[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Working Road Warrior Config

From: "Brian" <blanda mnsi net>
To: <redhat-list redhat com>
Subject: Working Road Warrior Config
Date: Fri Jun 28 21:35:02 2002

IPSec with FreeSWan as the server and SSH Sentinel 1.31 as the windows
client

Here is a working config for road warrior:

1.) I used PSK (or Pre-Shared Secret)

2.) Suse Linux 8.0 PRo

This is my LAB IPSec setup:

Windows 2000 Pro
Ip address 192.168.0.50 or private address , I have SSH Sentinel loaded on
my Win2K


Linux Box (Suse) Freeswan 1.96 complied (two nic)
Ip address 192.168.0.45  255.255.255.0  eth0
Ip address 10.1.1.1      255.255.255.0  eth1  (10.1.1.0/255.255.255.0)


Windows 98se Computer sitting on the eth1 segment
ip address 10.1.1.2  255.255.255.0
Gateway    10.1.1.1


I had to setup routing on my Linux box, I used this

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0  -j MASQUERADE
iptables -A FORWARD  -j ACCEPT


I was now able to ping from 10.1.1.2 to 192.168.0.50

Here is my IPSec config


config setup
       interfaces="ipsec0=eth0"
       klipsdebug=none
       plutodebug=none
       plutoload=%search
       plutostart=%search
       uniqueids=yes

conn  %default
       keyingtries=1
       authby=secret


conn  tunnel-one
      type=tunnel
      left=192.168.0.45 ( my eth0 interface)
      leftnexthop=
      leftsubnet=10.1.1.0/255.255.255.0  (this is my eth1 segment)
      right= %any         (this is my windows 2000 pro box, with SSH
Sentinel)
      keyexchange =ike
      ikelifetime= 240m
      pfs = yes
      keylife = 1h
      #rightsubnet = /255.255.255.0
      rightnexthop =
      compress = no
      auto = add



------------------------------------------


Here is my ipsec.secrets config

192.168.0.45 %any: PSK "junk"


-------------------------------------------


Here is a map of my network


Win2KPro    -----------> Linux (Ipsec)
192.168.0.50             192.168.0.45 eth0 (left)
road warrior             10.1.1.1 eth1
(right)                  (10.1.1.0) (leftsubnet) ------> window98se
(10.1.1.2) gateway 10.1.1.1


192.168.0.50 could be a DHCP or a private address , I just use that address
in my lab.
I used a ethernet crossover cable between my W2K pro and my Linux box.
Remember that you must use
the same pre-shared key "junk" when you configure SSH Sentinel.  There is a
section at the SSH Sentinel
site that shows you how configure SSH Sentinel.

Follow-Ups:
- Re: Working Road Warrior Config
  - From: Keith Morse

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]