Topic: Freeswan + Fileshares

[Alessandro]

Hi !!!

I followed the how to for freeswan IPSEC tunnel.
I have exactly the same configuration in my lab. (Only IP Adresses are
different)

It works fine. I can ping every workstation or server.
But when I want to access a fileshare it doesn´t do anything.
There are two W2k Workstations acting as clients and two E-smith 5.1.2
Servers.

How can I access from Client1 the Fileshares from Server2 or Client2 and so
on ....

Is there an firewall Rule which blocks this ???
I can´t even Telnet or SSH to the remote Servers internal IP Address.

Any hints ??

Thanks and nice greetings from Austria

Alessandro

[Lloyd Keen]

Did you add the local networks in the e-smith manager and if you did after you do this you must go back into IPsec VPN and hit the modify button. This apparently reloads the firewall rules with the new network info.

[Lloyd Keen]

After you add the local networks from the server-manager you must go back into IPSEC VPN and click on the modify button to reload the firewall rules with the new network info. You should then be able to ping subnet to subnet.

[Alessandro]

What do you mean with add this to the local Networks ?

I tried to add on Server1 to add the remote network.
I got an Error back "Error: router address 10.1.100.1, not accessable from local network. Did not add network"
But i can ping the gateway !!

What i´m doing wrong ???

Site1
local Client: 10.1.100.66
local Server: 10.1.100.1
remote Server: 192.168.1.200

Site2
local Client: 10.1.1.65
local Server: 10.1.1.1
remote Server: 192.168.1.100

I can ping every IP from each site.

thanks
    Alessandro

[Lloyd Keen]

HHmmmm, I think site 1 remote server should be 10.1.1.1 and site2 remote server should be 10.1.100.1 Do both the servers have 2 nics and if so what are the IP's for both nics, don't worry about local client at either site, they dont come into the picture.

[Alessandro]

Well my explanation was not very good at all.

Site 1
local interface eth0 = 10.1.100.1
remote interface eth1 = 192.168.1.200

Site 2
local interface eth0  = 10.1.1.1
remote interface eth1 = 192.168.1.100

Here what i did.
on Site 2 i tried to add following local network:
Network: 10.1.100.0
Mask: 255.255.255.0
Gateway: 10.1.100.1
than add.

Result: "Error: router address 10.1.100.1, not accessable from local network. Did not add network"

Is this the right way ??

Anyway thanks for your help.

Ciao
        Alessandro

[Lloyd Keen]

Leave the gateway or router address empty. e-smith already knows what this is.

[Alessandro]

Yeah this helped.

I had to do the modify button in IPSEC Panel a few times but now it works perfectly. Fileshare and so on.

Thanks for your help.

Alessandro

[Dan G.]

You can also add the address for the SME internal NIC to the WINS server configuration on the hosts in the opposite subnet.  This should speed up browsing for remote shares.

[Lloyd Keen]

Allessandro,
Did you verify that the traffic is using the Ipsec interface? I thought because both servers had the same subnet on the external interface that they would use eth1. You can check by calling up ifconfig and note the Tx and Rx values for Ipsec0, then ping from client1 to client 2. Now run ifconfig again and make sure that the values for IPsec0 have incremented by the amount of pings sent.

[Alessandro]

Nope i did not check if the traffic is going via IPSEC IF.
But thanks for the hint. Will check this soon.

Ciao
    Alessandro