[Openswan Users] Solution for no ipsec0 interface on 2.6 kernel?

Paul Waldo pwaldo at waldoware.com
Sun Sep 25 23:56:21 CEST 2005


Hi all,

I am running IPCop as a firewall.  The IPCop box runs a 2.4.29 kernel and 
openswan 1.0.7.  Among other things, it has three main interfaces:
Internal network - 10.0.0.1/255.255.255.0
Internet connection - XXX.XXX.XXX.XXX/255.255.254.0
WiFi Network - 192.168.0.1/255.255.255.0

I am trying to create a VPN between a client on the WiFi network to allow it 
to be part of the Internal network.  After quite a bit of hair pulling, I 
have gotten the encryption portion working: both sides say "ISAKMP SA 
established" and "IPSec SA established".  Minor victory for me! :-/

Unfortunately, I can't even ping any of the 10.0.0.* Internal boxes.  My 
firewall logs show that it is rejecting packets from the WiFi client to the 
10.0.0.* boxes, which is what it does with no VPN.

After much googling, I have just realized that the ipsec* interfaces aren't 
supported on a 2.6 kernel.  Ugh!  So it seems that even though I have the 
tunnel up, the ping packets are being sent over the standard eth interface 
and (properly) being dropped by the firewall.

The only solution google gave me was "use a 2.4 kernel", which is really not 
an option.  I found vague references to altering iptables rules, but I'm 
hoping to not have to dive that deeply into it.  Has anyone found a good 
solution to this problem?  Thanks in advance for any help!

Paul


More information about the Users mailing list