<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
<TITLE>Message</TITLE>
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>I'm new to Linux,
I'm new to OpenSwan, I'm fairly new to IPSec - now that I've established my
ignorance, I'll ask the question.</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2>ENVIRONMENT</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>- Linux 2.3 and
Openswan 1.0.7 tar file.</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>-
</FONT></SPAN><SPAN class=495441400-21102004><FONT face=Arial size=2>2 PCs
(Abbott & Costello) connected to a reference board that acts as a
router/gateway between the 2</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>- Keys are manually
entered</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>- There are no other
connections (no other routers/gateways; stand alone lab setup
only)</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>STAGE 1: Tunnel
from Abbott to Costello (Transport mode?)</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>I've tried a variety
of different configurations in ipsec.conf but can't seem to get this to
work.</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>In fact, when I
leave Costello in 'bypass' mode and configure Abbott to encrypt (ESP set, SPI
set, etc.) I can still ping Costello from Abbott and run data between them
(using Iperf, <A
href="http://dast.nlanr.net/Projects/Iperf/">http://dast.nlanr.net/Projects/Iperf/</A>,
if knowing that is of any use). Since this happens, that tells me I'm not
encrypting on Abbott at all.</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>STAGE 2: Tunnel
from Abbott to reference board; clear from reference board to
Costello</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>I'm assuming this
will follow the Road warrior to some extent, but since I'm writing, I might as
well ask about it also.</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2>HELP!</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>If anyone can tell
me how to setup ipsec.config for this interesting configuration, I'd appreciate
it.</FONT></SPAN></DIV></BODY></HTML>