<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
<TITLE>Message</TITLE>
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>I'm new to Linux,
I'm new to OpenSwan, I'm <SPAN class=598532220-21102004>somewhat </SPAN>new
to IPSec - now that I've established my ignorance, I'll ask the
question.</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2>ENVIRONMENT</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>- Linux 2.3 and
Openswan 1.0.7 tar file.</FONT></SPAN></DIV>
<DIV><FONT face=Arial><FONT size=2><SPAN class=495441400-21102004>- </SPAN><SPAN
class=495441400-21102004>2 PCs (Abbott & Costello) connected to a reference
board that acts as a router/gateway between the 2</SPAN></FONT></FONT></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>- Keys are manually
entered</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>- There are no other
connections (no other routers/gateways; stand alone lab setup
only)</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>STAGE 1: Tunnel
from Abbott to Costello</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>I've tried a variety
of different configurations in ipsec.conf but can't seem to get this to
work.</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>In fact, when I
leave Costello in 'bypass' mode and configure Abbott to <SPAN
class=598532220-21102004>in transport mode</SPAN> (<SPAN
class=598532220-21102004>ipsec.conf has keys etc. for esp</SPAN>) I can still
ping Costello from Abbott and run data between them (using Iperf,
</FONT><A href="http://dast.nlanr.net/Projects/Iperf/"><FONT face=Arial
size=2>http://dast.nlanr.net/Projects/Iperf/</FONT></A><FONT face=Arial size=2>,
if knowing that is of any use). Since this happens, that tells me I'm not
encrypting on Abbott at all.</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>STAGE 2: Tunnel
from Abbott to reference board; clear from reference board to
Costello</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>I'm assuming this
will follow the Road warrior to some extent, but since I'm writing, I might as
well ask about it also.</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2>HELP!</FONT></SPAN></DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=495441400-21102004><FONT face=Arial size=2>If anyone can tell
me how to setup ipsec.config for this interesting configuration, I'd appreciate
it.</FONT></SPAN></DIV></DIV></BODY></HTML>