|
MNF to MNF VPN
Hello all. I am trying to create a vpn between 2 MNF boxes. The MNF Users Guide describes how to set up the server (left side) but does not describe how to configure another MNF box as the client (right side). I have followed the Users Guide but when I travel to the remote site I am working blind. On the left side I have created 2 server entries, one for the server and one for the remote location. On the right side I have tried various configurations but have been unsuccesful. Could someone PLEASE! offer some assistance.
Thanx, Jeremy Illges |
Welcome to LQ.
Can you give us a bit more info: What guide are you reffering to? What Distro are you using? |
I am using Mandrake Linux Multi Network Firewall 8.2. The user manual details how to create a VPN server for clients but not a VPN server to VPN server connection. MNF uses Freeswan for IPSEC.
Jeremy |
setting up MNF vpn
I have the same problem with the documentation regarding setting up left and right side server. Did you succeed in setting up the vpn network? If so could you help me?
kind regards, Volker |
I have not had any success. I even paid for mandrake support and they said "Read the User Manual". I found this on the internet but have not been able to make it work.
1) Make a CA on MNF1. 2) Copy the CA info to MNF2. 3) Generate a certificate on MNF1. 4) Generate a certificate on MNF2, will use the same CA as MNF1 because you copied the CA certs over 5) Configure the internal network and the next hop (ie the gateway provided by your ISP) on MNF1. 6) Configure the internal network (needs to be a different network than #5) and the next hop (ie the gateway provided by the ISP) on MNF2. 7) Bring up the VPN on both sides. Now this is an important point. You MUST test it from one client behind MNF1 to another client behind MNF2. You cannot ping to or from either gateway. It just doesn't work. Example: Left (MNF1): 192.168.1.1 -> 64.28.200.12 ->64.28.200.1 Right (MNF2): 192.168.12.1->209.85.130.137->209.85.130.1 If you try to ping: 192.168.1.1 <---> 192.168.12.1 NO 192.168.1.4 <---> 192.168.12.1 NO 192.168.1.1 <---> 192.168.12.8 NO 192.168.1.4 <---> 192.168.12.8 YES (only one that will work) Log messages of the startup sequence will appear in /var/log/syslog if I remember correctly. It might also be in /var/log/messages. Look for "pluto" and "IKE" and "ipsec". |
I have gotten this to work by doing the following:
1: Create CA on ServerA 2: Create the server keys for both A+B servers on Server A (under CA/Other Keys) 3: Create the VPN server entries under Servers on ServerA (local server must be listed first) 4: Copy these files to ServerB /etc/freeswan/ipsec.d/YourLeftSideServerName.crt /etc/freeswan/ipsec.d/YourRightSideServerName.crt /etc/freeswan/ipsec.d/private/YourRightSideServerName.key 5:Re-copy the rightsideserver.crt as the x509cert.der on ServerB cp -Rf /etc/freeswan/ipsec.d/YourRightSideServerName.crt /etc/freeswan/x509cert.der 6:Create VPN server entries on ServerB (local server must be listed first) 7: Restart ipsec on both servers To test, ping a host on one side from a host on the other side. |
BUMP... I also setup MNF and I'm having issues configuring the VPN portion of it. This VPN section has plagued me for over a week. Any help with this would be greatly appreciated!!! Thanks!!
It's 9.2 and there is no VPN to VPN going on. Just clients connecting in(through)... Thanks! I want my M$ clients to be able to VPN into the system like we currently do with our Cisco PIX... |
Bump
|
| All times are GMT -5. The time now is 08:58 AM. |