[Openswan Users] Sending traffic to IPsec tunnel
António Fernandes
af465 at netcabo.pt
Wed Sep 30 17:19:53 EDT 2009
Hi again
As i told in previous message, i am trying to establish a L2L ipsec tunnel between a linux firewall and a cisco firewall,
using nated ipsec with pre-shared key. After some study and testing i manage to establish the ipesec link between both
sites. The situation is the following:
a) I have looked with tcpdump to my public interface and the tunnel looks fine with regular keep-alive messages betten
the 2 sites.
b) I try to ping a host on the BLan, but when tcpdump the external interface i still see regular icmp packets with no
tunneling!
My question is: Because that type of configuration doesn't create a thing like an ipsec0 device, how to assure the traffic is
directed to ipsec tunnel?
The configuration is the following:
myLan myFw internet BFw BLan
10.11.0.0/16 ---10.11.0.5/mypublicIP <<<<<<->>>>>> BpublicIP/??.??.??.?? --- 192.168.0.0/24
myFw - openswan 2.6.21 using setkey on mandriva linux kernel 2.6.29.1
BFw - cisco AXA
------------------------------------------------------------
# /etc/openswan/ipsec.conf - Openswan IPsec configuration file
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
OE=off
protostack=netkey
interfaces=%defaultroute
uniqueids=yes
conn ttt
authby= secret
pfs= yes
auto= start
keyexchange=ike
ike=3des-sha1-modp1024
type=tunnel
auth=esp
esp=3des-sha1
compress=no
left=mypublicIP
leftsubnet= 10.11.0.0/16
#leftnexthop= %defaultroute
leftnexthop=BpublicIP
right=BpublicIP
rightsubnet=192.168.0.0/24
rightnexthop=mypublicIP
------------------------------------------------------------
# /etc/openswan/ipsec.secrets
mypublicIP BpublicIP : PSK "sharedkey"
------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090930/c64b744d/attachment-0001.html
More information about the Users
mailing list