Hello List :
I'm trying to get FreeS-WAN working --- so far without success.
i have been already tried it 5 days!!!!!! and i had surveyed many many website
about freeswan.....
but my FreeS-SWAN still NOT Working NOW ........
My question is :
1. FreeS-WAN need use iptables or ipchains to forward ipsec package???
2. I dont have any FQDN in my FreeS-WAN server!!!! It doesn't matter???
3. i patched my 2.4.18 kernel for ipsec option !!!! however,i still need to use
other kernel option (alike : Networking options ---> <*> IP: tunneling)
4. i "THINK"My ipsec.conf is correct! so that ipsec have been connected between
Left-Freeswan and Right-Freeswan server
My VPN Environment :
++++HomeVPN Server+++++++++ ++++School VPN Server++++++
+ 192.168.10.254 ---- 61.220.72.227+............. +61.228.14.226 ----
192.168.8.66 +
+++++++++++++++++++++++++ ++++++++++++++++++++++++
| |
++++ClientA++++ + +++ClientB++++
+192.168.10.222+ + 192.168.8.200 +
++++++++++++ ++++++++++++
========================================
Home VPN Server :
eth0 => Public IP : 61.220.72.227
eth1 => Private IP : 192.168.10.254
School VPN Server :
ppp0 => Public IP : 61.228.14.226
eth1 => Private IP : 192.168.8.99
ClientA : 192.168.10.222
ClientB : 192.168.8.200
My ISP Gateway is 61.220.72.254 in LEFT
My school Gateway is 61.231.216.254 in RIGHT
=========================================
#####My /etc/ipsec.conf#######
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
conn axahome-vpn2
[EMAIL PROTECTED]
leftrsasigkey=0sAQN9shuGWaYnFj.............==
left=61.220.72.227
leftsubnet=192.168.10.0/24
leftnexthop=61.220.72.254
[EMAIL PROTECTED]
rightrsasigkey=0sAQNzY2gAwdeDde...........==
right=61.228.14.226
rightsubnet=192.168.8.0/24
rightnexthop=61.231.216.254
auto=start
======================================
when i type " ipsec whack --status" on Home-VPN-Server and School-VPN-Server !
Result as following :
#####Home-VPN-Server######
axanet:/etc# ipsec whack --status
000 interface ipsec0/eth0 61.220.72.227
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1
000
000 "axahome-vpn2": 192.168.10.0/[EMAIL
PROTECTED]@vpn2.hinet.dail]===192.168.8.0/24
000 "axahome-vpn2": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "axahome-vpn2": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0;
erouted
000 "axahome-vpn2": newest ISAKMP SA: #4; newest IPsec SA: #2; eroute owner:
#2
000 "axahome-vpn2": ESP algorithms wanted: 3/000-1/000, 3/000-2/000,
000 "axahome-vpn2": ESP algorithms loaded: 3/168-1/128, 3/168-2/160,
000
000 #3: "axahome-vpn2" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_EXPIRE
in 273s
000 #2: "axahome-vpn2" STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 22369s; newest IPSEC; eroute owner
000 #2: "axahome-vpn2" [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
000 #4: "axahome-vpn2" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE
in 2165s; newest ISAKMP
#####School-VPN-Server#####
vpn2:~# ipsec whack --status
000 interface ipsec0/ppp0 61.228.14.226
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1
000
000 "axahome-vpn2": 192.168.8.0/[EMAIL
PROTECTED]@navigation.idv.tw]===192.168.10.0/24
000 "axahome-vpn2": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "axahome-vpn2": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: ppp0;
erouted
000 "axahome-vpn2": newest ISAKMP SA: #6; newest IPsec SA: #4; eroute owner:
#4
000 "axahome-vpn2": ESP algorithms wanted: 3/000-1/000, 3/000-2/000,
000 "axahome-vpn2": ESP algorithms loaded: 3/168-1/128, 3/168-2/160,
000
000 #5: "axahome-vpn2" STATE_MAIN_R3 (sent MR3, ISAKMP SA established);
EVENT_SA_EXPIRE in 56s
000 #4: "axahome-vpn2" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE
