I'm using Lynn Avants' Dachstein v1.0.2 with IPSEC from http://lrp.steinkuehler.net/contrib_disk_images.htm.
I want to configure a subnet-to-subnet ipsec tunnel where both subnets
are linked through a wireless bridge. The diagram below shows what I'm
trying to accomplish:
+-------+ +--------+ +--------+ +-------+
| Net 0 |<-->| LEAF 0 |<-(*)->| LEAF 1 |<-->| Net 1 |
+-------+ +--------+ +--------+ +-------+
(*) Wireless bridge - it's transparent. Both wireless bridges have IPs
that I use for testing the connection (192.168.250.254 and
192.168.250.127).
Net 0 - 192.168.2.0/24
LEAF 0 - 192.168.2.250(internal) 192.168.250.1(external)
LEAF 1 - 192.168.250.128(external) 192.168.23.254(Internal)
Net 1 - 192.168.23.0/24
The problems I'm seeing:
1) the routing tables in both LEAF routers have 2 entries for
192.168.250.0/24, one through eth0 (the ethernet card) and one through
the tunnel (ipsec0). According to my experience I only want an entry
through eth0, correct ?
2) I get Pluto messages like:
ERROR: "leaf-ipsec" #1: sendto() on eth0 to 192.168.250.128:500 failed
in EVENT_RETRANSMIT. Errno 1: Operation not permitted.
From other messages I gather this is an ipchains issue. I can get both
hosts to "ping" by flushing all chains and changing the default policies
to ACCEPT, but I wanted to know how to correct this.
3) I'm a complete newbie at IPSEC. Anyone knows how I can check if a
tunnel is "up" ?
Any help will be appreciated,
--
Jo�o Miguel Neves
signature.asc
Description: This is a digitally signed message part
