From: users-bounces@openswan.org on behalf of Gangadharan G - TLS,Chennai [gangadharang@hcl.in] Sent: Saturday, December 02, 2006 7:38 PM To: users@openswan.org Subject: [Openswan Users] Enabling Manually keyed IPSEC Hi All, I am novice to IPSEC. Please help me by solving my below query. My requirement is to establishing IPSEC between My Tool and the Target device. The keys, that has to used for encryption and authentication, will be negotiated through Application protocol(SIP) before enabling IPSEC in those two machines. i.e., Manually Keyed IPSEC has to established between two machine on some particular port and the two machines are located in same network. ***************************** ******************************** * My Tool * * Target Device * * ( Fedora Core) * <-------------------------------------------->* (Any Operating System) * * * Manually keyed IPSEC * * *10.101.210.219 (some port) * * 10.101.210.16 (some port) * ***************************** ********************************* By surfing the Internet, I came to know that Manual Keying can be done through OpenSWAN. When I tried to enable it, I could not able to do it. I have listed the step that I have done. Please let me know if I have done anything wrong. Operating System : Fedora Core 4 Linux Kernel version : 2.6 [root@localhost gganga]# uname -a Linux localhost.localdomain 2.6.11-1.1369_FC4 #1 Thu Jun 2 22:55:56 EDT 2005 i686 i686 i386 GNU/Linux STEP 1) I have installed openSWAN (rpm -r openswan-2.4.4-1.i386.rpm) STEP 2) I have started the IPSEC service. [root@localhost gganga]# service ipsec start ipsec_setup: Starting Openswan IPsec 2.4.4... ipsec_setup: insmod /lib/modules/2.6.11-1.1369_FC4/kernel/net/key/af_key.ko ipsec_setup: insmod /lib/modules/2.6.11-1.1369_FC4/kernel/net/ipv4/xfrm4_tunnel.ko STEP 3) I have verified IPSEC. [root@localhost gganga]# ipsec verify Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.4.4/K2.6.11-1.1369_FC4 (netkey) Checking for IPsec support in kernel [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Two or more interfaces found, checking IP forwarding [FAILED] Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Checking for 'setkey' command for NETKEY IPsec stack support [OK] Opportunistic Encryption Support [DISABLED] STEP 4) I have added connection peer-to-peer in /etc/ipsec.conf. [root@localhost gganga]# cat /etc/ipsec.conf # /etc/ipsec.conf - Openswan IPsec configuration file # RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $ # This file: /usr/share/doc/openswan/ipsec.conf-sample # # Manual: ipsec.conf.5 version 2.0 # conforms to second version of ipsec.conf specification config setup interfaces="ipsec0=eth0" klipsdebug=all plutodebug=none manualstart="net-to-net" pluto=yes conn peer-to-peer left=10.101.210.219 right=10.101.210.16 keyingtries=4 spi=0x200 esp=3des-md5-96 espenckey=0x00000000_00000000_00000000_00000000_00000000_00000001 espauthkey=0x000000_00000000_00000000_00000001 STEP 5) I have tried to enable manual IPSEC. [root@localhost gganga]# ipsec manual --up peer-to-peer ipsec manual: fatal error in "peer-to-peer": no IPsec-enabled interfaces found Please help me regarding this. Thanks in Advance, Gangadharan. DISCLAIMER: The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect.