IPSec: Red Hat Configuration

piggyj · 10-30-2006, 03:03 AM

It's my first time to configure IPSec.

Before configuration, I can do:
telnet x.y.y.y port

But after configuration, I get:

telnet: Unable to connect to remote host: Resource temporarily unavailable

Here's how I did ipsec configuration:

1. set net.ipv4.ip_forward to 1

2. sysctl -p /etc/sysctl.conf

3. create /etc/sysconfig/network-scripts/ifcfg-ipsec0
DEVICE=ipsec0
TYPE=IPsec
ONBOOT=yes
IKE_METHOD=PSK
SRCNET=x.x.x.0/24
SRC=x.x.x.x
DST=x.y.y.y

4. created pre-shared key file /etc/sysconfig/network-scripts/keys-ipsec0
IKE_PSK=r3dh4tl1nux

5. chmod 600 /etc/sysconfig/network-scripts/keys-ipsecX

6. ifup ipsec0

can someone help me?

piggyj · 11-01-2006, 08:32 PM

Here's an update. I did some tests:

node 1 = x.x.x.14
node 2 = x.x.x.13

If I do Ipsec - Win to Win - it works.

If I do Ipsec - RHEL to RHEL - it works.

10:14:29.913735 x.x.x.14 > x.x.x.13: AH(spi=0x0e8edaca,seq=0x23): ESP(spi=0x0cc2c94b,seq=0x23) (DF)
10:14:29.913827 x.x.x.13 > x.x.x.14: AH(spi=0x0496ce3b,seq=0x1): ESP(spi=0x0950e71c,seq=0x1)

with this config, on both rhel servers:
DEVICE=ipsec0
TYPE=IPSEC
ONBOOT=yes
IKE_METHOD=PSK
SRC=x.x.x.14
DST=x.x.x.13

keys-ipsec0
IKE_PSK=mypassword

If I do Ipsec - Win to RHEL - doesn't work.

Is this supported? Am I missing anything?

piggyj · 11-05-2006, 08:07 AM

:-(

Still having problems.

Windows box, when I ping the Linux Box:
Negotiating IP Security.

And on the Linux box, when I ping Windows box:
connect: Resource temporarily unavailable.

piggyj · 11-21-2006, 12:49 AM

now getting...

2006-11-21 14:43:45: ERROR: isakmp_inf.c:838:isakmp_info_recv_n(): unknown notify message, no phase2 handle found.
2006-11-21 14:43:45: DEBUG: isakmp_inf.c:860:isakmp_info_recv_n(): notification message 14:NO-PROPOSAL-CHOSEN, doi=1 proto_id=3 spi=00000000(size=4).