LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-15-2008, 10:07 AM   #1
hotsouce
LQ Newbie
 
Registered: Aug 2008
Posts: 5

Rep: Reputation: 0
Lightbulb OpenSwan ipsec - conf,check -I need help


Hi ,
i want to create Lan IPsec connection between two hosts, like this

|HOST A|------IPsec----|HOST B|
\_____________ ____________/
\ /
LAN

Host A ip : 192.168.17.200 (SuseLinuxEnt + OpenSwan)
Host B ip : 192.168.17.201 (SuseLinuxEnt + OpenSwan)
mask : 255.255.255.0


How to configure OpenSwan to work in LAN ? (ipsec.conf,ipsec.secrets)
How to initialize connection(The New Tunnel) ?
How to check encryption of connection ? Does Connection realy work ? How to test The New Tunnel ?
----------------------------------------------------------------------------------------
Below is what my "ipsec verify" return

Checking your system to see if IPsec got installed and started correctly
Version check and ipsec on-path [OK]
Linux Openswan U2.2.0/K2.6.8-1.521 (native)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [N/A]<----what's mean N/A
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for native IPsec stack support [OK]

How to change "Checking NAT and MASQUERADEing [N/A]" to "[OK]" ?
----------------------------------------------------------------------------------------
 
Old 08-17-2008, 11:56 AM   #2
ashwin_cse
Member
 
Registered: Jul 2004
Distribution: arch, rhel
Posts: 133

Rep: Reputation: 22
hi,

vpn is for connecting remote machines over a public network , usually internet. If you are trying to establish vpn over LAN, then there are number of things that will hinder the process, like testing whether the connection is established will be a clumsy process rather than straight forward ping method. You don't have to worry about the NAT/masquerading message. I followed the steps in the following document http://megaz.arbuz.com/2005/01/28/linux-vpn-guide and was sucessful in establishing a vpn with pre-shared key method. pre-shared key is not the best way to establish a vpn, a better method would be using certificate based vpn.
 
Old 08-18-2008, 10:50 AM   #3
blackburnw
LQ Newbie
 
Registered: Oct 2007
Posts: 4

Rep: Reputation: 0
over my head. Sorry
 
Old 08-22-2008, 01:07 AM   #4
r_vigneswaran
LQ Newbie
 
Registered: Oct 2007
Posts: 6

Rep: Reputation: 5
The following url also will help,

http://www.jacco2.dds.nl/networking/openswan-l2tp.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Openswan IPSEC issue prashanlk Linux - Networking 0 01-09-2008 04:00 AM
IPSEC openswan prashanlk Linux - Networking 1 12-28-2007 11:47 AM
Openswan IPSEC server prashanlk Linux - Networking 3 12-11-2007 11:13 PM
OpenSWAN - IPSec tunnel drops dieduster Linux - Networking 0 12-17-2006 11:07 AM
IPSec OpenSWAN probs zmeda Linux - Networking 0 07-12-2006 06:39 AM


All times are GMT -5. The time now is 09:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration