[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

IPSEC NETLINK errors



Hello,
I'm a little unsure of where to post this problem, but google turned up some results relating to it on this list I figured I might at least get a pointer of where to go.


I am attempting to setup an IPSEC VPN in a net-to-net configuration. I've done it with freeswan/openswan and openvpn, so do know a bit about the stuff going on. I recently learned that the RH supplied kernels contain the 2.6 IPSEC stack backported, and the package ipsec-tools can be used to set up these tunnels. I started to learn the setkey to manually set one up. As I did that I found out that the redhat-config-network contains a tab for IPSEC stuff. Made me happy. Unfortunately I can't get it to work. The command ifup ipsec0 returns with NETLINK answers: Network is unreachable.
here is my ifcfg-ipsec0 file


# COMP A ifcfg-ipsec0
DSTGW=192.168.0.1
SRCGW=10.0.0.1
DSTNET=192.168.0.0/24
SRCNET=10.0.0.0/24
DST=24.72.x.x
TYPE=IPSEC
ONBOOT=no

-------------- ---------------
10.0.0.0/24---| COMP A | 24.68.x.x --- internet --- 24.72.x.x | COMP B | --- 192.168.0.0/24
--------------- ---------------


I've tried 2 different configuration setups with the compA's ifcfg-ipsec0 file.
this is the other one
# COMP A ifcfg-ipsec0


DSTGW=24.72.x.x
SRCGW=24.68.x.x
DSTNET=192.168.0.0/24
SRCNET=10.0.0.0/24
DST=24.72.x.x
TYPE=IPSEC
ONBOOT=no

my iptables contain on both sides...

iptables -t udp -p udp --dport 500 -j ACCEPT
iptables -p 50 -j ACCEPT
iptables -p 51 -j ACCEPT


So my two questions are: 1) What am I doing wrong? 1a) How can I get greater debug info if that is what is needed? 2) If here isn't a good place to ask the above question, where do I go?


Thanks for any help you can provide.


--
Nathanael D. Noblet
Gnat Solutions
412 - 135 Gorge Road E
Victoria, BC V9A 1L1

T/F 250.385.4613

http://www.gnat.ca/



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]