Ipsec and kernel 2.6.8

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all :-)

I have a problem with my current configuration of ipsec. I'm using ipsec with
kernel 2.6 and racoon. I have two computers linked by wireless cards. The first
(192.168.1.1 Zeus) is connected to internet through a DSL modem and the second
(192.168.1.2 Memphis) is accessing internet through the first. I want with
ipsec to encrypt all datas between the two computers.
I can exchange data between the two computers and Memphis can access the
internet but when I tried to download a big file, it didn't work although it
worked fine on Zeus. I've tried to change the MTU to 1300 but it changed
nothing.
I have another problem, when I exchanged data between Memphis and internet, the
ip header is not protected by AH , I can see the destination adress with
tcpdump!

Can somebody help me? Thanks in advance!
Here is my configuration file for Zeus (it's nearly the same for Memphis)

Setkey :

#!/user/sbin/setkey -f
flush;
spdflush;

spdadd 192.168.1.2/32 0.0.0.0/0 any -P out ipsec
esp/tunnel/192.168.1.2-192.168.1.1/require
ah/tunnel/192.168.1.2-192.168.1.1/require;
spdadd 0.0.0.0/0 192.168.1.2/32 any -P in ipsec
esp/tunnel/192.168.1.1-192.168.1.2/require
ah/tunnel/192.168.1.1-192.168.1.2/require;

Racoon.conf

remote 192.168.1.1
{
exchange_mode main;
my_identifier asn1dn;
peers_identifier asn1dn;

certificate_type x509 "Memphis.public" "Memphis.private";
peers_certfile "Zeus.public";
proposal{
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method rsasig;
dh_group modp1024; #I don't understand this option


}

}

sainfo anonymous
{
pfs_group modp1024; #I don't understand this option
lifetime time 2 min;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux