FreeS/WAN problem
Hi,
I realise this will probably be a stupid question, but I am trying to get FreeS/WAN running on my RH9 Firewall/Gateway box with ADSL, so I can have a VPN to another ADSL person. My problem at the moment is that when I start IPSEC, my routing table becomes weird, and consequently all traffic you'd think would head out of my ppp0 interface decides it must now go out of the ipsec0 interface. The VPN has not been established yet, I have just started ipsec. My routing table becomes (note lack of even DNS entries): 203.17.x * 255.255.255.255 UH 0 0 0 ppp0 203.17.x * 255.255.255.255 UH 0 0 0 ipsec0 10.0.0.0 * 255.255.255.0 U 0 0 0 eth1 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 203.17.x 128.0.0.0 UG 0 0 0 ipsec0 128.0.0.0 203.17.x 128.0.0.0 UG 0 0 0 ipsec0 default 203.17.x 0.0.0.0 UG 0 0 0 ppp0 the 203.17.x numbers are the next hop onto my ISPs network. Shorewall rejects all the traffic when the routing table is in this mode, mainly as there is no "IN" interface. eg. Aug 9 09:12:56 localhost kernel: Shorewall:all2all:REJECT:IN= OUT=ipsec0 SRC=203.113.x DST=210.15.254.241 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=30328 DF PROTO=UDP SPT=1028 DPT=53 LEN=52 Which seems wrong. I am using FreeS/WAN 2.01 with RH9 on a 2.4.20-19.9 kernel... My ipsec.conf is: conn %default keyingtries=0 compress=yes disablearrivalcheck=no authby=rsaig leftrsasigkey=%cert rightrsasigkey=%cert conn roadwarrior-net leftsubnet=10.0.0.0/24 also=roadwarrior conn roadwarrior right=%any rightsubnetwithin=192.168.1.0/24_ left=%defaultroute leftcert=serverCert.pem auto-add pfs=yes I would be most grateful if anybody would be able to help me with this, it's beginning to drive me insane..... It's probably something simple ;) Thanks.. |
All times are GMT -5. The time now is 09:58 PM. |