Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 08-15-2008, 09:07 AM   #1
LQ Newbie
Registered: Aug 2008
Posts: 5

Rep: Reputation: 0
Lightbulb OpenSwan ipsec - conf,check -I need help

Hi ,
i want to create Lan IPsec connection between two hosts, like this

|HOST A|------IPsec----|HOST B|
\_____________ ____________/
\ /

Host A ip : (SuseLinuxEnt + OpenSwan)
Host B ip : (SuseLinuxEnt + OpenSwan)
mask :

How to configure OpenSwan to work in LAN ? (ipsec.conf,ipsec.secrets)
How to initialize connection(The New Tunnel) ?
How to check encryption of connection ? Does Connection realy work ? How to test The New Tunnel ?
Below is what my "ipsec verify" return

Checking your system to see if IPsec got installed and started correctly
Version check and ipsec on-path [OK]
Linux Openswan U2.2.0/K2.6.8-1.521 (native)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [N/A]<----what's mean N/A
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for native IPsec stack support [OK]

How to change "Checking NAT and MASQUERADEing [N/A]" to "[OK]" ?
Old 08-17-2008, 10:56 AM   #2
Registered: Jul 2004
Distribution: arch, rhel
Posts: 134

Rep: Reputation: 22

vpn is for connecting remote machines over a public network , usually internet. If you are trying to establish vpn over LAN, then there are number of things that will hinder the process, like testing whether the connection is established will be a clumsy process rather than straight forward ping method. You don't have to worry about the NAT/masquerading message. I followed the steps in the following document and was sucessful in establishing a vpn with pre-shared key method. pre-shared key is not the best way to establish a vpn, a better method would be using certificate based vpn.
Old 08-18-2008, 09:50 AM   #3
LQ Newbie
Registered: Oct 2007
Posts: 4

Rep: Reputation: 0
over my head. Sorry
Old 08-22-2008, 12:07 AM   #4
LQ Newbie
Registered: Oct 2007
Posts: 6

Rep: Reputation: 5
The following url also will help,


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Openswan IPSEC issue prashanlk Linux - Networking 0 01-09-2008 03:00 AM
IPSEC openswan prashanlk Linux - Networking 1 12-28-2007 10:47 AM
Openswan IPSEC server prashanlk Linux - Networking 3 12-11-2007 10:13 PM
OpenSWAN - IPSec tunnel drops dieduster Linux - Networking 0 12-17-2006 10:07 AM
IPSec OpenSWAN probs zmeda Linux - Networking 0 07-12-2006 05:39 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:29 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration