[Openswan Users] Configuring openswan on embedded Linux

phil at ctekproducts.com phil at ctekproducts.com
Fri Sep 16 17:14:22 CEST 2005


Hi,

I am trying to test Openswan (1.0.10) on an embedded Linux (2.4.26) platform. I believe that I have successfully built all Openswan kernel and user facilities so my problem is really in configuration. Since my environment has more limited shell capabilities than those required for many of the scripts, I am trying to use the lower level commands to create my configuration.

My test platform functions as a router and it gets a dynamic IP address from the network that it is connected to. On the router's client side, it has a LAN with private addresses so it appears as follows:

192.168.1.0/24 (eth0) <-TEST ROUTER 1-> (ppp0) dynamic IP  

In order to have a controlled test case, I  built another router to act as the other end of my test environment. This device has a network interface with a static public address and has a client side LAN with private addresses so it appears as follows:

192.168.2.0/24 (eth0) <--TEST ROUTER 2--> (eth1)67.12.3.11 

I have connectivity between 67.12.3.11 and the dynamic address of the other router and I have a client device attached to each router so that I can generate traffic.

I have created the following script for TEST ROUTER 1:

ipsec tncfg --attach --virtual ipsec0 --physical ppp0
ipsec whack --name tunnel_1 --host 67.12.3.11 --nexthop %direct --client 192.168.2.0/24 --to --host %any --client 192.168.1.0/24 --encrypt -rsasig
ipsec whack --listen
ipsec whack --route --name tunnel_1
ipsec whack --initiate --name tunnel_1

I have created the following script for TEST ROUTER 2:

ipsec tncfg --attach --virtual ipsec0 --physical eth1
ifconfig ipsec0 67.12.3.11
ipsec whack --name tunnel_1 --host 67.12.3.11 --nexthop %direct --client 192.168.2.0/24 --to --host %any --client 192.168.1.0/24 --encrypt -rsasig
ipsec whack --listen

If someone could tell me what steps am I missing in my configuration I would greatly appreciate it.

Thanks,

Phil Sutter




More information about the Users mailing list