[Openswan Users] OpenSWAN, Netkey

Goffe, Don Donald.Goffe at GTECH.COM
Thu Oct 8 15:31:12 EDT 2009


I have been able to get my tunnel connected to a Cisco 3000
concentrator. The kernel is 2.6.4.24 and OS is 2.6.23dr3 using a x86_64
dual core platform.  PC address is 150.24.31.22 concentrator is
10.10.1.11 data center target is 10.3.15.60.

I'm having an address issue where I'm forced to use static addressing to
get this to work. I have to configure the Cisco ACS server to assign the
same static address that the PC originally connects with. If I try to
assign a different address for the tunnel like we do for KLIPs the
concentrator tries to use 255.255.255.255 or a 150.24.31.0 (network) as
the assigned IP address. I assume the difference between KLIPS and
Netkey is that KLIPS creates a separate tunnel interface that requires a
new IP where NETKEY is more of a split tunnel approach using the same
NIC device. 

With Netkey the tunnel is created but these .255 and .0 addresses are
not routable in the data center. This design won't work for the
thousands of terminals that are planned to connect using dynamic
addressing. Agentx must always sign in using the same static IP address
that's assigned to him in the ACS. Not a very good design.

So........
Has anyone been able to use NETKEY to obtain or sync up with a terminal
that uses dynamic addressing and is also using the XAUTH protocol for
the username/password and group authorization?    
CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.



More information about the Users mailing list