Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 11-11-2009, 12:40 PM   #1
Registered: Oct 2009
Posts: 30

Rep: Reputation: 0
IPsec on Debian Probable Routing Issue in Config File

Hello Fellow Linux Users,
I was hoping someone could help me with a possible routing issue. I have a linux network setup like this: This network Does Work


current route setup example on host C:
Destination-- Gateway -- Genmask-- Flags Metric-- Ref Use Iface
localnet * U 0 0 0 eth0 * U 0 0 0 eth0 UG 0 0 0 eth0
default UG 0 0 0 eth0

Its 4 Debian machines on a single switch that is able to communicate via routing and a couple of virtual network interfaces.

I have got ipsec and openvpn to work all in basic client to client configurations or client to server. I cannot for the life of me get them to work in network to network configuration. My latest effort consists of ipsec-tools.conf on Host C

#!/usr/sbin/setkey -f
# SPD for gateway A (

#Security Policy Database Information
spdadd any -P out ipsec

spdadd any -P in ipsec

#Now Create the Kyes to be Used
# AH SAD entries with 160 bit keys
add ah 0x200 -A hmac-sha1 0x46915c30ed7e2465b42861b6ab19f2772813020c;
add ah 0x300 -A hmac-sha1 0xc4dac594f8228e0b94a54758f7fbf2fdf4e37f3e;

# ESP SAD entries with 192 bit keys
add esp 0x201 -E rijndael-cbc 0xa3993b3dfc41ef0a1aa8d168a8bf2c27e48249ac17b61e09;
add esp 0x301 -E rijndael-cbc 0x8f6498928ba354bd45cfad147f54c67b3b742896b3bafc02;

I have also tried to use: spdadd any -P fwd ipsec instead of out because of my current routing rules. I am pretty confused on this issue. I really believe its my routing thats killing me here. On Host B I have the exact configuration but is mirrored. If someone has any ideas I am all ears!! By the way the main tutorials I have been using are:


Old 11-11-2009, 03:09 PM   #2
Registered: Oct 2009
Posts: 30

Original Poster
Rep: Reputation: 0
IPsec on Debian Probable Routing Issue in Config File

Hello again folks,
I just wanted to post the other ipsec-tools.conf that I have been using.

#!/usr/sbin/setkey -f

# Flush the SAD and SPD

# ESP SAs doing encryption using 192 bit long keys (168 + 24 parity)
# and authentication using 128 bit long keys

#These are the nodes to be protected "internal LAN Routers"
add esp 0x201 -m tunnel -E 3des-cbc
-A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6;

#These are the nodes to be protected "internal LAN Routers"
add esp 0x301 -m tunnel -E 3des-cbc
-A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b;

# Security policies
#Packets using these source and destination addresses shall be protected
spdadd any -P out ipsec

spdadd any -P in ipsec


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
(Debian) xorg.conf file, (EE) Problem parsing the config file unclerick94 Linux - Newbie 1 07-28-2009 03:27 PM
IPsec one to many ike tunnel config Damoek AIX 0 05-16-2009 11:07 AM
IPsec routing issue xnomad Linux - Networking 2 12-19-2007 08:41 PM
ipsec config in redhat 8 ataie Linux - Networking 2 10-26-2003 05:52 AM
How to config IPsec on Redhat 8.0 Babba Linux - Newbie 2 01-24-2003 02:45 AM

All times are GMT -5. The time now is 07:52 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration