Hello Jarkor,
My setup (and problem) is very similar to yours. I have also yet to find a satisfactory answer, and suspect that it may be easier to get a static IP from ISPs in the United States (where the majority of SME's users are). Japanese providers will charge an outrageous sum (more than ten times the personal rate) for a "business account" static IP. So my only sane option is to find some way to work with my dynamic IPs.
Discussed in depth on the "FreeS/WAN, VPN, VLAN, WAN, ...." was this topic
http://forums.contribs.org/index.php?topic=19393.0which shows users merrily connected with several nodes, but no mention of Dynamic.
The most successful I have been connecting (albeit an unstable tunnel like yours) was with two 5.6 boxes using the contribs by Shad Lords. Unfortunately, I have either deleted or overwritten those rpms when I upgraded to 6.0.1, and he no longer seems to be interested in hosting those files on his site or here. Saco's 5.6 contribs appear to be the most recent (which I am also now using), and everyone else other than myself seem to have no trouble with them.
Apart from regressing to 5.6 (which is problematic, as one of the servers has evolved to a production box), I seem to be at a loss as to how to continue. I turned off IPSEC and have let things as they are until I have more free time to wrestle with the problem. Though both locations are a 10 minute walk apart, it's still inconvenient to go back and forth, making minor adjustments each time.
Perhaps if we both post our edited setups here and work together to find a solution, hopefully someone will jump in and point out specifically where we are going wrong.
I'll start.
I have two servers which, for public information, I will call jack and jill. The office server, jack, has been updated from 5.6 to 6.0.1 while jill is a 6.0.1 fresh-install tinker box in my apartment. The office connects with a 8Mb ADSL and my apartment has a 1.5Mb connection, both from the same ISP. Dynamic IPs are handled with dyndns.org free service (no registered domain names yet).
server name: jack
host address: office.dyndns.org
DNS server: 192.168.11.1
internal ip: 192.168.11.1
internal subnet mask: 255.255.255.0
external ip: aaa.bbb.ccc.123
encryption key: blah-blah-one
server name: jill
host address: apartment.dyndns.org
DNS server: 192.168.49.1
internal ip: 192.168.49.1
internal subnet mask: 255.255.255.0
external ip: xxx.yyy.zzz.789
encryption key: blah-blah-twoFollowing Darrell May (et. al) FreeS/WAN IPSEC HowTo for sme 5.6, I end up creating a connection that permits everything EXCEPT access to/from those networks. Pings from respective networks get blocked, but pings to elsewhere are possible. "ipsec eroute" shows some connections trapped and others blocked (this part from memory, as I have disabled ipsec networking at the moment).
Potential unknowns/causes of trouble:
Both DSL modem/routers are in the Bridged position.
Multiple rpm -e and -Uvh --nodeps of various Freeswan versions (I posted this comment earlier on before I was registered.
http://forums.contribs.org/index.php?topic=22118.0)
Not to mention other basic dyslexic inputting errors (and other human stupidity)
4 Replies
1719 Views