Hello List : I'm trying to get FreeS-WAN working --- so far without success.
i have been already tried it 5 days!!!!!! and i had surveyed many many website about freeswan..... but my FreeS-SWAN still NOT Working NOW ........ My question is : 1. FreeS-WAN need use iptables or ipchains to forward ipsec package??? 2. I dont have any FQDN in my FreeS-WAN server!!!! It doesn't matter??? 3. i patched my 2.4.18 kernel for ipsec option !!!! however,i still need to use other kernel option (alike : Networking options ---> <*> IP: tunneling) 4. i "THINK"My ipsec.conf is correct! so that ipsec have been connected between Left-Freeswan and Right-Freeswan server My VPN Environment : ++++HomeVPN Server+++++++++ ++++School VPN Server++++++ + 192.168.10.254 ---- 61.220.72.227+............. +61.228.14.226 ---- 192.168.8.66 + +++++++++++++++++++++++++ ++++++++++++++++++++++++ | | ++++ClientA++++ + +++ClientB++++ +192.168.10.222+ + 192.168.8.200 + ++++++++++++ ++++++++++++ ======================================== Home VPN Server : eth0 => Public IP : 61.220.72.227 eth1 => Private IP : 192.168.10.254 School VPN Server : ppp0 => Public IP : 61.228.14.226 eth1 => Private IP : 192.168.8.99 ClientA : 192.168.10.222 ClientB : 192.168.8.200 My ISP Gateway is 61.220.72.254 in LEFT My school Gateway is 61.231.216.254 in RIGHT ========================================= #####My /etc/ipsec.conf####### config setup interfaces=%defaultroute klipsdebug=none plutodebug=none plutoload=%search plutostart=%search uniqueids=yes conn %default keyingtries=0 disablearrivalcheck=no authby=rsasig conn axahome-vpn2 [EMAIL PROTECTED] leftrsasigkey=0sAQN9shuGWaYnFj.............== left=61.220.72.227 leftsubnet=192.168.10.0/24 leftnexthop=61.220.72.254 [EMAIL PROTECTED] rightrsasigkey=0sAQNzY2gAwdeDde...........== right=61.228.14.226 rightsubnet=192.168.8.0/24 rightnexthop=61.231.216.254 auto=start ====================================== when i type " ipsec whack --status" on Home-VPN-Server and School-VPN-Server ! Result as following : #####Home-VPN-Server###### axanet:/etc# ipsec whack --status 000 interface ipsec0/eth0 61.220.72.227 000 000 algorithm ESP encrypt: id=3, name=ESP_3DES 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1 000 000 "axahome-vpn2": 192.168.10.0/[EMAIL PROTECTED]@vpn2.hinet.dail]===192.168.8.0/24 000 "axahome-vpn2": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "axahome-vpn2": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 "axahome-vpn2": newest ISAKMP SA: #4; newest IPsec SA: #2; eroute owner: #2 000 "axahome-vpn2": ESP algorithms wanted: 3/000-1/000, 3/000-2/000, 000 "axahome-vpn2": ESP algorithms loaded: 3/168-1/128, 3/168-2/160, 000 000 #3: "axahome-vpn2" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_EXPIRE in 273s 000 #2: "axahome-vpn2" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 22369s; newest IPSEC; eroute owner 000 #2: "axahome-vpn2" [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] 000 #4: "axahome-vpn2" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2165s; newest ISAKMP #####School-VPN-Server##### vpn2:~# ipsec whack --status 000 interface ipsec0/ppp0 61.228.14.226 000 000 algorithm ESP encrypt: id=3, name=ESP_3DES 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1 000 000 "axahome-vpn2": 192.168.8.0/[EMAIL PROTECTED]@navigation.idv.tw]===192.168.10.0/24 000 "axahome-vpn2": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "axahome-vpn2": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: ppp0; erouted 000 "axahome-vpn2": newest ISAKMP SA: #6; newest IPsec SA: #4; eroute owner: #4 000 "axahome-vpn2": ESP algorithms wanted: 3/000-1/000, 3/000-2/000, 000 "axahome-vpn2": ESP algorithms loaded: 3/168-1/128, 3/168-2/160, 000 000 #5: "axahome-vpn2" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 