IPSec with FreeSWan as the server and SSH Sentinel 1.31 as the windows
client
Here is a working config for road warrior:
1.) I used PSK (or Pre-Shared Secret)
2.) Suse Linux 8.0 PRo
This is my LAB IPSec setup:
Windows 2000 Pro
Ip address 192.168.0.50 or private address , I have SSH Sentinel loaded on
my Win2K
Linux Box (Suse) Freeswan 1.96 complied (two nic)
Ip address 192.168.0.45 255.255.255.0 eth0
Ip address 10.1.1.1 255.255.255.0 eth1 (10.1.1.0/255.255.255.0)
Windows 98se Computer sitting on the eth1 segment
ip address 10.1.1.2 255.255.255.0
Gateway 10.1.1.1
----------------------------------------------------------------
I had to setup routing on my Linux box, I used this
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -j ACCEPT
-------------------------------------------------------
Firewall out on my eth0 or my so called WAN interface...is also works
iptables -I INPUT -i eth0 -p udp --sport 67 --dport 68 -j ACCEPT
iptables -I INPUT -i eth0 -p tcp --sport 1024: --dport 1723 -j ACCEPT
iptables -I INPUT -i eth0 -p udp --sport 500 --dport 500 -j ACCEPT
iptables -I INPUT -i eth0 -p udp --dport 5050 -j ACCEPT
iptables -I INPUT -i eth0 -p esp -j ACCEPT
iptables -I INPUT -i eth0 -p ah -j ACCEPT
iptables -I INPUT -i eth0 -p 47 -j ACCEPT
iptables -P INPUT DROP
----------------------------------------------------------------------------
---
I was now able to ping from 10.1.1.2 to 192.168.0.50 when I brought up the
tunnel.
Here is my IPSec config
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=1
authby=secret
conn tunnel-one
type=tunnel
left=192.168.0.45 ( my eth0 interface)
leftnexthop=
leftsubnet=10.1.1.0/255.255.255.0 (this is my eth1 segment)
right= %any (this is my windows 2000 pro box, with SSH
Sentinel)
keyexchange =ike
ikelifetime= 240m
pfs = yes
keylife = 1h
#rightsubnet = /255.255.255.0
rightnexthop =
compress = no
auto = add
------------------------------------------
Here is my ipsec.secrets config
192.168.0.45 %any: PSK "junk"
-------------------------------------------
Here is a map of my network
Win2KPro -----------> Linux (Ipsec)
192.168.0.50 192.168.0.45 eth0 (left)
road warrior 10.1.1.1 eth1
(right) (10.1.1.0) (leftsubnet) ------> window98se
(10.1.1.2) gateway 10.1.1.1
192.168.0.50 could be a DHCP or a private address , I just use that address
in my lab.
I used a ethernet crossover cable between my W2K pro and my Linux box.
Remember that you must use
the same pre-shared key "junk" when you configure SSH Sentinel. There is a
section at the SSH Sentinel
site that shows you how configure SSH Sentinel.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
