[LUGOS] FreeS/WAN in road-warrior

Gregor Ibic gregor.ibic at intelicom.si
Fri Jun 20 12:19:49 CEST 2003 

ping xxxxxxx -I interni_ip


Intelicom d.o.o.
Security software company
http://www.intelicom.si
email: info at intelicom.si
tel.: ++386 5 6309 158
fax.: ++386 5 6279 355

-----Original Message-----
From: Andrej [mailto:andrej at rikom.si]
Sent: Friday, June 20, 2003 12:17 PM
To: Lugos List
Subject: [LUGOS] FreeS/WAN in road-warrior


Pozdrav!

Sliko mreze, ki jo imam najdete na http://www.sk-branik.si/ipsec.txt.
Moj cilj je iz linux2 masine dostopati do omrezja 192.168.15.0/24 preko
ipsec tunela. Na linux2 in router-ju sem uspesno prevedel in instaliral
FreeS/WAN 2.0.
Predno sem se lotil ipsec konfiguracije sem najprej preizkusil, ce dela
ping iz ene na drugo masino - iz linux2 lahko pingam router (obe kartici)
in linux1, itd. (ping dela v vse smeri iz vseh masin). Po navodilih na
http://www.freeswan.org/freeswan_trees/freeswan-2.00/doc/config.html (road
warrior configuration) sem napisal naslednja dva ipsec.conf-a :

linux2 :

conn road
    left=192.168.200.2
    leftnexthop=%defaultroute
    leftid=@linux2.lan
    leftrsasigkey=<linux2_kljuc>
    right=192.168.15.100
    rightsubnet=192.168.15.0/24
    rightid=@router.lan
    rightrsasigkey=<router_kljuc>
    auto=add



router :

conn road
    left=192.168.15.100
    leftid=@router.lan
    leftsubnet=192.168.15.0/24
    leftrsasigkey=<router_kljuc>
    rightnexthop=%defaultroute
    right=%any
    rightid=@linux2.lan
    rightrsasigkey=<linux2_kljuc>
    auto=add

Ko na obeh masin pozenem "service ipsec start" in na masini linux2 "ipsec
auto --up road" vidim, da sta se je ipsec tunel uspesno vzpostavil :

104 "road" #223: STATE_MAIN_I1: initiate
106 "road" #301: STATE_MAIN_I2: sent MI2, expecting MR2
108 "road" #301: STATE_MAIN_I3: sent MI3, expecting MR3
004 "road" #301: STATE_MAIN_I4: ISAKMP SA established
112 "road" #302: STATE_QUICK_I1: initiate
004 "road" #302: STATE_QUICK_I2: sent QI2, IPsec SA established

ko pa sedaj poizkusam iz linux2 pingat linux1 zadeva ne deluje. Ce med
router in linux2 postavim notebook in pozenem tcpdump vidim da grejo
kriptirani podatki (icmp request) iz smeri linux2 -> router dalje pa ne.
Kaj delam narobe?


P.S.: Na vseh treh masinah tece RH 7.3 in kernel 2.4.20.

Kakrsnakoli informacija bi bila zelo v pomoc.


Hvala in lep pozdrav,

	Andrej.

More information about the lugos-list mailing list