LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-08-2003, 07:26 PM   #1
kirk21
LQ Newbie
 
Registered: Jun 2003
Posts: 2

Rep: Reputation: 0
FreeS/WAN problem


Hi,

I realise this will probably be a stupid question, but I am trying to get FreeS/WAN running on my RH9 Firewall/Gateway box with ADSL, so I can have a VPN to another ADSL person.

My problem at the moment is that when I start IPSEC, my routing table becomes weird, and consequently all traffic you'd think would head out of my ppp0 interface decides it must now go out of the ipsec0 interface. The VPN has not been established yet, I have just started ipsec.

My routing table becomes (note lack of even DNS entries):

203.17.x * 255.255.255.255 UH 0 0 0 ppp0
203.17.x * 255.255.255.255 UH 0 0 0 ipsec0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 203.17.x 128.0.0.0 UG 0 0 0 ipsec0
128.0.0.0 203.17.x 128.0.0.0 UG 0 0 0 ipsec0
default 203.17.x 0.0.0.0 UG 0 0 0 ppp0

the 203.17.x numbers are the next hop onto my ISPs network.

Shorewall rejects all the traffic when the routing table is in this mode, mainly as there is no "IN" interface.

eg.

Aug 9 09:12:56 localhost kernel: Shorewall:all2all:REJECT:IN= OUT=ipsec0 SRC=203.113.x DST=210.15.254.241 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=30328 DF PROTO=UDP SPT=1028 DPT=53 LEN=52

Which seems wrong.

I am using FreeS/WAN 2.01 with RH9 on a 2.4.20-19.9 kernel...

My ipsec.conf is:

conn %default
keyingtries=0
compress=yes
disablearrivalcheck=no
authby=rsaig
leftrsasigkey=%cert
rightrsasigkey=%cert

conn roadwarrior-net
leftsubnet=10.0.0.0/24
also=roadwarrior

conn roadwarrior
right=%any
rightsubnetwithin=192.168.1.0/24_
left=%defaultroute
leftcert=serverCert.pem
auto-add
pfs=yes

I would be most grateful if anybody would be able to help me with this, it's beginning to drive me insane.....

It's probably something simple

Thanks..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FreeS/WAN scripts jake_reginato Linux - Security 0 05-02-2005 01:03 PM
FreeS/Wan Vs. OpenS/Wan Vs. StrongS/Wan bkankur Linux - Security 1 03-01-2005 09:27 AM
FreeS/Wan problem with Certificate Authorization bkankur Linux - Security 0 03-01-2005 06:14 AM
problem with FreeS/WAN IPsec cccc Linux - General 0 01-25-2004 10:59 AM
FREES/Wan Configuration. maorh Linux - Security 4 12-16-2003 05:02 AM


All times are GMT -5. The time now is 08:58 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration