Hello,
I have a Redhat Linux 2.4.9-31 kernal with FreeSwan
1.96 as a firewall/NAT box to the internet. Eth1 to the adsl, eth0 to the
internal LAN.
I also have a WinMe(192.168.2.2) client running SSH
Sentinal 1.2.3.
I built a VPN connection to the
firewall(192.168.2.1)
When I do a diagnostics/or Rule enable, it
connects and authenticates just fine. I can see the IPSEC packets using Windump
and tcpdump. Both on the ipsec0 and eth0. Both ipsec and SSH claim the tunnel is
built and happy.
Problem being once the VPN says its up. I cannt
ping the firewall, or www.yahoo.com or
anybody else or pass any other form of traffic, SMTP, HTTP etc....
I can run windump, ping from the firewall and see
the packets hit the WinBox but the firewall sees no replies!. When I ping from
the winbox I can see the packets go out and return but the winbox sees no
replies. They both state request timeout. Windows seems to be a black
hole for packets. Once they hit the VPN interface they disappear. I figured it
had to be a pre or post ipsec routing policy in SSH Sentinal, but all the rules
state ALLOW ALL from/to ANY.
I basically want to secure the LAN and still surf
the net.
BTW I have this setup(encrypted point to
firewall) with my Dell laptop running an MA401 wireless card and Linux
7.2/FreeSwan and it works perfectly through the wireless to the firewall through
to the net! So I know it can be done, it's just windowz being
difficult...
My SSH Sentinal VPN Setup. I also tried it as a
Secured Connection, and the authentication fails...weird...
GW host: 192.168.2.1
IP Address 0.0.0.0
SN Mask 0.0.0.0
and all the standard proposal configs: 3des,
mainmode, tunnel, modp 1024.
here is my Freeswan config. (Yes i know the
password is small and stupid, I will change it as soon as I can get this stuff
to work) Left is my winbox, right is my firewall.
# cat /etc/ipsec.secrets
192.168.2.1 192.168.2.2 : PSK "hi" cat /etc/ipsec.conf
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file # basic configuration
config setup interfaces="ipsec0=eth0" klipsdebug=none plutodebug=none plutoload=%search plutostart=%search uniqueids=yes conn %default authby=secret conn
laptop
left=192.168.2.2 right=192.168.2.1 rightsubnet=0.0.0.0/0 auto=add pfs=yes compress=no thanx for the help!
Mark
|