> IPSec(1.5) works like a charm on Eiger but I wanted to do thorough > QA on 2.4 with iptables before going to LEAF 2.4 ( Bering ?) > > Netfilter is very different from the 2.2 stack. > > Anyway I loaded freeswan 1.94 and 1.96 on RH7.2(linux 2.7) and > am seeing strange things: > > 1: One scenario is getting a connection to my office from dialup > at home(which was tough) but then don't have a tunnel, can't telnet > to machines behind the router. > But What I observe that is really weird is on the corp. gateway the packets > are hitting the input chain instead of the forward chain. > It seems that would have been proper on 2.2 but not 2.4. > Packets destined thru the box are not supposed to traverse the input chain. > Perhaps that is different with ipsec ???
Umm...which packets? Have you taken a look at the packet flow in the FreeS/WAN Docs? I'm not up on using FreeS/WAN with the 2.4 kernels, but the IPSec traffic will look like it's to/from the local box (because it is) and should hit the input/output chains AFAIK, while the actual VPN traffic (pre/post encryption/decryption) will likely traverse the forward chain, headed to/from the ipsec0 interface. > 2. The other scenario is a Lan Lab. One Eiger with ipsec 1.5, one Red Hat > with ipsec 1.94 on a dedicated lan. > These 2 units create a tunnel for 2 other machines to talk to each other. > They talk allright but not thru ipsec, they are routing around the tunnel. > The eiger machine builds its routing table correctly. > The RH 2.4 with ipsec 1.94 does not correctly add an ipsec route when the > connection > comes up. ??? > I am studying the _updown script to understand this but I was wondering if you > have > seen this phenom ? Hard to say what's wrong without more details. I'd double-check your configuration files, especially the [left|right]subnet specifiers. Crawling through the output of ipsec look and ipsec barf might also present a likely suspect... Charles Steinkuehler [EMAIL PROTECTED] _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user