[Openswan Users]

Paul Wouters paul at xelerance.com
Thu Jan 13 14:35:30 CET 2005


On Thu, 13 Jan 2005, DurgaPrasad Adusumalli wrote:

> I tried to set up a VPN Tunnel between two subnets using IPSEC and
> KAME tools. All the systems on runnong on FC3. Manual keys were used
> on both the gateways.  My network diagram is as below

I don't know anything about manual keying using ipsec-tools, but:

> I could not see any tunneling as there is no when I try to ping from
> one of the left clients to one of the right clients. Can some please
> resolve my problem.

First of all, manual keying should not be done. Use an IKE daemon instead.
Second, NETKEY doesn't have any useful debugging methods, so you will be
forced to run tcpdump on the middle router to see what is going on. You
can feed tcpdump the keys of your IPsec tunnel, so you can also peek inside
your tunnel.

Using automatic keying with openswan, this setup, using automatic keying,
is a piece of cake, and because you would be using automatic keying, would
be a lot safer. (are you going to change your key every once in a while?)

Paul


More information about the Users mailing list