[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SSH Sentinal to FreeSwan1.96 Help

Hello,
 
I have a Redhat Linux 2.4.9-31 kernal with FreeSwan 1.96 as a firewall/NAT box to the internet. Eth1 to the adsl, eth0 to the internal LAN.
I also have a WinMe(192.168.2.2) client running SSH Sentinal 1.2.3.
I built a VPN connection to the firewall(192.168.2.1)
When I do a diagnostics/or Rule enable, it connects and authenticates just fine. I can see the IPSEC packets using Windump and tcpdump. Both on the ipsec0 and eth0. Both ipsec and SSH claim the tunnel is built and happy.
 
Problem being once the VPN says its up. I cannt ping the firewall, or www.yahoo.com or anybody else or pass any other form of traffic, SMTP, HTTP etc....
I can run windump, ping from the firewall and see the packets hit the WinBox but the firewall sees no replies!. When I ping from the winbox I can see the packets go out and return but the winbox sees no replies. They both state request timeout. Windows seems to be a black hole for packets. Once they hit the VPN interface they disappear. I figured it had to be a pre or post ipsec routing policy in SSH Sentinal, but all the rules state ALLOW ALL from/to ANY.
I basically want to secure the LAN and still surf the net.
 
BTW I have this setup(encrypted point to firewall) with my Dell laptop running an MA401 wireless card and Linux 7.2/FreeSwan and it works perfectly through the wireless to the firewall through to the net! So I know it can be done, it's just windowz being difficult...
 
 
My SSH Sentinal VPN Setup. I also tried it as a Secured Connection, and the authentication fails...weird...
GW host: 192.168.2.1
IP Address 0.0.0.0
SN Mask 0.0.0.0
 
and all the standard proposal configs: 3des, mainmode, tunnel, modp 1024.
 
here is my Freeswan config. (Yes i know the password is small and stupid, I will change it as soon as I can get this stuff to work)  Left is my winbox, right is my firewall.
 
# cat /etc/ipsec.secrets
192.168.2.1 192.168.2.2 : PSK "hi"
cat /etc/ipsec.conf
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
 
# basic configuration
config setup
        interfaces="ipsec0=eth0"
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn %default
        authby=secret
 
conn laptop
        left=192.168.2.2
        right=192.168.2.1
        rightsubnet=0.0.0.0/0
        auto=add
        pfs=yes
        compress=no
 
 
thanx for the help!
Mark