Eric Hidle on 18 Jan 2006 00:45:20 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Fedora Core 4 and IPSEC/OpenSwan


I'm looking for a little assistance with OpenSwan on FC4. I have created a simple static-keyed connection between two machines on the same subnet. Each machine has another network behind it that it is protecting. Basically like this:

10.0.5.0/24:192.168.0.243 <====> 192.168.0.244:10.0.3.0/24

With the following config:

conn securecf
left=192.168.0.243
leftsubnet=10.0.3.0/24
leftid=@lefthost.leftdomain
leftrsasigkey={snip}
leftnexthop=192.168.0.244
right=192.168.0.244
rightrsasigkey={snip}
rightsubnet=10.0.5.0/24
rightid=@righthost.rightdomain
rightnexthop=192.168.0.243
auto=add

after upping the connection, the connection is properly negotiated and both sides show SA Established.

I can then ping 3.1 from 0.243 and also ping 5.1 from 0.244..

BUT, I cannot PROVE that this traffic is going over the IPSEC connection. For some reason, there is no ipsec0 device created (this is alleged to be "normal"), and iptraf shows that the pings look like normal traffic. The routing table just shows a normal gatewayed setup, so it's completely possible that IPSEC is just being ignored.

Does anyone have any clues about FC4 and OpenSwan?
TIA
Eric
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug