[Leaf-user] Newbie needs help/enlightenment on ipsec with dachstein CD

Wed, 30 Jan 2002 05:29:46 -0800 

Hi all,
I'm trying to setup a VPN from my home to the network at work. I'm using
DCD on firewalls at both ends, the difference being at the home-end
where I do not have a static IP. After much trying and failing I'm at
the point
Where I can issue an ipsec auto --up Work-Home and get a connection up.
As a side note, I had to manually insert the ipchains command to allow
proto 50/51 through at the home end just before the deny all rule.
Attempts in the network.conf file like EXTERN_PROTO0="50
aaa.bbb.ccc.ddd/24" (and similar for proto 51) does not work (could be
some script problem)). Any thoughts ? Anyway, sitting on the fw at home,
I can ping machines in the internal net behind the fw at work. But; I
cannot ping machines in the internal net at home from the fw at work.
This is probably some routing problem. The internal ip-range at home is
192.168.3.0, at work it is 192.168.1.0.
I tried an : ip route add 192.168.3.0/24 via aaa.bbb.ccc.ddd dev ipsec0
(aaa.bbb.ccc.ddd being the gateway we are using at work (not the address
of the fw)). This does not work. I've included the connection sections
below. Solutions anyone ? (And as detailed as possible, as I'm learning
as I go ;)

Thanx in advance

Kjetil



/etc/ipsec.conf on firewall at work :
-------------------------------------
conn %default
        keyingtries=0
        authby=rsasig
        leftsubnet=192.168.1.0/24
        left=aaa.125.237.178
        leftnexthop=aaa.125.237.177
        [EMAIL PROTECTED]
        leftrsasigkey=0sAQN...
        leftfirewall=yes

conn Intershare-KJN
        [EMAIL PROTECTED]
        right=%any
        rightfirewall=yes
        auto=add
        keyingtries=1
        rightrsasigkey=0sAQ...

/etc/ipsec.conf on firewall at home :
------------------------------------
conn %default
        keyingtries=0
        authby=rsasig
        leftsubnet=192.168.1.0/24
        left=aaa.125.237.178
        leftnexthop=aaa.125.237.177
        [EMAIL PROTECTED]
        leftrsasigkey=0sAQN...
        leftfirewall=yes


conn Intershare-KJN
        [EMAIL PROTECTED]
        right=%defaultroute
        rightfirewall=yes
        auto=add
        keyingtries=1
        rightrsasigkey=0sAQ...

netstat -nr on firewall at work shows a route to the dynamic ip of the
firewall at work through the gateway 
With interface=ipsec0. There is no route to the internal net at home
(192.168.3.0)

netstat -nr on firewall at home  shows a route to the dynamic ip of the
firewall at work through the gateway.
There is a oute to the internal net at work (192.168.1.0) through
ipsec0.


_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to