[Openswan Users] Re: Problems setting up IPSec on RHEL 3

Matthew Claridge mclaridge at rwa-net.co.uk
Thu Aug 5 13:52:54 CEST 2004


Thanks for the reply Paul - RedHat are still mulling over those bugs, 
but I've managed to get around them and get a setup that generates some 
decent config scripts. I'm now just getting a Networ is Unreachable 
message when I try to bring the interface up.

The network setup is like this:

172.18.a.b -| RHEL Box |- 62.189.c.d -----INTERNET----- 194.73.e.f -| 
Cisco Router |- 145.224.g.h

and my ipsec interface setup currently looks like this:

TYPE=IPSEC
ONBOOT=yes
IKE_METHOD="PSK"
SRC=172.18.a.b
DST=145.224.g.h
DSTGW=194.73.e.f
SRCGW=62.189.c.d
SRCNET=172.18.x.x/24
DSTNET=145.224.0.0/16

I've also tried including an intermediate router as the SRCGW, to no effect.

If anyone can see anything obviously wrong with the above config that 
I'm just staring at and not seeing, that would be really helpful......

otherwise I'll start again with openswan, for my sins......

cheers
Matt

on 04/08/2004 21:18 Paul Wouters said the following:

>On Tue, 3 Aug 2004, Matthew Claridge wrote:
>
>  
>
>>I'm trying to set up a LAN-2-LAN vpn from a RHEL 3 box to a Cisco 
>>router. This ought to work fine.....
>>    
>>
>
>[racoon and redhat scripts]
> 
>  
>
>>remote 194.73.118.113
>>{
>>        exchange_mode aggressive, main;
>>
>>
>>which is obviously wrong as there's no closing brace in either file!
>>    
>>
>
>  
>
>>so my question is: is this thing so full of bugs that I should simply 
>>give up and go home, or am I missing something fundamental and being 
>>really stupid in the process???
>>    
>>
>
>Either use bleeding edge initscripts from fedora, or manually configure 
>racoon without the initscripts, or install openswan instead of racoon
>as the IKE daemon.
>
>This bug was in the racoon scripts months ago when I looked at it too, so
>I get the idea not many people are using those initscripts a lot with ipsec
>support.
>
>Paul
>  
>

-- 
*Matthew Claridge*
Product Support Engineer
RWA Limited
Direct line: 02920 815 054
Email: mclaridge at rwa-net.co.uk
Web: www.rwa-net.co.uk


More information about the Users mailing list