[Openswan Users]
Trying to run IPsec over a single service (port 3000) between two
hosts
Shaheen Ali
sali at camiant.com
Wed Nov 17 14:03:30 CET 2004
I have slogged through the documents and studied the open bug reports
and I cannot get IPsec to work over just one service mapped to one TCP
protocol port (TCP/3000).
My config is thus:
Ipsec -version
Linux Openswan U1.0.3/K1.0.7
My OS is RH9.0: uname -a
Linux rh1-1 2.4.27 #4 SMP Nov 16 12:58:25 EST 2004 i686 i686 i386
GNU/Linux
This is machine 192.168.1.1. The other machine configured similarly is
192.168.1.2.
I send a SYN out from 192.168.1.1/any -> 192.168.1.2/tcp:3000 and it
connects just fine. If I send a ping or an ssh request from 192.168.1.1
it does not leave the box. I confirmed this with a tcpdump running on
192.168.1.2.
Any help would be greatly appreciated,
Shaheen Ali
This is /etc/ipsec.conf:
# /etc/ipsec.conf - Openswan IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in Openswan's doc/examples file, in the HTML documentation, and online
# at http://www.openswan.org/docs/
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all"
for lots.
#klipsdebug=all
klipsdebug=none
#plutodebug=all
plutodebug=none
# Use auto= parameters in conn descriptions to control
startup actions.
plutoload=%search
plutostart=%search
# Don't wait for pluto to complete every plutostart before
continuing
plutowait=no
# Close down old connection when new one using same ID shows
up.
uniqueids=yes
# Enable NAT-Traversal
#nat_traversal=yes
# RFC1918 networks
#virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
# Defaults for all connection descriptions
conn %default
keyingtries=0
disablearrivalcheck=no
dpdaction=hold
dpddelay=30
dpdtimeout=120
leftrsasigkey=%dnsondemand
rightrsasigkey=%dnsondemand
authby=rsasig
#type=passthrough
auto=add
conn fed3-2-3919
auto=start
#auth=ah
leftprotoport=6/3000
left=192.168.1.1
rightprotoport=6
right=192.168.1.2
keyexchange=ike
esp=3des-sha1-96
type=transport
disablearrivalcheck=no
ah=hmac-md5
authby=secret
pfs=yes
keyingtries=5
conn rh1-1-3919
#auth=ah
auto=start
leftprotoport=6
left=192.168.1.1
rightprotoport=6/3000
right=192.168.1.2
keyexchange=ike
esp=3des-sha1-96
type=transport
disablearrivalcheck=no
ah=hmac-md5
authby=secret
pfs=yes
keyingtries=5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20041117/2045f57a/attachment.htm
More information about the Users
mailing list