Helo folks, some times ago a friend of my posted here a problem with freeswan what we have. In his first posting he made confound a network address and fixed it in last with petition for help. Is someone know about freeswan problems like this and give us an initial stage for a resulution? Thanks in advance Dirk
Hi folks,
I recognize a problem at my side. You meant "strange routing". Now I see what you mean.
The IP's of the first GW on eth0 must be 192.168.200.1 and the IP on the eth1 of the second GW must be 192.168.100.1. Now I see my fault. The IP's on the boxes where set this way I told to you in the sentence before.
By the way, I have a look at /var/log/messages and saw the message IPSec SA established and tcpdump tells me that there are UDP:500-->500 packets are going through the router (ip-proto-50).
I have an established IPSec-tunnel between 2 boxes.
I'm using SuSE7.1 Kern 2.4.7 and FreeS/WAN 1.91. The FreeS/WAN tells me that the tunnel is established (last message in /var/log/messages).
My configuration is the following:
1st client-----1st-FreeS/WAN-gateway----ROUTER----2nd-FreeS/WAN-gateway------2nd-client
eth0--------------eth0------eth1----eth1-eth0----eth0--------eth1------eth0
Virtuelles Internet between eth1 and eth0 ROUTER
Every box is a linux box!
The 1st client has the following config: RedHat7.1, IP: 192.168.200.2 The 1st FreeS/WAN-gateway config is: SuSE 7.1, kernel 2.4.7, eth0: 192.168.100.1, eth1: 172.16.100.1, IP-forwarding without masquerading The Router has the following config: SuSE7.1, kernel 2.4.7, eth1: 172.16.100.2, eth0 10.16.100.2, IP-forwarding without masquerading The 2nd FreeS/WAN-gateway config is: SuSE7.1, kernel 2.4.7, eth0: 10.16.100.1, eth1: 192.168.200.1, IP-forwarding without masquerading The 2nd client has the following config: Windows2000, eth (seems to be a littlebit stupid): 192.168.100.2
Every netmask is 255.255.255.0;
If i start ipsec via, ipsec start at the shell, no error (exept the IPv6-bind error) occured. Before starting IPSec the routes, the the clients can pinging each other are set by hand. FreeS/WAN sets the routes to the ipsec0 interface.
After starting you cannot ping anymore from the 1st client to the 2nd client ans the other way around. Does anybody know a solution for this problem???
THX -- Dirk Ertl networktechnican fon : +49 179/492 63 59 mailto : dirk@ertl-bln.de