in 22424s; newest IPSEC; eroute owner
000 #4: "axahome-vpn2" [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
000 #6: "axahome-vpn2" STATE_MAIN_R3 (sent MR3, ISAKMP SA established);
EVENT_SA_REPLACE in 2584s; newest ISAKMP
000 #2: "axahome-vpn2" STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 21866s
000 #2: "axahome-vpn2" [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
===========================================================================
when i type " ipsec look" on Home-VPN-Server and School-VPN-Server ! Result as
following :
######Home-VPN-Server######
axanet:/etc# ipsec look
axanet Wed Aug 14 01:47:27 CST 2002
192.168.10.0/24 -> 192.168.8.0/24 => [EMAIL PROTECTED] [EMAIL PROTECTED]
(0)
ipsec0->eth0 mtu=16260(1500)->1500
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=61.220.72.227 iv_bits=64bits
iv=0xefb5347086538fc6 ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(15,0,0)
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=61.228.14.226 iv_bits=64bits
iv=0xc7afbffa387d075d ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(15,0,0)
[EMAIL PROTECTED] IPIP: dir=in src=61.228.14.226
policy=192.168.8.0/24->192.168.10.0/24 flags=0x8<> life(c,s,h)=addtime(15,0,0)
[EMAIL PROTECTED] IPIP: dir=out src=61.220.72.227 life(c,s,h)=addtime(15,0,0)
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 61.220.72.254 0.0.0.0 UG 40 0 0 eth0
192.168.8.0 61.220.72.254 255.255.255.0 UG 40 0 0 ipsec0
61.220.72.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0
61.220.72.0 0.0.0.0 255.255.255.0 U 40 0 0 ipsec0
#####School-VPN-Server#####
vpn2:/# ipsec look
vpn2 Wed Aug 14 01:50:11 CST 2002
192.168.8.0/24 -> 192.168.10.0/24 => [EMAIL PROTECTED] [EMAIL PROTECTED]
(0)
ipsec0->ppp0 mtu=16260(1492)->1492
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=61.228.14.226 iv_bits=64bits
iv=0x0e71780ff5cba10a ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(15114,0,0)
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=61.220.72.227 iv_bits=64bits
iv=0x536166d476f7744c ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(15114,0,0)
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=61.220.72.227 iv_bits=64bits
iv=0xf8a89acee79c0767 ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(15369,0,0)
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=61.228.14.226 iv_bits=64bits
iv=0xe2aae253f39ac516 ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(15369,0,0)
[EMAIL PROTECTED] IPIP: dir=in src=61.220.72.227
policy=192.168.10.0/24->192.168.8.0/24 flags=0x8<>
life(c,s,h)=addtime(15114,0,0)
[EMAIL PROTECTED] IPIP: dir=out src=61.228.14.226 life(c,s,h)=addtime(15114,0,0)
[EMAIL PROTECTED] IPIP: dir=in src=61.220.72.227
policy=192.168.10.0/24->192.168.8.0/24 flags=0x8<>
life(c,s,h)=addtime(15369,0,0)
[EMAIL PROTECTED] IPIP: dir=out src=61.228.14.226 life(c,s,h)=addtime(15369,0,0)
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 61.231.216.254 0.0.0.0 UG 40 0 0 ppp0
192.168.10.0 61.231.216.254 255.255.255.0 UG 40 0 0 ipsec0
61.231.216.254 0.0.0.0 255.255.255.255 UH 40 0 0 ipsec0
61.231.216.254 0.0.0.0 255.255.255.255 UH 40 0 0 ppp0
Everything is smooth ! NOT any error show up when i type "ipsec whack --status"
and "ipsec look"
BUT!!!!!!BUT when i use SSH connect from 192.168.10.222 to 192.168.8.200!!!!!
IT IS NOT WORKING!!!!!
I dont know why?! because its not ANY error or warning show up !!!! and its not
record any ERROR in /var/log/syslog and /var/log/auth
so that , i CAN NOT debug it......
Anyone got ideas as to the nature/solution of this problem? y_y
Oooo My God!!!!Please,Please Help me.....
--
Trust & Unique ...
Axacheng's PGP Public Key http://www.navigation.idv.tw/pgpkey
