Hey Zoran,
Great news - it works like a dream. Just managed to bring up a tunnel between two SME6.0.1 boxes:
Sep 8 09:06:31 ice ipsec__plutorun: 104 "net.local-net.192.168.10.0" #1: STATE_MAIN_I1: initiate
Sep 8 09:06:31 ice ipsec__plutorun: 106 "net.local-net.192.168.10.0" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Sep 8 09:06:31 ice ipsec__plutorun: 108 "net.local-net.192.168.10.0" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Sep 8 09:06:31 ice ipsec__plutorun: 004 "net.local-net.192.168.10.0" #1: STATE_MAIN_I4: ISAKMP SA established
Sep 8 09:06:31 ice ipsec__plutorun: 112 "net.local-net.192.168.10.0" #2: STATE_QUICK_I1: initiate
Sep 8 09:06:31 ice ipsec__plutorun: 004 "net.local-net.192.168.10.0" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
Sep 8 09:06:31 ice ipsec__plutorun: 112 "gate.local-net.192.168.10.0" #3: STATE_QUICK_I1: initiate
Sep 8 09:06:31 ice ipsec__plutorun: 004 "gate.local-net.192.168.10.0" #3: STATE_QUICK_I2: sent QI2, IPsec SA established
Sep 8 09:06:32 ice ipsec__plutorun: 112 "gate.local-gate.192.168.10.0" #4: STATE_QUICK_I1: initiate
Sep 8 09:06:32 ice ipsec__plutorun: 004 "gate.local-gate.192.168.10.0" #4: STATE_QUICK_I2: sent QI2, IPsec SA established
Sep 8 09:06:32 ice ipsec__plutorun: 112 "net.local-gate.192.168.10.0" #5: STATE_QUICK_I1: initiate
Sep 8 09:06:32 ice ipsec__plutorun: 004 "net.local-gate.192.168.10.0" #5: STATE_QUICK_I2: sent QI2, IPsec SA established
Welcome to SME Server 6.0.1-01
[root@ice root]# ping
192.168.163.1PING 192.168.163.1 (192.168.163.1) from 192.168.163.1 : 56(84) bytes of data.
64 bytes from 192.168.163.1: icmp_seq=1 ttl=64 time=0.132 ms
64 bytes from 192.168.163.1: icmp_seq=2 ttl=64 time=0.125 ms
--- 192.168.163.1 ping statistics ---
2 packets transmitted, 2 received, 0% loss, time 999ms
rtt min/avg/max/mdev = 0.125/0.128/0.132/0.011 ms
[root@ice root]# ping
192.168.163.66PING 192.168.163.66 (192.168.163.66) from 192.168.163.1 : 56(84) bytes of data.
64 bytes from 192.168.163.66: icmp_seq=1 ttl=60 time=4.45 ms
64 bytes from 192.168.163.66: icmp_seq=2 ttl=60 time=2.33 ms
64 bytes from 192.168.163.66: icmp_seq=3 ttl=60 time=2.33 ms
--- 192.168.163.66 ping statistics ---
3 packets transmitted, 3 received, 0% loss, time 2016ms
rtt min/avg/max/mdev = 2.331/3.040/4.457/1.003 ms
[root@ice root]# ping
192.168.10.1PING 192.168.10.1 (192.168.10.1) from 203.213.xxx.xxx : 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=44.4 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=45.7 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=64 time=47.2 ms
--- 192.168.10.1 ping statistics ---
3 packets transmitted, 3 received, 0% loss, time 2021ms
rtt min/avg/max/mdev = 44.419/45.796/47.234/1.163 ms
[root@ice root]# ping
192.168.10.67PING 192.168.10.67 (192.168.10.67) from 203.213.xxx.xxx : 56(84) bytes of data.
64 bytes from 192.168.10.67: icmp_seq=1 ttl=127 time=46.0 ms
64 bytes from 192.168.10.67: icmp_seq=2 ttl=127 time=82.3 ms
64 bytes from 192.168.10.67: icmp_seq=3 ttl=127 time=113 ms
--- 192.168.10.67 ping statistics ---
3 packets transmitted, 3 received, 0% loss, time 2017ms
rtt min/avg/max/mdev = 46.021/80.482/113.098/27.417 ms
Just a couple of gotchas to watch out for. Here is a very rough howto:
Download all three rpm's from
www.comnetel.com/ipsec and put them in a temp directory
Install the freeswan rpm's first:
# rpm -Uvh freeswan*
Now install the dev-info rpm using --nodeps
#rpm -Uvh --nodeps devinfo-freeswan-1.99-8sme56.noarch.rpm
Run the following command:
#/sbin/e-smith/signal-event ipsec-install
Now go into the server-manager and modify the local networks panel and add the info for the remote:
Network address is the remote server's lan IP
Subnet address is the remote server's subnet
Router is the local lan address
Next go into the vitualprivatenetworks panel located at the bottom of the server-manager and "add an ipsec vpn". Most of the stuff in there is self explanatory. After doing this at both sites and providing all the keys are correct you should have your tunnel up and going. I had a problem with the rsa keys and when I tried to bring the tunnel up at the remote it froze me out but I was able to shell in to the remote from a third party and shut down ipsec. Let me know how you go.
Regards Lloyd