IPSEC NETLINK errors

Nathanael Noblet nathanael at gnat.ca
Tue May 11 03:11:05 UTC 2004


Hello,
	I'm a little unsure of where to post this problem, but google turned 
up some results relating to it on this list I figured I might at least 
get a pointer of where to go.

	I am attempting to setup an IPSEC VPN in a net-to-net configuration. 
I've done it with freeswan/openswan and openvpn, so do know a bit about 
the stuff going on. I recently learned that the RH supplied kernels 
contain the 2.6 IPSEC stack backported, and the package ipsec-tools can 
be used to set up these tunnels. I started to learn the setkey to 
manually set one up. As I did that I found out that the 
redhat-config-network contains a tab for IPSEC stuff. Made me happy. 
Unfortunately I can't get it to work. The command ifup ipsec0 returns 
with NETLINK answers: Network is unreachable.
here is my ifcfg-ipsec0 file

# COMP A ifcfg-ipsec0
DSTGW=192.168.0.1
SRCGW=10.0.0.1
DSTNET=192.168.0.0/24
SRCNET=10.0.0.0/24
DST=24.72.x.x
TYPE=IPSEC
ONBOOT=no

		      --------------					                    ---------------
10.0.0.0/24---| COMP A | 24.68.x.x --- internet --- 24.72.x.x | COMP B 
| --- 192.168.0.0/24
		     ---------------							 ---------------

I've tried 2 different configuration setups with the compA's 
ifcfg-ipsec0 file.
this is the other one
# COMP A ifcfg-ipsec0

DSTGW=24.72.x.x
SRCGW=24.68.x.x
DSTNET=192.168.0.0/24
SRCNET=10.0.0.0/24
DST=24.72.x.x
TYPE=IPSEC
ONBOOT=no

my iptables contain on both sides...

iptables -t udp -p udp --dport 500 -j ACCEPT
iptables -p 50 -j ACCEPT
iptables -p 51 -j ACCEPT


So my two questions are:
1) What am I doing wrong?
	1a) How can I get greater debug info if that is what is needed?
2) If here isn't a good place to ask the above question, where do I go?


Thanks for any help you can provide.

-- 
Nathanael D. Noblet
Gnat Solutions
412 - 135 Gorge Road E
Victoria, BC V9A 1L1

T/F 250.385.4613

http://www.gnat.ca/





More information about the fedora-devel-list mailing list