LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-22-2003, 05:58 PM   #1
jillges
LQ Newbie
 
Registered: Aug 2003
Location: Sanford, Florida
Distribution: OpenSuse
Posts: 7

Rep: Reputation: 0
MNF to MNF VPN


Hello all. I am trying to create a vpn between 2 MNF boxes. The MNF Users Guide describes how to set up the server (left side) but does not describe how to configure another MNF box as the client (right side). I have followed the Users Guide but when I travel to the remote site I am working blind. On the left side I have created 2 server entries, one for the server and one for the remote location. On the right side I have tried various configurations but have been unsuccesful. Could someone PLEASE! offer some assistance.

Thanx,
Jeremy Illges
 
Old 09-06-2003, 09:49 AM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 66
Welcome to LQ.

Can you give us a bit more info:
What guide are you reffering to?
What Distro are you using?
 
Old 09-06-2003, 01:25 PM   #3
jillges
LQ Newbie
 
Registered: Aug 2003
Location: Sanford, Florida
Distribution: OpenSuse
Posts: 7

Original Poster
Rep: Reputation: 0
I am using Mandrake Linux Multi Network Firewall 8.2. The user manual details how to create a VPN server for clients but not a VPN server to VPN server connection. MNF uses Freeswan for IPSEC.

Jeremy
 
Old 09-14-2003, 11:42 AM   #4
Volker
LQ Newbie
 
Registered: Sep 2003
Posts: 1

Rep: Reputation: 0
setting up MNF vpn

I have the same problem with the documentation regarding setting up left and right side server. Did you succeed in setting up the vpn network? If so could you help me?

kind regards, Volker
 
Old 09-15-2003, 07:53 AM   #5
jillges
LQ Newbie
 
Registered: Aug 2003
Location: Sanford, Florida
Distribution: OpenSuse
Posts: 7

Original Poster
Rep: Reputation: 0
I have not had any success. I even paid for mandrake support and they said "Read the User Manual". I found this on the internet but have not been able to make it work.

1) Make a CA on MNF1.
2) Copy the CA info to MNF2.
3) Generate a certificate on MNF1.
4) Generate a certificate on MNF2, will use the same CA as MNF1 because you
copied the CA certs over
5) Configure the internal network and the next hop (ie the gateway provided by
your ISP) on MNF1.
6) Configure the internal network (needs to be a different network than #5)
and the next hop (ie the gateway provided by the ISP) on MNF2.
7) Bring up the VPN on both sides.

Now this is an important point. You MUST test it from one client behind MNF1
to another client behind MNF2. You cannot ping to or from either gateway. It
just doesn't work. Example:

Left (MNF1):
192.168.1.1 -> 64.28.200.12 ->64.28.200.1
Right (MNF2):
192.168.12.1->209.85.130.137->209.85.130.1

If you try to ping:
192.168.1.1 <---> 192.168.12.1 NO
192.168.1.4 <---> 192.168.12.1 NO
192.168.1.1 <---> 192.168.12.8 NO
192.168.1.4 <---> 192.168.12.8 YES (only one that will work)

Log messages of the startup sequence will appear in /var/log/syslog if I
remember correctly. It might also be in /var/log/messages. Look for "pluto"
and "IKE" and "ipsec".
 
Old 09-15-2003, 03:52 PM   #6
jillges
LQ Newbie
 
Registered: Aug 2003
Location: Sanford, Florida
Distribution: OpenSuse
Posts: 7

Original Poster
Rep: Reputation: 0
I have gotten this to work by doing the following:

1: Create CA on ServerA
2: Create the server keys for both A+B servers on Server A
(under CA/Other Keys)
3: Create the VPN server entries under Servers on ServerA (local
server must be listed first)
4: Copy these files to ServerB
/etc/freeswan/ipsec.d/YourLeftSideServerName.crt
/etc/freeswan/ipsec.d/YourRightSideServerName.crt
/etc/freeswan/ipsec.d/private/YourRightSideServerName.key
5:Re-copy the rightsideserver.crt as the x509cert.der on ServerB
cp -Rf /etc/freeswan/ipsec.d/YourRightSideServerName.crt
/etc/freeswan/x509cert.der
6:Create VPN server entries on ServerB (local server must be
listed first)
7: Restart ipsec on both servers

To test, ping a host on one side from a host on the other side.
 
Old 03-16-2004, 11:22 AM   #7
Skarlok
LQ Newbie
 
Registered: Mar 2004
Posts: 3

Rep: Reputation: 0
BUMP... I also setup MNF and I'm having issues configuring the VPN portion of it. This VPN section has plagued me for over a week. Any help with this would be greatly appreciated!!! Thanks!!

It's 9.2 and there is no VPN to VPN going on. Just clients connecting in(through)... Thanks!

I want my M$ clients to be able to VPN into the system like we currently do with our Cisco PIX...

Last edited by Skarlok; 03-16-2004 at 04:48 PM.
 
Old 03-16-2004, 04:48 PM   #8
Skarlok
LQ Newbie
 
Registered: Mar 2004
Posts: 3

Rep: Reputation: 0
Bump
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Question about MNF spayre Linux - Security 1 06-25-2005 07:00 PM
MNF 9.2 and VPN Skarlok Linux - Security 1 03-18-2004 09:12 PM
Is it possible to do this with MNF? nevermind Linux - Security 1 02-07-2004 07:41 AM
MNF vs. Smoothwall Crashed_Again Linux - Security 4 09-16-2003 07:48 PM
Mnf knightnets Linux - Networking 0 07-01-2003 07:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration