<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1578" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006>Hi
All,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006>I am novice to
IPSEC. Please help me by solving my below query.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006>My requirement is to
establishing IPSEC between My Tool and the Target device. </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006>The keys, that has
to used for encryption and authentication, </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006>will be negotiated
through Application protocol(SIP) before enabling IPSEC in those two
machines.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006>i.e.,
<STRONG>Manually Keyed IPSEC</STRONG> has to established between two machine on
<STRONG>some particular port</STRONG> </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006>and the two machines
are located in same network.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006>
*************************************
*************************************</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006>
* My
Tool
*
*
Target Device *</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006> *
(</SPAN></FONT><FONT face=Arial size=2><SPAN class=511111313-02122006> Fedora
Core) *
<-------------------------------------------->* (Any
Operating System) *</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006>
*
* Manually keyed IPSEC
* *</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006> * 10.101.210.219
(some
port) * * 10.101.210.16
(some port) *</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006>
************************************* ************************************** </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006>By surfing the
Internet, I came to know that Manual Keying can be done through
OpenSWAN.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006>When I tried to
enable it, I could not able to do it. I have listed the step that I have done.
</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006>Please let me know
if I have done anything wrong.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006><STRONG>Operating
System : Fedora Core
4</STRONG></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006><STRONG>Linux Kernel
version : 2.6</STRONG></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006><FONT
color=#ff0000>[root@localhost gganga]#</FONT> <FONT color=#0000ff>uname
-a<BR></FONT>Linux localhost.localdomain 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56
EDT 2005 i686 i686 i386 GNU/Linux<BR></SPAN></FONT><FONT face=Arial size=2><SPAN
class=511111313-02122006></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006><STRONG><U><FONT
size=3>STEP 1)</FONT></U></STRONG> </SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006>
I have installed openSWAN (<FONT color=#0000ff>rpm -r
openswan-2.4.4-1.i386.rpm</FONT>)</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial><SPAN class=511111313-02122006><STRONG><U>STEP
2)</U></STRONG></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006>
I have started the IPSEC service.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006><FONT
color=#ff0000>[root@localhost gganga]#</FONT> <FONT color=#0000ff>service ipsec
start</FONT><BR><FONT color=#ff00ff>ipsec_setup: Starting Openswan IPsec
2.4.4...<BR>ipsec_setup: insmod
/lib/modules/2.6.11-1.1369_FC4/kernel/net/key/af_key.ko <BR>ipsec_setup: insmod
/lib/modules/2.6.11-1.1369_FC4/kernel/net/ipv4/xfrm4_tunnel.ko</FONT>
<BR></SPAN></FONT></DIV>
<DIV><FONT face=Arial><SPAN class=511111313-02122006><STRONG><U>STEP
3)</U></STRONG></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006>
I have verified IPSEC.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006><FONT
color=#ff0000>[root@localhost gganga]#</FONT> <FONT color=#0000ff>ipsec
verify</FONT><BR><FONT color=#ff00ff>Checking your system to see if IPsec got
installed and started correctly:<BR>Version check and ipsec
on-path
[OK]<BR>Linux Openswan U2.4.4/K2.6.11-1.1369_FC4 (netkey)<BR>Checking for IPsec
support in
kernel
[OK]<BR>Checking for RSA private key
(/etc/ipsec.secrets)
[OK]<BR>Checking that pluto is
running
[OK]<BR>Two or more interfaces found, checking IP
forwarding
[FAILED]<BR>Checking for 'ip'
command
[OK]<BR>Checking for 'iptables'
command
[OK]<BR>Checking for 'setkey' command for NETKEY IPsec stack
support [OK]<BR>Opportunistic Encryption
Support
[DISABLED]</FONT><BR></SPAN></FONT></DIV>
<DIV><FONT face=Arial><SPAN class=511111313-02122006><STRONG><U>STEP
4)</U></STRONG></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006>
I have added connection peer-to-peer in /etc/ipsec.conf.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006><FONT
color=#ff0000>[root@localhost gganga]#</FONT> <FONT color=#0000ff>cat
/etc/ipsec.conf</FONT><BR><FONT color=#ff00ff># /etc/ipsec.conf - Openswan IPsec
configuration file<BR># RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27
paul Exp $</FONT></SPAN></FONT></DIV>
<DIV><FONT color=#ff00ff></FONT> </DIV>
<DIV><FONT face=Arial color=#ff00ff size=2><SPAN class=511111313-02122006># This
file: /usr/share/doc/openswan/ipsec.conf-sample<BR>#<BR>#
Manual: ipsec.conf.5</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#ff00ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#ff00ff size=2><SPAN
class=511111313-02122006>version 2.0 # conforms to
second version of ipsec.conf specification</SPAN></FONT></DIV>
<DIV><FONT face=Arial color=#ff00ff size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#ff00ff size=2><SPAN class=511111313-02122006>config
setup<BR>
interfaces="ipsec0=eth0"<BR>
klipsdebug=all<BR>
plutodebug=none<BR>
manualstart="net-to-net"<BR>
pluto=yes</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006><BR><FONT
color=#ff00ff>conn
peer-to-peer<BR>
left=10.101.210.219<BR>
right=10.101.210.16<BR>
keyingtries=4<BR>
spi=0x200
<BR>
esp=3des-md5-96
<BR>
espenckey=0x00000000_00000000_00000000_00000000_00000000_00000001<BR>
espauthkey=0x000000_00000000_00000000_00000001</FONT></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial><SPAN class=511111313-02122006><STRONG><U>STEP
5)</U></STRONG></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006>
I have tried to enable manual IPSEC.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006><FONT
color=#ff0000>[root@localhost gganga]#</FONT> <FONT color=#0000ff>ipsec manual
--up peer-to-peer</FONT><BR><STRONG><FONT color=#ff00ff>ipsec manual: fatal
error in "peer-to-peer": </FONT><FONT color=#ff0000>no IPsec-enabled interfaces
found</FONT></STRONG></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006>Please help me
regarding this.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006>Thanks in
Advance,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=511111313-02122006>Gangadharan.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=511111313-02122006> </DIV>
<DIV><BR></DIV></SPAN></FONT><div><p><font size="1">
<a><b>DISCLAIMER:<br>
The contents of this e-mail and any attachment(s) are confidential and intended for the
named recipient(s) only. It shall not attach any liability on the originator or HCL or its
affiliates. Any views or opinions presented in this email are solely those of the author and
may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction,
dissemination, copying, disclosure, modification, distribution and / or publication of this
message without the prior written consent of the author of this e-mail is strictly
prohibited. If you have received this email in error please delete it and notify the sender
immediately. Before opening any mail and attachments please check them for viruses and
defect.
</a>
</font></p></div>
</BODY></HTML>