Can't get ipsec working in Fedora Core 2

stefan gastaldon stefang at bundaberg.qld.gov.au
Wed Jul 7 02:17:42 UTC 2004 

Matt Harrell wrote:

> Help!
>
> Until last night, I was running Fedora Core 1 with FreeSWAN.  I was 
> using FreeSWAN to connect to my place of work, and two different 
> customer sites via IKE IPsec tunnels.  It was working great.
>
> Since upgrading to Fedora Core 2, I cannot get FreeSWAN to work.  So I 
> decided to try the ipsec implementation included with the 2.6 kernel.  
> I am having no luck.  Is there any documentation for this anywhere?  
> I'm referring specifically to the RedHat/Fedora implementation.  I'm 
> trying to make use of it (including the GUI set tool under System 
> Settings --> Network --> IPsec).
>
> Sometimes racoon doesn't even respond to pings from my Windows XP PC 
> behind my Linux firewall.  When it does, it fails to connect.  Racoon 
> logs a "hash mismatch".  The Sidewinder G2 firewall on the work end 
> logs a similar message about the configuration not matching.  I've 
> noticed that racoon keeps trying aggressive mode.  I don't know why.  
> I've manually edited racoon.conf (and the individual .conf files for 
> the other end) to eliminate aggressive mode (just leaving main mode).
>
> Also, when setting up an IPsec tunnel using the GUI Network tool, it 
> asks for "Local network address".  According to the documentation I 
> found for RedHat Enterprise Linux, this should be the internal 
> interface for the Linux firewall.  However, I don't think this is 
> right.  I think this should actually be the subnet address, correct?  
> In the Remote Network screen, it asks for both "Remote IP address" and 
> "Remote network gateway".  Aren't these the same thing?  There's a 
> separate field for "Remote network address", so it would seem that 
> "Remote IP address" and "Remote network gateway" should both be the 
> external interface IP address of the remote firewall.
>
> I have noticed two error messages that seem particularly troubling to 
> me.  First, when racoon first starts, it complains with
>
> ERROR:  isakmp.c:1378:isakmp_open(): failed to bind to address 
> [address of NIC] (no such device)
>
> for both NICs.
>
> Also, if I try to activate a configured tunnel with "ifup [tunnel 
> name]", it replies with "RTNETLINK answers:  Network is unreachable".  
> What?
>
> If there is some good documentation for this ipsec system, please 
> point me to it!  Any other help would be greatly appreciated--I need 
> this connection up so that I can work from home!
>

check out the comments at the start of the 
"/etc/sysconfig/network-scripts/ifup-ipsec" script

had the same problem
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126646

cheers

More information about the fedora-list mailing list