Here is my ipsec.conf and ipsec auto --status.
Do you want to see all the configs I changed from shorewall?
Doug
####################
my ipsec.conf file:
>>>>>>>>
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations
can be found
# in FreeS/WAN's doc/examples file, and in the HTML
documentation.
# basic configuration
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=all
plutoload=%search
plutostart=%search
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
keyingtries=0
#added for sshSENT
disablearrivalcheck=no
keyexchange=ike
ikelifetime=240m
keylife=60m
compress=no
authby=secret
pfs=yes
auto=add
#win2k vpn
conn roadwarrior-net
leftsubnet=172.16.0.0/16
also=roadwarrior
conn roadwarrior
right=%any
left=12.144.99.39
leftnexthop=12.144.99.33
auto=add
pfs=yes
##########################
Here is the "ipsec auto --status"
>>>>>>
000 interface ipsec0/eth0 12.144.99.39
000
000 "roadwarrior-net"[1]:
172.16.0.0/16===12.144.99.39---12.144.99.33...32.103.170.99
000 "roadwarrior-net"[1]: ike_life: 14400s;
ipsec_life: 3600s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "roadwarrior-net"[1]: policy:
PSK+ENCRYPT+TUNNEL+PFS; interface: eth0;
erouted
000 "roadwarrior-net"[1]: newest ISAKMP SA: #1;
newest IPsec SA: #2;
eroute owner: #2
000 "roadwarrior": 12.144.99.39---12.144.99.33...%any
000 "roadwarrior": ike_life: 14400s; ipsec_life:
3600s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 0
000 "roadwarrior": policy: PSK+ENCRYPT+TUNNEL+PFS;
interface: eth0;
unrouted
000 "roadwarrior": newest ISAKMP SA: #0; newest
IPsec
SA: #0; eroute
owner: #0
000 "roadwarrior-net":
172.16.0.0/16===12.144.99.39---12.144.99.33...%any
000 "roadwarrior-net": ike_life: 14400s; ipsec_life:
3600s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 0
000 "roadwarrior-net": policy:
PSK+ENCRYPT+TUNNEL+PFS; interface: eth0;
unrouted
000 "roadwarrior-net": newest ISAKMP SA: #0; newest
IPsec SA: #0; eroute
owner: #0
000
000 #2: "roadwarrior-net"[1] 32.103.170.99
STATE_QUICK_R2 (IPsec SA
established); EVENT_SA_REPLACE in 2843s; newest IPSEC;
eroute owner
000 #2: "roadwarrior-net"[1] 32.103.170.99
[EMAIL PROTECTED]
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED]
000 #1: "roadwarrior-net"[1] 32.103.170.99
STATE_MAIN_R3 (sent MR3, ISAKMP
SA established); EVENT_SA_REPLACE in 13642s; newest
ISAKMP
000
####################
-----Original Message-----
From: guitarlynn [mailto:guitarlynn@;cox.net]
Sent: Tuesday, October 29, 2002 11:36 PM
To: Simpson, Doug
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] (no subject)
On Tuesday 22 October 2002 22:36, Simpson, Doug wrote:
> I believe it is the firewall or a routing issue. Pardon my ignorance
> but I do not know where to look next or what to test or disable.
> Has anyone done this successfully? Bering (LRP) and FreeSwan and
> SSHSentinel.
> THank you for your time
Yep, many people are running this setup without problems. We'll need
some configuration information for Ipsec and Shorewall to have any
clue to what might be wrong.
--
~Lynn Avants
aka Guitarlynn
guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net
If linux isn't the answer, you've probably got the wrong question!
-------------------------------------------------------
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
