Re: [suse-security] FreeS/WAN tunnel established, no data transferred
Hi, first this should be a testnetwork, where i can test FreeS/WAN before using it in a productive system. second the routing was needed, because the tunnel do not establish if there are no routeable IPs. the pinging from the first to the second client and the otherway aroud works without starting FreeS/WAN. MfG. Stefan Walther stefan_walther@gehag-dsk.de dienst.: +4930/89786448 Funk: +49172/3943961 Hi,
hi folks,
[...]
My configuration is the following:
1st client------1st FreeS/WAN-gateway-----ROUTER-----2nd FreeS/WAN-gateway-------2nd client
eth0---eth0---------------------------eth1---eth1------eth0--eth0-----------------------------eth1----eth0
!Every box is a linux box!
The 1st client has the following config: RedHat7.1, IP: 192.168.200.2 The 1st FreeS/WAN-gateway config is: SuSE 7.1, kernel 2.4.7, eth0: 192.168.100.1, eth1: 172.16.100.1, IP-forwarding without masquerading The Router has the following config: SuSE7.1, kernel 2.4.7, eth1: 172.16.100.2, eth0 10.16.100.2, IP-forwarding without masquerading The 2nd FreeS/WAN-gateway config is: SuSE7.1, kernel 2.4.7, eth0: 10.16.100.1, eth1: 192.168.200.1, IP-forwarding without masquerading The 2nd client has the following config: Windows2000, eth (seems to be a
littlebit stupid): 192.168.100.2
Every netmask is 255.255.255.0;
and you have trafic between 1st client and 2nd client without ipsec-tunnel? I can't believe it. 1st client and 1 FreeS/WAN gate are not in the same net and so aren't 2nd FreeS/WAN-gate and 2nd client. You'll have a very odd routing table. What is the goal of setting up ipsec? I can't see an unauthorized listener on your setup, execpt he/she has access to your FreeS/WAN-gates or the client. In sutch case ipsec will be be no security improvement. Yours Thom -- ------------------------------------------------------------------- bye bye (c) by Thom | Thorsten Marquardt | EMail: THOM@kaupp.chemie.uni-oldenburg.de | Member of the pzt project. | http://kaupp.chemie.uni-oldenburg.de/pzt -------------------------------------------------------------------
participants (1)
-
Stefan_Walther@gehag-dsk.de