Re: Problems setting up IPSec on RHEL 3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the reply Paul - RedHat are still mulling over those bugs,
but I've managed to get around them and get a setup that generates some
decent config scripts. I'm now just getting a Networ is Unreachable
message when I try to bring the interface up.

The network setup is like this:

172.18.a.b -| RHEL Box |- 62.189.c.d -----INTERNET----- 194.73.e.f -|
Cisco Router |- 145.224.g.h

and my ipsec interface setup currently looks like this:

TYPE=IPSEC
ONBOOT=yes
IKE_METHOD="PSK"
SRC=172.18.a.b
DST=145.224.g.h
DSTGW=194.73.e.f
SRCGW=62.189.c.d
SRCNET=172.18.x.x/24
DSTNET=145.224.0.0/16

I've also tried including an intermediate router as the SRCGW, to no effect.

If anyone can see anything obviously wrong with the above config that
I'm just staring at and not seeing, that would be really helpful......

otherwise I'll start again with openswan, for my sins......

cheers
Matt

on 04/08/2004 21:18 Paul Wouters said the following:

On Tue, 3 Aug 2004, Matthew Claridge wrote:



I'm trying to set up a LAN-2-LAN vpn from a RHEL 3 box to a Cisco router. This ought to work fine.....



[racoon and redhat scripts]



remote 194.73.118.113
{
       exchange_mode aggressive, main;


which is obviously wrong as there's no closing brace in either file!





so my question is: is this thing so full of bugs that I should simply give up and go home, or am I missing something fundamental and being really stupid in the process???



Either use bleeding edge initscripts from fedora, or manually configure racoon without the initscripts, or install openswan instead of racoon
as the IKE daemon.


This bug was in the racoon scripts months ago when I looked at it too, so
I get the idea not many people are using those initscripts a lot with ipsec
support.

Paul



-- *Matthew Claridge* Product Support Engineer RWA Limited Direct line: 02920 815 054 Email: mclaridge@xxxxxxxxxxxxx Web: www.rwa-net.co.uk


-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux