[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Can't get ipsec working in Fedora Core 2


Until last night, I was running Fedora Core 1 with FreeSWAN. I was using FreeSWAN to connect to my place of work, and two different customer sites via IKE IPsec tunnels. It was working great.

Since upgrading to Fedora Core 2, I cannot get FreeSWAN to work. So I decided to try the ipsec implementation included with the 2.6 kernel. I am having no luck. Is there any documentation for this anywhere? I'm referring specifically to the RedHat/Fedora implementation. I'm trying to make use of it (including the GUI set tool under System Settings --> Network --> IPsec).

Sometimes racoon doesn't even respond to pings from my Windows XP PC behind my Linux firewall. When it does, it fails to connect. Racoon logs a "hash mismatch". The Sidewinder G2 firewall on the work end logs a similar message about the configuration not matching. I've noticed that racoon keeps trying aggressive mode. I don't know why. I've manually edited racoon.conf (and the individual .conf files for the other end) to eliminate aggressive mode (just leaving main mode).

Also, when setting up an IPsec tunnel using the GUI Network tool, it asks for "Local network address". According to the documentation I found for RedHat Enterprise Linux, this should be the internal interface for the Linux firewall. However, I don't think this is right. I think this should actually be the subnet address, correct? In the Remote Network screen, it asks for both "Remote IP address" and "Remote network gateway". Aren't these the same thing? There's a separate field for "Remote network address", so it would seem that "Remote IP address" and "Remote network gateway" should both be the external interface IP address of the remote firewall.

I have noticed two error messages that seem particularly troubling to me. First, when racoon first starts, it complains with

ERROR: isakmp.c:1378:isakmp_open(): failed to bind to address [address of NIC] (no such device)

for both NICs.

Also, if I try to activate a configured tunnel with "ifup [tunnel name]", it replies with "RTNETLINK answers: Network is unreachable". What?

If there is some good documentation for this ipsec system, please point me to it! Any other help would be greatly appreciated--I need this connection up so that I can work from home!

Matt Harrell
matt mattharrell net

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]