you can also have a look in: /etc/sysconfig/network-scripts/ifup-ipsec and trace it with: # sh -x /etc/sysconfig/network-scripts/ifup-ipsec [....]
Nathanael Noblet wrote:
Hello,
I'm a little unsure of where to post this problem, but google turned up some results relating to it on this list I figured I might at least get a pointer of where to go.
I am attempting to setup an IPSEC VPN in a net-to-net configuration. I've done it with freeswan/openswan and openvpn, so do know a bit about the stuff going on. I recently learned that the RH supplied kernels contain the 2.6 IPSEC stack backported, and the package ipsec-tools can be used to set up these tunnels. I started to learn the setkey to manually set one up. As I did that I found out that the redhat-config-network contains a tab for IPSEC stuff. Made me happy. Unfortunately I can't get it to work. The command ifup ipsec0 returns with NETLINK answers: Network is unreachable.
here is my ifcfg-ipsec0 file
# COMP A ifcfg-ipsec0 DSTGW=192.168.0.1 SRCGW=10.0.0.1 DSTNET=192.168.0.0/24 SRCNET=10.0.0.0/24 DST=24.72.x.x TYPE=IPSEC ONBOOT=no
-------------- ---------------
10.0.0.0/24---| COMP A | 24.68.x.x --- internet --- 24.72.x.x | COMP B | --- 192.168.0.0/24
--------------- ---------------
I've tried 2 different configuration setups with the compA's ifcfg-ipsec0 file.
this is the other one
# COMP A ifcfg-ipsec0
DSTGW=24.72.x.x SRCGW=24.68.x.x DSTNET=192.168.0.0/24 SRCNET=10.0.0.0/24 DST=24.72.x.x TYPE=IPSEC ONBOOT=no
my iptables contain on both sides...
iptables -t udp -p udp --dport 500 -j ACCEPT iptables -p 50 -j ACCEPT iptables -p 51 -j ACCEPT
So my two questions are: 1) What am I doing wrong? 1a) How can I get greater debug info if that is what is needed? 2) If here isn't a good place to ask the above question, where do I go?
Thanks for any help you can provide.
