I'm trying to get FreeS/WAN working on two old Pentium machines which
are on the same subnet. This is just for testing before I open the
firewall to an FreeS/WAN IPSec server so that I can have a VPN from home
to work :)
The two mahcines have an IP address of 192.168.51 and 192.168.0.52. My
/etc/ipsec.conf looks like this (see end of message). I've tried with
and without the leftsubnet and rightsubnet settings but I can't seem to
get a netmask of 255.255.255.255 in the route tables.
I'm using debian 2.4.18-585tsc kernels and have applied the freeswan
patches from the unstable distrobution (export PATCH_THE_KERNEL=YES and
make-kpkg ...).
After starting ipsec with "/etc/init.d/ipsec restart", I get the
following which seems incorrect. Notice the netmasks are NOT
255.255.255.255!!!
$ ipsec look
ned Fri Apr 12 13:31:32 EST 2002
ipsec0->eth0 mtu=16260(1500)->1500
Destination Gateway Genmask Flags MSS Window irtt
Iface
0.0.0.0 192.168.0.2 0.0.0.0 UG 40 0 0
eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0
eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0
ipsec0
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0
ipsec0
default firewall.ctam.l 0.0.0.0 UG 0 0 0 eth0
$ cat /etc/ipsec.conf
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=all
plutodebug=all
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
#authby=secret
leftrsasigkey=%dns
rightrsasigkey=%dns
# VPN connection
# ned.ctam.com.au <-> homer.ctam.com.au
conn ned-homer
# Left security gateway, subnet behind it, next hop toward right.
left=192.168.0.52
leftsubnet=192.168.0.52/32
# Right security gateway, subnet behind it, next hop toward left.
right=192.168.0.51
rightsubnet=192.168.0.51/32
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
auto=add
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
