[Openswan Users] Help with OE and configuration..
Mathieu Durbec
mathieu.durbec at rd.francetelecom.com
Fri Sep 24 20:28:28 CEST 2004
Hello,
I've got some problems to set up OE between two security gateways.
Here's my network
192.168.1.1
192.168.4.1
---------------
---------------
| HOST A |
| HOST B |
---------------
---------------
|
|
|
|
-----------------------
------------------------
| GATEWAY C |---------------------------------------| GATEWAY D |
----------------------- |
------------------------
192.168.0.1 |
192.168.3.1
|
---------------
| DNS |
---------------
Host A & Host B = linux debian
Gateway C & D = redhat 9.0 kernel 2.6.6 openswan 2.4
DNS = DNSSEC freebsd 4.7
All the keys needed are well inserted in the dns (I've test with ipsec
verify --host)
Here's is the config file for the two gateways
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.11 2003/06/13 23:28:41 sam Exp $
version 2.0 # conforms to second version of ipsec.conf
specification
# basic configuration
config setup
forwardcontrol=yes
interfaces=%defaultroute
uniqueids=yes
plutodebug=all
syslog=syslog.debug
conn private
type=tunnel
left=%defaultroute
leftid=%myid
right=%opportunisticgroup
failureshunt=drop
keyingtries=3
ikelifetime=1h
keylife=1h
rekey=no
auto=route
and my /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/freeswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.4.0/24
192.168.5.0/24
And when I try to ping from host A to host B, the flow is not secure, as
if there were no ipsec connection
Any ideas ????
Maybe I miss something ??
thank for your help
Matt
More information about the Users
mailing list