Thanks for the reply Paul - RedHat are still mulling over those bugs, but I've managed to get around them and get a setup that generates some decent config scripts. I'm now just getting a Networ is Unreachable message when I try to bring the interface up.
The network setup is like this:
172.18.a.b -| RHEL Box |- 62.189.c.d -----INTERNET----- 194.73.e.f -| Cisco Router |- 145.224.g.h
and my ipsec interface setup currently looks like this:
TYPE=IPSEC ONBOOT=yes IKE_METHOD="PSK" SRC=172.18.a.b DST=145.224.g.h DSTGW=194.73.e.f SRCGW=62.189.c.d SRCNET=172.18.x.x/24 DSTNET=145.224.0.0/16
I've also tried including an intermediate router as the SRCGW, to no effect.
If anyone can see anything obviously wrong with the above config that I'm just staring at and not seeing, that would be really helpful......
otherwise I'll start again with openswan, for my sins......
cheers Matt
on 04/08/2004 21:18 Paul Wouters said the following:
On Tue, 3 Aug 2004, Matthew Claridge wrote:
I'm trying to set up a LAN-2-LAN vpn from a RHEL 3 box to a Cisco router. This ought to work fine.....
[racoon and redhat scripts]
remote 194.73.118.113 { exchange_mode aggressive, main;
which is obviously wrong as there's no closing brace in either file!
so my question is: is this thing so full of bugs that I should simply give up and go home, or am I missing something fundamental and being really stupid in the process???
Either use bleeding edge initscripts from fedora, or manually configure racoon without the initscripts, or install openswan instead of racoon
as the IKE daemon.
This bug was in the racoon scripts months ago when I looked at it too, so I get the idea not many people are using those initscripts a lot with ipsec support.
Paul
-- *Matthew Claridge* Product Support Engineer RWA Limited Direct line: 02920 815 054 Email: mclaridge@xxxxxxxxxxxxx Web: www.rwa-net.co.uk
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
