Can't get ipsec working in Fedora Core 2
stefang at bundaberg.qld.gov.au
Wed Jul 7 02:17:42 UTC 2004
Matt Harrell wrote:
> Until last night, I was running Fedora Core 1 with FreeSWAN. I was
> using FreeSWAN to connect to my place of work, and two different
> customer sites via IKE IPsec tunnels. It was working great.
> Since upgrading to Fedora Core 2, I cannot get FreeSWAN to work. So I
> decided to try the ipsec implementation included with the 2.6 kernel.
> I am having no luck. Is there any documentation for this anywhere?
> I'm referring specifically to the RedHat/Fedora implementation. I'm
> trying to make use of it (including the GUI set tool under System
> Settings --> Network --> IPsec).
> Sometimes racoon doesn't even respond to pings from my Windows XP PC
> behind my Linux firewall. When it does, it fails to connect. Racoon
> logs a "hash mismatch". The Sidewinder G2 firewall on the work end
> logs a similar message about the configuration not matching. I've
> noticed that racoon keeps trying aggressive mode. I don't know why.
> I've manually edited racoon.conf (and the individual .conf files for
> the other end) to eliminate aggressive mode (just leaving main mode).
> Also, when setting up an IPsec tunnel using the GUI Network tool, it
> asks for "Local network address". According to the documentation I
> found for RedHat Enterprise Linux, this should be the internal
> interface for the Linux firewall. However, I don't think this is
> right. I think this should actually be the subnet address, correct?
> In the Remote Network screen, it asks for both "Remote IP address" and
> "Remote network gateway". Aren't these the same thing? There's a
> separate field for "Remote network address", so it would seem that
> "Remote IP address" and "Remote network gateway" should both be the
> external interface IP address of the remote firewall.
> I have noticed two error messages that seem particularly troubling to
> me. First, when racoon first starts, it complains with
> ERROR: isakmp.c:1378:isakmp_open(): failed to bind to address
> [address of NIC] (no such device)
> for both NICs.
> Also, if I try to activate a configured tunnel with "ifup [tunnel
> name]", it replies with "RTNETLINK answers: Network is unreachable".
> If there is some good documentation for this ipsec system, please
> point me to it! Any other help would be greatly appreciated--I need
> this connection up so that I can work from home!
check out the comments at the start of the
had the same problem
More information about the users