[Openswan Users] really basic peer-to-peer setup

Alan McKay alan.mckay at gmail.com
Sat May 4 16:22:40 UTC 2013 

On Sat, May 4, 2013 at 11:50 AM, Simon Deziel <simon at xelerance.com> wrote:
> You can check the installed policy with "ip xfrm policy"

Sure thing, but it should be defaults.  On Solexa1 I have Ubuntu
server 12.04, and 13.04 on firewall03.   Firewall03 also has shorewall
installed and configured but turned off throughout all of this.  not
sure whether that would have changed defaults.

root at solexa1:~# ip xfrm policy
src 192.168.160.0/24 dst 172.30.0.0/24
	dir out priority 2344
	tmpl src 10.246.159.41 dst 10.242.182.88
		proto esp reqid 16385 mode tunnel
src 172.30.0.0/24 dst 192.168.160.0/24
	dir fwd priority 2344
	tmpl src 10.242.182.88 dst 10.246.159.41
		proto esp reqid 16385 mode tunnel
src 172.30.0.0/24 dst 192.168.160.0/24
	dir in priority 2344
	tmpl src 10.242.182.88 dst 10.246.159.41
		proto esp reqid 16385 mode tunnel
src ::/0 dst ::/0
	socket out priority 0
src ::/0 dst ::/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
root at solexa1:~#

root at firewall03:~# ip xfrm policy
src 172.30.0.0/24 dst 192.168.160.0/24
	dir out priority 2344
	tmpl src 10.242.182.88 dst 10.246.159.41
		proto esp reqid 16385 mode tunnel
src 192.168.160.0/24 dst 172.30.0.0/24
	dir fwd priority 2344
	tmpl src 10.246.159.41 dst 10.242.182.88
		proto esp reqid 16385 mode tunnel
src 192.168.160.0/24 dst 172.30.0.0/24
	dir in priority 2344
	tmpl src 10.246.159.41 dst 10.242.182.88
		proto esp reqid 16385 mode tunnel
src ::/0 dst ::/0
	socket out priority 0
src ::/0 dst ::/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0
root at firewall03:~#


-- 
“Don't eat anything you've ever seen advertised on TV”
         - Michael Pollan, author of "In Defense of Food"

More information about the Users mailing list