Nadeem Hasan <nhasan@nadmm.com> writes (back in December 2001):
I am interested to know if anyone here has tried to build a VPN setup using SuSEFirewall2 and FreeS/WAN in tunnel mode (host to subnet). I have been looking to do this but have not been able to find any info about SuSEFirewall2 config changes for this.
I'm in the middle of this with SuSE 7.3 which we installed on two machines, both of which are to run the very latest SuSEfirewall2 from Mark Heuse's page at http://www.suse.de/~marc I'm using SuSE's 2.4.10 kernel (stock, no changes, pentium optimized). I'm using freeswan from the same 7.3 install (which is an rsync Mirror of the 7.3 FTP directory at gatech). Without the firewall enabled, it looks as if freeswan (ipsec) starts correctly. WITH the firewall enabled, here's what we get as an error message: ipsec_setup: Starting FreeS/WAN IPsec 1.91...WARNING: ipsec0 has route filtering turned on, KLIPS may not work ipsec_setup: (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = '1', should be 0) ipsec_setup: WARNING: eth0 has route filtering turned on, KLIPS may not work ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = '1', should be 0) ipsec_setup: This is, frankly, maddening. I need to get this VPN working between two office sites. The first is our office and I'm intending FreeS/WAN to run on the firewall in conjunction with SuSEfirewall2. This machine masquerades to our internal network of 192.168.1.0/24 on the internal leg on eth1. This works fine. The other end is inside of a client's internal network. Through a CISCO PIX firewall, they've locked an external real-ip to the machine's internal IP of 10.100.0.26, and opened up port 22 TCP for me to ssh into the machine from the outside world. This works wonderfully. There is only one ethernet card in here. The goal is to be able to use the machine at the client site to talk to a Microsoft sourcesafe server at an internal address of 10.100.0.17, such that all of us back at our office can directly hit the sourcesafe server at the client's site and develop from there. If I had much hair left, I'd be pulling it out. :-( Configs (with secret keys masked obviously) and configs are available upon request. Has *ANYONE* gotten FreeS/WAN 1.91 to work with SuSE 7.3, Kernel 2.4.10.SuSE and SuSEFirewall2-2.1 ? With much hope that someone has, Argentium
Thanks.
cheers, -- Nadeem Hasan nhasan@nadmm.com http://www.nadmm.com/
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com