Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: IPSEC problem
« previous next »
Pages: [1]   Go Down

IPSEC problem

  • 3 Replies
  • 748 Views

charlie

IPSEC problem
« on: July 25, 2003, 02:04:04 AM »
We are trying to get IPSEC (freeswan) working using the howto floating around and are having a problem.The two sites are connected by DSL with two dsl modems. The wan ports are on the same subnet (64.179.124.192 and .215 with a subnet 255.255.255.0). The lan addresses are 192.168.1.1 and 192.168.0.1 (255.255.255.0).

We get no ipsec traffic between locations and can not ping each other. Anyone have any ideas?
Logged

Adserg

Re: IPSEC problem
« Reply #1 on: July 29, 2003, 02:52:18 PM »
Charlie

I had the same problem some months back.

But you havent mentioned which version of sme you have 4.1.2, 5.1.2, 5.5,5.6?

If it's 5.1.2 do a search for my name ADSERG this will show you the problems i had and what i did to fix it with the help of other users in this forum.

Kindest Regards

Adserg
Logged

Ernesto Lorenz

Re: IPSEC problem
« Reply #2 on: August 08, 2003, 05:11:56 AM »
Adserg,

I 'm having the same problem as Charlie. In my case the servers are V5.6 and both are on the same subnet:
   site1 (200.84.40.230)
   site2 (200.84.42.55)
   Mask (255.255.252.0)
both behind an ADSL bridge-modem.

The rpm's where downloaded from:
http://www.saco-service.de/SME/contrib/devinfo-freeswan-1.99/

I looked at the thread you started regarding this problem and conclude that the problem was  a missing _updown script . The how-to in the above website mentiones nothig about this script.
Can you point me to the how-to you read?

Regards,

Ernesto
Logged

Ernesto Lorenz

Re: IPSEC problem
« Reply #3 on: August 08, 2003, 07:25:28 PM »
I did the following:

[root@sme-server root]# ipsec verify
Checking your system to see if IPsec got installed and started correctly
Version check and ipsec on-path                             [OK]
Checking for KLIPS support in kernel                        [OK]
Checking for RSA private key (/etc/ipsec.secrets)           [OK]
Checking that pluto is running                              [OK]
DNS checks.
Looking for forward key for sme-server                      [FAILED]
Looking for KEY in reverse map: 55.42.84.200.in-addr.arpa   [OK]
Does the machine have at least one non-private address      [OK]

and wonder if the failed [Looking for forward key] might be the cause of the problem we are experiencing.
In my case it's important to find a solution for servers using dynamic DNS as this is the only economically posible solution for the personal or family VPN in Venezuela.
Charlie, a came across this http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/quickstart.html
and think it might help solve the problem. If you get the chance to read through, would you comment on your interpretation of its contents as I am having problems understanding the procedure of including the KEY and TXT in the DNS.
Hope this gets us going.
Regards,
Ernesto
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: IPSEC problem