[Openswan Users] NetKey or KLIPS?
Fabio Bombonati Miguel
fabio.miguel at wisetelecom.com.br
Fri Jul 7 16:42:23 CEST 2006
Dear Colleagues,
I have to establish a VPN (Endpoint-to-Endpoint) between Fedora FC5 OpensWAN
2.4.4 NetKey and Cisco PIX.
Basically, my objective is send snmp traps from 192.168.1.55 on my LAN to
10.168.4.59 on Remote LAN.
I can establish VPN connection successfully, but 10.168.4.59 is unreachable
for 192.168.1.55. On 192.168.1.55 route table exist this route
"192.168.4.0/24, gw 192.168.1.43"
I saw on route table that when I establish VPN connection, FC5 adds this
route to table: "10.168.4.0 200.215.178.233 255.255.255.0 UG 0
0 0 eth1"
*** Questions ***
_ What's wrong?
_ Have I use KLIPS to establish routes to Remote Site?
_ How to setup route to Next Hop on Remote Site?
Above is my connection schema:
*** VPN Schema ***
(My LAN)
192.168.0.0/24
| (FC5 Internal NIC)
+----> 192.168.1.43
(FC5 External NIC) (Remote LAN)
200.215.178.234 10.168.4.0/24
| (My Router) (Internet) (Remote PIX) |
+----> 200.215.178.233 .......... 200.220.227.7 <----+
*** ipsec.conf ***
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
interfaces="ipsec0=eth1 ipsec1=eth2"
klipsdebug=all
plutodebug=all
nat_traversal=yes
uniqueids=yes
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%dns
rightrsasigkey=%dns
include /etc/ipsec.d/*.conf
*** dest.conf ***
conn dest
type=tunnel
left=200.215.178.234
leftsubnet=192.168.0.0/24
leftnexthop=200.215.178.233
right=200.220.227.7
rightsubnet=10.168.4.0/24
authby=secret
#esp=3des
ike=3des-sha1-1440
keyexchange=ike
keylife=86400
pfs=yes
auto=add
Thanks guys.
Fabio B. Miguel
IM: fabiomiguel at hotmail.com
More information about the Users
mailing list