Can't get ipsec working in Fedora Core 2

Matt Harrell matt at mattharrell.net
Sun May 30 05:17:06 UTC 2004 

Help!

Until last night, I was running Fedora Core 1 with FreeSWAN.  I was 
using FreeSWAN to connect to my place of work, and two different 
customer sites via IKE IPsec tunnels.  It was working great.

Since upgrading to Fedora Core 2, I cannot get FreeSWAN to work.  So I 
decided to try the ipsec implementation included with the 2.6 kernel.  I 
am having no luck.  Is there any documentation for this anywhere?  I'm 
referring specifically to the RedHat/Fedora implementation.  I'm trying 
to make use of it (including the GUI set tool under System Settings --> 
Network --> IPsec).

Sometimes racoon doesn't even respond to pings from my Windows XP PC 
behind my Linux firewall.  When it does, it fails to connect.  Racoon 
logs a "hash mismatch".  The Sidewinder G2 firewall on the work end logs 
a similar message about the configuration not matching.  I've noticed 
that racoon keeps trying aggressive mode.  I don't know why.  I've 
manually edited racoon.conf (and the individual .conf files for the 
other end) to eliminate aggressive mode (just leaving main mode).

Also, when setting up an IPsec tunnel using the GUI Network tool, it 
asks for "Local network address".  According to the documentation I 
found for RedHat Enterprise Linux, this should be the internal interface 
for the Linux firewall.  However, I don't think this is right.  I think 
this should actually be the subnet address, correct?  In the Remote 
Network screen, it asks for both "Remote IP address" and "Remote network 
gateway".  Aren't these the same thing?  There's a separate field for 
"Remote network address", so it would seem that "Remote IP address" and 
"Remote network gateway" should both be the external interface IP 
address of the remote firewall.

I have noticed two error messages that seem particularly troubling to 
me.  First, when racoon first starts, it complains with

ERROR:  isakmp.c:1378:isakmp_open(): failed to bind to address [address 
of NIC] (no such device)

for both NICs.

Also, if I try to activate a configured tunnel with "ifup [tunnel 
name]", it replies with "RTNETLINK answers:  Network is unreachable".  What?

If there is some good documentation for this ipsec system, please point 
me to it!  Any other help would be greatly appreciated--I need this 
connection up so that I can work from home!

-- 
Matt Harrell
matt at mattharrell.net
http://www.mattharrell.net

More information about the fedora-list mailing list