel-2.4.12).
> I configured both machines . Both SSH sentinel and FreeS/WAN said that
> connection was established.
> FreeS/WAN shows the tunnel.
>
> The main problem that packets are not passed through the VPN tunnel [to
> subnet]. IP FORWARDING is enabled.
>
> Window's route showed that there is not route for 10.3.0.0 subnet.
>
> In SSH Sentinel I set that I am connecting(VPN connection,tunnel, all
> settings according to documentation) to secure gateway 212.7.2.128,
> remote network 10.3.0.0/16
>
> [root@lifekeeper1 root]# cat /proc/net/ipsec_eroute
> 0 10.3.0.0/16 -> 212.7.2.86/32 => tun0x1002@xxxxxxxxxx
>
> [root@lifekeeper1 root]# cat /proc/sys/net/ipv4/ip_forward
> 1
>
> [root@lifekeeper1 root]# route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 212.7.2.86 212.7.2.86 255.255.255.255 UGH 0 0 0
> ipsec0
> 212.7.2.0 * 255.255.255.0 U 0 0 0 eth0
> 212.7.2.0 * 255.255.255.0 U 0 0 0
> ipsec0
> 10.3.0.0 * 255.255.0.0 U 0 0 0 eth0
> 127.0.0.0 * 255.0.0.0 U 0 0 0 lo
>
>
> [root@lifekeeper1 root]# iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> My configuration:
>
> [root@lifekeeper1 root]# ifconfig
> eth0 Link encap:Ethernet HWaddr 00:01:02:B1:5A:3E
> inet addr:212.7.2.128 Bcast:212.7.2.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:791 errors:0 dropped:0 overruns:1 frame:0
> TX packets:555 errors:0 dropped:0 overruns:0 carrier:0
> collisions:10
>
> eth0:0 Link encap:Ethernet HWaddr 00:01:02:B1:5A:3E
> inet addr:10.3.0.128 Bcast:10.3.255.255 Mask:255.255.0.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>
> ipsec0 Link encap:Ethernet HWaddr 00:01:02:B1:5A:3E
> inet addr:212.7.2.128 Mask:255.255.255.0
> UP RUNNING NOARP MTU:16260 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:6 errors:0 dropped:0 overruns:0 frame:0
> TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0
>
> [root@lifekeeper1 root]# cat /etc/ipsec.conf
> config setup
> interfaces="ipsec0=eth0"
> klipsdebug=none
> plutodebug=none
> plutoload=%search
> plutostart=%search
> uniqueids=yes
>
> conn %default
> type=tunnel
> left=212.7.2.128
> leftsubnet=10.3.0.0/16
> authby=rsasig
> keyexchange=ike
> keyingtries=1
> ikelifetime=240m
> keylife=20m
> leftid=@xxxxxxxxxxxxxxxxxxx
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> auth=esp
> pfs=yes
> compress=yes
>
> conn vpn
> right=%any
> auto=add
>
>
> Where I did mistake ?
>
> Cheers,YP
>
>
> --
> Mr. Yaroslav Popovitch - tel. +372 6419975
> SOT Finnish Software Engineering Ltd. - fax +372 6419876
> Kreutzwaldi 7-4, 10124 TALLINN - http://www.sot.com/
> ESTONIA - http://sotlinux.net/
>
>