56s 000 #4: "axahome-vpn2" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 22424s; newest IPSEC; eroute owner 000 #4: "axahome-vpn2" [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] 000 #6: "axahome-vpn2" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 2584s; newest ISAKMP 000 #2: "axahome-vpn2" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 21866s 000 #2: "axahome-vpn2" [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] =========================================================================== when i type " ipsec look" on Home-VPN-Server and School-VPN-Server ! Result as following : ######Home-VPN-Server###### axanet:/etc# ipsec look axanet Wed Aug 14 01:47:27 CST 2002 192.168.10.0/24 -> 192.168.8.0/24 => [EMAIL PROTECTED] [EMAIL PROTECTED] (0) ipsec0->eth0 mtu=16260(1500)->1500 [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=61.220.72.227 iv_bits=64bits iv=0xefb5347086538fc6 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(15,0,0) [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=61.228.14.226 iv_bits=64bits iv=0xc7afbffa387d075d ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(15,0,0) [EMAIL PROTECTED] IPIP: dir=in src=61.228.14.226 policy=192.168.8.0/24->192.168.10.0/24 flags=0x8<> life(c,s,h)=addtime(15,0,0) [EMAIL PROTECTED] IPIP: dir=out src=61.220.72.227 life(c,s,h)=addtime(15,0,0) Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 61.220.72.254 0.0.0.0 UG 40 0 0 eth0 192.168.8.0 61.220.72.254 255.255.255.0 UG 40 0 0 ipsec0 61.220.72.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0 61.220.72.0 0.0.0.0 255.255.255.0 U 40 0 0 ipsec0 #####School-VPN-Server##### vpn2:/# ipsec look vpn2 Wed Aug 14 01:50:11 CST 2002 192.168.8.0/24 -> 192.168.10.0/24 => [EMAIL PROTECTED] [EMAIL PROTECTED] (0) ipsec0->ppp0 mtu=16260(1492)->1492 [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=61.228.14.226 iv_bits=64bits iv=0x0e71780ff5cba10a ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(15114,0,0) [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=61.220.72.227 iv_bits=64bits iv=0x536166d476f7744c ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(15114,0,0) [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=61.220.72.227 iv_bits=64bits iv=0xf8a89acee79c0767 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(15369,0,0) [EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=61.228.14.226 iv_bits=64bits iv=0xe2aae253f39ac516 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(15369,0,0) [EMAIL PROTECTED] IPIP: dir=in src=61.220.72.227 policy=192.168.10.0/24->192.168.8.0/24 flags=0x8<> life(c,s,h)=addtime(15114,0,0) [EMAIL PROTECTED] IPIP: dir=out src=61.228.14.226 life(c,s,h)=addtime(15114,0,0) [EMAIL PROTECTED] IPIP: dir=in src=61.220.72.227 policy=192.168.10.0/24->192.168.8.0/24 flags=0x8<> life(c,s,h)=addtime(15369,0,0) [EMAIL PROTECTED] IPIP: dir=out src=61.228.14.226 life(c,s,h)=addtime(15369,0,0) Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 61.231.216.254 0.0.0.0 UG 40 0 0 ppp0 192.168.10.0 61.231.216.254 255.255.255.0 UG 40 0 0 ipsec0 61.231.216.254 0.0.0.0 255.255.255.255 UH 40 0 0 ipsec0 61.231.216.254 0.0.0.0 255.255.255.255 UH 40 0 0 ppp0 Everything is smooth ! NOT any error show up when i type "ipsec whack --status" and "ipsec look" BUT!!!!!!BUT when i use SSH connect from 192.168.10.222 to 192.168.8.200!!!!! IT IS NOT WORKING!!!!! I dont know why?! because its not ANY error or warning show up !!!! and its not record any ERROR in /var/log/syslog and /var/log/auth so that , i CAN NOT debug it...... Anyone got ideas as to the nature/solution of this problem? y_y Oooo My God!!!!Please,Please Help me..... -- Trust & Unique ... Axacheng's PGP Public Key http://www.navigation.idv.tw/pgpkey