Thanks for the reply Paul - RedHat are still mulling over those bugs,
but I've managed to get around them and get a setup that generates some
decent config scripts. I'm now just getting a Networ is Unreachable
message when I try to bring the interface up.
The network setup is like this:
172.18.a.b -| RHEL Box |- 62.189.c.d -----INTERNET----- 194.73.e.f -|
Cisco Router |- 145.224.g.h
and my ipsec interface setup currently looks like this:
TYPE=IPSEC
ONBOOT=yes
IKE_METHOD="PSK"
SRC=172.18.a.b
DST=145.224.g.h
DSTGW=194.73.e.f
SRCGW=62.189.c.d
SRCNET=172.18.x.x/24
DSTNET=145.224.0.0/16
I've also tried including an intermediate router as the SRCGW, to no effect.
If anyone can see anything obviously wrong with the above config that
I'm just staring at and not seeing, that would be really helpful......
otherwise I'll start again with openswan, for my sins......
cheers
Matt
on 04/08/2004 21:18 Paul Wouters said the following:
On Tue, 3 Aug 2004, Matthew Claridge wrote:
I'm trying to set up a LAN-2-LAN vpn from a RHEL 3 box to a Cisco
router. This ought to work fine.....
[racoon and redhat scripts]
remote 194.73.118.113
{
exchange_mode aggressive, main;
which is obviously wrong as there's no closing brace in either file!
so my question is: is this thing so full of bugs that I should simply
give up and go home, or am I missing something fundamental and being
really stupid in the process???
Either use bleeding edge initscripts from fedora, or manually configure
racoon without the initscripts, or install openswan instead of racoon
as the IKE daemon.
This bug was in the racoon scripts months ago when I looked at it too, so
I get the idea not many people are using those initscripts a lot with ipsec
support.
Paul
--
*Matthew Claridge*
Product Support Engineer
RWA Limited
Direct line: 02920 815 054
Email: mclaridge@xxxxxxxxxxxxx
Web: www.rwa-net.co.uk
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list