LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 03-12-2008, 02:05 PM   #1
vishamr2000
Member
 
Registered: Aug 2004
Posts: 210

Rep: Reputation: 31
Help with IPSec!!


Hi to all,

I badly need some help with the setting up of IPSec. I have two PCs (PC_A = 192.168.1.100 ; PC_B = 192.168.2.100) that are connected to the same switch between which I want to use IPSec. Both machines have Fedora Core 5 with a kernel of 2.6.20.4 and I have installed ipsec-tools-0.6.7.tar.bz on both of them. I'm following the IPSec howto and have compiled the kernel with all the required options.
The following configurations have been used:

### PC_B #####

The "/etc/setkey.conf" file
Quote:
#!/usr/sbin/setkey -f
# Configuration for 192.168.2.100
# Flush the SAD and SPD
flush;
spdflush;
# Security policies
spdadd 192.168.1.100 192.168.2.100 any -P in ipsec
esp/transport//require;
spdadd 192.168.2.100 192.168.1.100 any -P out ipsec
esp/transport//require;
The "/etc/racoon.conf" file
Quote:
# Racoon IKE daemon configuration file.
path pre_shared_key "/etc/psk.txt";
remote 192.168.1.100 {
exchange_mode main;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group modp1024;
}
}
sainfo anonymous {
pfs_group modp768;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
The "/etc/psk.txt" file
Quote:
# file for pre-shared keys used for IKE authentication

192.168.1.100 visham
I simply mirrored the file contents on PC_A. I issued the commands for setkey & racoon, and got the following output:
Quote:
[root@fina ~]# setkey -f /etc/setkey.conf
[root@fina ~]# racoon -F -f /etc/racoon.conf
Foreground mode.
2008-03-12 21:58:58: INFO: @(#)ipsec-tools 0.6.7 (http://ipsec-tools.sourceforge.net)
2008-03-12 21:58:58: INFO: @(#)This product linked OpenSSL 0.9.8a 11 Oct 2005 (http://www.openssl.org/)
2008-03-12 21:58:58: INFO: 192.168.2.100[500] used as isakmp port (fd=5)
2008-03-12 21:58:58: INFO: 127.0.0.1[500] used as isakmp port (fd=6)
2008-03-12 21:58:58: INFO: fe80::211:d8ff:fe7a:2c1a%eth0[500] used as isakmp port (fd=7)
2008-03-12 21:58:58: INFO: ::1[500] used as isakmp port (fd=8)
Nothing else appears after this. Can anyone pls tell me what i'm doing wrong or not doing?

Thx in advance..

Warm regards,
Visham
 
Old 03-13-2008, 02:17 PM   #2
1jnike
Member
 
Registered: Jan 2006
Location: UK
Distribution: Fedora,Mandriva,Debian,Suse,Solaris
Posts: 135

Rep: Reputation: 17
Question

Hi vishamr2000,

You mentioned earlier;

"I badly need some help with the setting up of IPSec. I have two PCs (PC_A = 192.168.1.100 ; PC_B = 192.168.2.100) that are connected to the same switch between which I want to use IPSec".

I just have one question, IP Security , will it matter that you have two different subnet ranges, going through the same switch?

Just a thought!

jnike
 
Old 03-14-2008, 12:38 AM   #3
vishamr2000
Member
 
Registered: Aug 2004
Posts: 210

Original Poster
Rep: Reputation: 31
Hi 1jnike,
Quote:
I just have one question, IP Security , will it matter that you have two different subnet ranges, going through the same switch?
No it wouldn't but I'm trying to simulate an IPSec connection between hosts of different clusters.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
about IPsec mallikk_in Linux - Networking 4 05-11-2007 03:38 AM
IPsec cranium2004 Linux - Security 5 05-01-2005 08:21 PM
ipsec?? new user Linux - Security 5 08-18-2003 11:37 PM
Ipsec MarleyGPN Linux - Networking 1 07-15-2003 08:18 AM
ipsec pk21 Linux - Software 2 01-30-2003 06:39 AM


All times are GMT -5. The time now is 10:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration