IPSEC NETLINK errors
Nathanael Noblet
nathanael at gnat.ca
Tue May 11 03:11:05 UTC 2004
Hello,
I'm a little unsure of where to post this problem, but google turned
up some results relating to it on this list I figured I might at least
get a pointer of where to go.
I am attempting to setup an IPSEC VPN in a net-to-net configuration.
I've done it with freeswan/openswan and openvpn, so do know a bit about
the stuff going on. I recently learned that the RH supplied kernels
contain the 2.6 IPSEC stack backported, and the package ipsec-tools can
be used to set up these tunnels. I started to learn the setkey to
manually set one up. As I did that I found out that the
redhat-config-network contains a tab for IPSEC stuff. Made me happy.
Unfortunately I can't get it to work. The command ifup ipsec0 returns
with NETLINK answers: Network is unreachable.
here is my ifcfg-ipsec0 file
# COMP A ifcfg-ipsec0
DSTGW=192.168.0.1
SRCGW=10.0.0.1
DSTNET=192.168.0.0/24
SRCNET=10.0.0.0/24
DST=24.72.x.x
TYPE=IPSEC
ONBOOT=no
-------------- ---------------
10.0.0.0/24---| COMP A | 24.68.x.x --- internet --- 24.72.x.x | COMP B
| --- 192.168.0.0/24
--------------- ---------------
I've tried 2 different configuration setups with the compA's
ifcfg-ipsec0 file.
this is the other one
# COMP A ifcfg-ipsec0
DSTGW=24.72.x.x
SRCGW=24.68.x.x
DSTNET=192.168.0.0/24
SRCNET=10.0.0.0/24
DST=24.72.x.x
TYPE=IPSEC
ONBOOT=no
my iptables contain on both sides...
iptables -t udp -p udp --dport 500 -j ACCEPT
iptables -p 50 -j ACCEPT
iptables -p 51 -j ACCEPT
So my two questions are:
1) What am I doing wrong?
1a) How can I get greater debug info if that is what is needed?
2) If here isn't a good place to ask the above question, where do I go?
Thanks for any help you can provide.
--
Nathanael D. Noblet
Gnat Solutions
412 - 135 Gorge Road E
Victoria, BC V9A 1L1
T/F 250.385.4613
http://www.gnat.ca/
More information about the fedora-devel-list
mailing list