Topic: using rsync across an ipsec-freesWAN

[Rob Wellesley]

Hi all

I have an Ipsec-freesWAN going great - ping, map shares, etc. are fine - however i can't get rsync to work across the WAN -

192.168.10.X and 192.168.1.X are the subnets - both are defined in the LOCAL NETWORKS panel.

I want to copy  the contents of a directory on one SME in one subnet to a backup directory on an SME on the other subnet

(mounting a smbfs share across the subnets doesn't work either which is weird given that //server/share works fine for drive mapping)

Any ideas?

TIA rob

[David Woolley]

Hi Rob et al.

I've stumbled when trying to install the Ipsec - freesWAN on my v5.5up2.  

I was using http://myezserver.com/downloads/mitel/contrib/freeswan-0.4/freeswan-howto.html  

My problem is that the RSA key is not displayed in the new IPsecVPN server-manager panel.  And I get this line in the message log

Oct 13 20:50:02 ipsec__plutorun: 003 "/etc/ipsec.secrets" line 24: Modulus keyword not found where expected in RSA key

Did you need to do any work configuring RSA encryption when installing freesWAN.

ssh is working fine between my boxes using DSA keys.

Whats the difference in application of DSA & RSA keys?

Many thanks

David

[Lloyd Keen]

David,
To fix the RSA key not being displayed do the following:
edit /etc/e-smith/templates/etc/ipsec.secrets/10RSAKey
look for
@args = ("/usr/lib/ipsec/ipsec", "rsasigkey", "2048");
$result .= /usr/lib/ipsec/ipsec rsasigkey 2048;
and change them to read
@args = ("/usr/local/lib/ipsec/ipsec", "rsasigkey", "2048");
$result .= /usr/local/lib/ipsec/ipsec rsasigkey 2048;


then run /sbin/e-smith/signal-events ipsec-install

this will resolve the path issue.

[Rob Wellesley]

Hi

Try this thread also

http://forums.contribs.org/index.php?topic=14375.msg54737#msg54737

We haven't moved to 5.5 for production servers.The Freeswan contrib goes fine on 5.1.2

also-
http://www.freeswan.org/freeswan_trees/freeswan-1.95/doc/config.html

If you want to DIY

rob