[Openswan Users] Solution for no ipsec0 interface on 2.6 kernel?

jarek jarek_z at localhost
Mon Sep 26 12:17:35 CEST 2005


hello,

Am Sonntag, den 25.09.2005, 22:56 -0400 schrieb Paul Waldo:
> Hi all,
> 
> I am running IPCop as a firewall.  The IPCop box runs a 2.4.29 kernel and 
> openswan 1.0.7.  Among other things, it has three main interfaces:

upgrade to 1.4.8 and you will have less trouble... espacielly
dpdaction=restart will help you handle reconnecting wlan-users.

> Internal network - 10.0.0.1/255.255.255.0
> Internet connection - XXX.XXX.XXX.XXX/255.255.254.0
> WiFi Network - 192.168.0.1/255.255.255.0
> 
> I am trying to create a VPN between a client on the WiFi network to allow it 
> to be part of the Internal network.  After quite a bit of hair pulling, I 
> have gotten the encryption portion working: both sides say "ISAKMP SA 
> established" and "IPSec SA established".  Minor victory for me! :-/

there are some docs on the ipcop-page about having ipsec on wifi/blue
interface.

> 
> Unfortunately, I can't even ping any of the 10.0.0.* Internal boxes.  My 
> firewall logs show that it is rejecting packets from the WiFi client to the 
> 10.0.0.* boxes, which is what it does with no VPN.
> 
> After much googling, I have just realized that the ipsec* interfaces aren't 
> supported on a 2.6 kernel.  Ugh!  So it seems that even though I have the 
> tunnel up, the ping packets are being sent over the standard eth interface 
> and (properly) being dropped by the firewall.

your kernel is 2.4.29 or 2.6.x ???

> 
> The only solution google gave me was "use a 2.4 kernel", which is really not 
> an option.  I found vague references to altering iptables rules, but I'm 
> hoping to not have to dive that deeply into it.  Has anyone found a good 
> solution to this problem?  Thanks in advance for any help!

insertung proper rules into /etc/rc.d/rc.firewall.local may really help.

regards
jz

> 
> Paul
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users


More information about the Users mailing list