LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
LinkBack Search this Thread
Old 11-11-2009, 11:40 AM   #1
danmartinj
LQ Newbie
 
Registered: Oct 2009
Posts: 23

Rep: Reputation: 0
IPsec on Debian Probable Routing Issue in Config File


Hello Fellow Linux Users,
I was hoping someone could help me with a possible routing issue. I have a linux network setup like this: This network Does Work

_____________B-------C
A------B_____10.0.63.X_______C-------D
10.0.62.X____________________10.0.64.X

current route setup example on host C:
Destination-- Gateway -- Genmask-- Flags Metric-- Ref Use Iface
localnet * 255.255.255.0 U 0 0 0 eth0
10.0.63.0 * 255.255.255.0 U 0 0 0 eth0
10.0.62.0 10.0.63.249 255.255.255.0 UG 0 0 0 eth0
default 10.0.64.1 0.0.0.0 UG 0 0 0 eth0



Its 4 Debian machines on a single switch that is able to communicate via routing and a couple of virtual network interfaces.

I have got ipsec and openvpn to work all in basic client to client configurations or client to server. I cannot for the life of me get them to work in network to network configuration. My latest effort consists of ipsec-tools.conf on Host C

__________________________________________________________
#!/usr/sbin/setkey -f
#
# SPD for gateway A (172.16.72.1)
#

#Security Policy Database Information
spdadd 10.0.64.0/24 10.0.62.0/24 any -P out ipsec
esp/tunnel/10.0.63.250-10.0.63.249/require
ah/tunnel/10.0.63.250-10.0.63.249/require;

spdadd 10.0.62.0/24 10.0.64.0/24 any -P in ipsec
esp/tunnel/10.0.63.249-10.0.63.250/require
ah/tunnel/10.0.63.249-10.0.63.250/require;


#Now Create the Kyes to be Used
# AH SAD entries with 160 bit keys
add 10.0.63.249 10.0.63.250 ah 0x200 -A hmac-sha1 0x46915c30ed7e2465b42861b6ab19f2772813020c;
add 10.0.63.250 10.0.63.249 ah 0x300 -A hmac-sha1 0xc4dac594f8228e0b94a54758f7fbf2fdf4e37f3e;

# ESP SAD entries with 192 bit keys
add 10.0.63.249 10.0.63.250 esp 0x201 -E rijndael-cbc 0xa3993b3dfc41ef0a1aa8d168a8bf2c27e48249ac17b61e09;
add 10.0.63.250 10.0.63.249 esp 0x301 -E rijndael-cbc 0x8f6498928ba354bd45cfad147f54c67b3b742896b3bafc02;
________________________________________________________

I have also tried to use: spdadd 10.0.64.0/24 10.0.62.0/24 any -P fwd ipsec instead of out because of my current routing rules. I am pretty confused on this issue. I really believe its my routing thats killing me here. On Host B I have the exact configuration but is mirrored. If someone has any ideas I am all ears!! By the way the main tutorials I have been using are:
http://linuxgazette.net/126/pfeiffer.html
http://www.ipsec-howto.org/x304.html

Thanks,

Dan
 
Old 11-11-2009, 02:09 PM   #2
danmartinj
LQ Newbie
 
Registered: Oct 2009
Posts: 23

Original Poster
Rep: Reputation: 0
IPsec on Debian Probable Routing Issue in Config File

Hello again folks,
I just wanted to post the other ipsec-tools.conf that I have been using.


#!/usr/sbin/setkey -f

# Flush the SAD and SPD
flush;
spdflush;

# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
# and authentication using 128 bit long keys

#These are the nodes to be protected "internal LAN Routers"
add 10.0.64.250 10.0.62.249 esp 0x201 -m tunnel -E 3des-cbc
0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831
-A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6;

#These are the nodes to be protected "internal LAN Routers"
add 10.0.62.249 10.0.64.250 esp 0x301 -m tunnel -E 3des-cbc
0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df
-A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b;

# Security policies
#Packets using these source and destination addresses shall be protected
spdadd 10.0.64.0/24 10.0.62.0/24 any -P out ipsec
esp/tunnel/10.0.63.250-10.0.63.249/require;
#ah/tunnel/10.0.63.250-10.0.63.249/require;

spdadd 10.0.62.0/24 10.0.64.0/24 any -P in ipsec
esp/tunnel/10.0.63.249-10.0.63.250/require;
#ah/tunnel/10.0.63.249-10.0.63.250/require;
~
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
(Debian) xorg.conf file, (EE) Problem parsing the config file unclerick94 Linux - Newbie 1 07-28-2009 02:27 PM
IPsec one to many ike tunnel config Damoek AIX 0 05-16-2009 10:07 AM
IPsec routing issue xnomad Linux - Networking 2 12-19-2007 07:41 PM
ipsec config in redhat 8 ataie Linux - Networking 2 10-26-2003 04:52 AM
How to config IPsec on Redhat 8.0 Babba Linux - Newbie 2 01-24-2003 01:45 AM


All times are GMT -5. The time now is 01:28 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration