Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: SME 7.4 - IPSec/VPN Site-to-Site
« previous next »
Pages: [1]   Go Down

SME 7.4 - IPSec/VPN Site-to-Site

  • 7 Replies
  • 5906 Views

Offline tiBoun

  • 4
  • +0/-0
SME 7.4 - IPSec/VPN Site-to-Site
« on: February 25, 2009, 04:09:01 AM »
Hi everyone,

I am trying to setup a permanent connection between 2 SME Servers (7.4).

After following this http://wiki.contribs.org/Ipsec, and reading the original topic on this forum, I still can't make them connected.

Among the weird message I get oin the log:
racoon: INFO: unsupported PF_KEY message REGISTER

Does anyone has an idea ?

Thanks for your help.
Logged

Offline David Harper

  • *
  • 653
  • +0/-0
  • Watch this space
    • Workgroup Technology Solutions
Re: SME 7.4 - IPSec/VPN Site-to-Site
« Reply #1 on: February 25, 2009, 05:25:21 AM »
Welcome to the forums :)

Quote from: tiBoun on February 25, 2009, 04:09:01 AM
Among the weird message I get oin the log:
racoon: INFO: unsupported PF_KEY message REGISTER

Try posting the log messages from both server, so we can see what might be going on.
Logged

Offline tiBoun

  • 4
  • +0/-0
Re: SME 7.4 - IPSec/VPN Site-to-Site
« Reply #2 on: February 25, 2009, 06:53:31 AM »
Actually I reainstalled SME server and still no connection, but the errors are differents. Sorry ...

This is from the server sme1:
Code: [Select]
Feb 25 14:35:37 sme network: Bringing up interface eth0:  succeeded
Feb 25 14:35:37 sme ifup: RTNETLINK answers: Network is unreachable
Feb 25 14:35:37 sme ifup: RTNETLINK answers: File exists
Feb 25 14:35:38 sme kernel: NET: Registered protocol family 15
Feb 25 14:35:38 sme racoon: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net)
Feb 25 14:35:38 sme racoon: INFO: @(#)This product linked OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/)
Feb 25 14:35:38 sme racoon: INFO: 12.1.1.1[500] used as isakmp port (fd=8)
Feb 25 14:35:38 sme racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=9)
Feb 25 14:35:38 sme network: Bringing up interface ipsec0:  succeeded
Feb 25 14:35:38 sme wan: Starting wan succeeded
...
Feb 25 14:35:44 sme racoon: INFO: 192.168.40.38[500] used as isakmp port (fd=8)
Feb 25 14:35:44 sme racoon: INFO: 12.1.1.1[500] used as isakmp port (fd=9)
Feb 25 14:35:44 sme racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=10)

This is from server sme2:
Code: [Select]
Feb 25 14:28:50 sme2 network: Bringing up interface eth0:  succeeded
Feb 25 14:28:50 sme2 ifup: RTNETLINK answers: Network is unreachable
Feb 25 14:28:50 sme2 ifup: RTNETLINK answers: File exists
Feb 25 14:28:50 sme2 kernel: NET: Registered protocol family 15
Feb 25 14:28:51 sme2 racoon: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net)
Feb 25 14:28:51 sme2 racoon: INFO: @(#)This product linked OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/)
Feb 25 14:28:51 sme2 racoon: INFO: 12.1.2.1[500] used as isakmp port (fd=8)
Feb 25 14:28:51 sme2 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=9)
Feb 25 14:28:51 sme2 network: Bringing up interface ipsec0:  succeeded
Feb 25 14:28:51 sme2 wan: Starting wan succeeded
...
Feb 25 14:28:58 sme2 racoon: INFO: 192.168.40.50[500] used as isakmp port (fd=8)
Feb 25 14:28:58 sme2 racoon: INFO: 12.1.2.1[500] used as isakmp port (fd=9)
Feb 25 14:28:58 sme2 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=10)

Since, the SME servers are also Gateway, should I put their internal IP address or external IP address on the SRCGW parameter of "/etc/sysconfig/network-scripts/ifcfg-ipsec0" file ?

Besides, I am actually testing this permanent VPN connection, meaning, I am using 2 computers running VMWare. Each of them has a SME Server with two ethernet cards: one in HostOnly and the other on Bridge.

Thanks for your help.
« Last Edit: February 25, 2009, 06:57:41 AM by tiBoun »
Logged

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: SME 7.4 - IPSec/VPN Site-to-Site
« Reply #3 on: February 25, 2009, 09:10:02 AM »
hi

you could try openvpn.. search on the forums and in the wiki for documentation and howtos

Ciao
Stefano
Logged

Offline tiBoun

  • 4
  • +0/-0
Re: SME 7.4 - IPSec/VPN Site-to-Site
« Reply #4 on: February 25, 2009, 09:29:39 AM »
Well,

After looking at the OpenVPN HowTo, it is for having a more reliable VPN connection between the server and Clients (XP/2000/Vista).

In my case, I am trying to connect two SME Server.
Logged

Offline Stefano

  • *
  • 10,894
  • +3/-0
Re: SME 7.4 - IPSec/VPN Site-to-Site
« Reply #5 on: February 25, 2009, 10:57:16 AM »
Quote from: tiBoun on February 25, 2009, 09:29:39 AM
Well,

After looking at the OpenVPN HowTo, it is for having a more reliable VPN connection between the server and Clients (XP/2000/Vista).

In my case, I am trying to connect two SME Server.

ROTFL.. where did you read it? openvpn can be used to create a lan-to-lan vpn

here you will find what you need. :-)

ciao
Stefano

Logged

Offline janet

  • *****
  • 4,812
  • +0/-0
Re: SME 7.4 - IPSec/VPN Site-to-Site
« Reply #6 on: February 25, 2009, 11:05:09 AM »
tiBoun

For OpenVPN-Bridge (server to server) see

http://sme.firewall-services.com/spip.php?rubrique3

as advised in the contribs wiki article for OpenVPN (client to server)

Logged
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline tiBoun

  • 4
  • +0/-0
Re: SME 7.4 - IPSec/VPN Site-to-Site
« Reply #7 on: February 26, 2009, 02:08:09 AM »
Thank you !

I'll try with OpenVPN and I hope I will manage to make it work :p

Cheers
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME 7.x Contribs
  4. Topic: SME 7.4 - IPSec/VPN Site-to-Site