Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: SalaTar on August 01, 2002, 05:07:38 PM

Title: FreeS/wan
Post by: SalaTar on August 01, 2002, 05:07:38 PM
ftp://ftp.xs4all.nl/pub/crypto/freeswan/RedHat-RPMs/7.1/freeswan-module-1.98b_2.4.9_34-0.i386.rpm
installed on 5.5 as server side and now the other 5.5 with Freeswan installed as in dev forums and this box have vpn..

Smile guys....
But as usual ****<<>>***
Title: Re: FreeS/wan
Post by: Charlie Brady on August 01, 2002, 05:25:56 PM
SalaTar wrote:
>
> ftp://ftp.xs4all.nl/pub/crypto/freeswan/RedHat-RPMs/7.1/freeswan-module-1.98b_2.4.9_34-0.i386.rpm
> installed on 5.5 as server side and now the other 5.5 with
> Freeswan installed as in dev forums and this box have vpn..

I'd be *very* surprised if a module for a 2.4.9 kernel installed and ran on an SME 5.5 server. Are you sure that you don't have the freeswan RPM included in the SME CDROM installed? Because that RPM does contain a module compatible with the 2.2.19-7.0.8 kernel uused in SME 5.5.

This would make the freeswan-module RPM you refer to unnecessary.

Regards

Charlie
Title: Re: FreeS/wan
Post by: SalaTar on August 02, 2002, 03:38:33 AM
Dont know why but it didnt work before and now it does..
You go figure...Ill try to recreat my steps as I was gunna uninstall the os and back down to 5.1.2 and was playing...installed rpm module , replaced the 1.9 _updown with the 8 and it worked
Title: Re: FreeS/wan
Post by: SalaTar on August 02, 2002, 03:52:44 AM
rpm -Uvh dmc-mitel-rpmmanager-0.0.1-1.noarch.rpm
rpm -Uvh freeswan-1.98b_2.4.18_5-0.i386.rpm
ls
cd opt/administration
cd /opt/administration
ls
cd rpm-manager
ls
rpm -Uvh freeswan-1.98b_2.4.7_10-0.i386.rpm
ls
rpm -Uvh freeswan-module-1.98b_2.4.9_34-0.i386.rpm
ls
rpm -q freeswan
cd cp /usr/lib/ipsec/
cp /usr/lib/ipsec
cd /usr/lib/ipsec
ls
cp /usr/lib/ipsec/_updown_1.8 /usr/local/lib/ipsec/_updown
mv /usr/local/lib/ipsec/_updown /usr/local/lib/ipsec/_updown.old1
cp /usr/lib/ipsec/_updown_1.8 /usr/local/lib/ipsec/_updown
cd /usr/local/lib/ipsec/
ls
pico _updown
cd /opt/administration
cd rpm-manager
ls
rpm -Uvh dmc-mitel-freeswan-0.4-12.noarch.rpm
rpm -Uvh -force  dmc-mitel-freeswan-0.4-12.noarch.rpm
rpm -Uvh dmc-mitel-freeswan-0.4-12.noarch.rpm -force
rpm -Uvh -f dmc-mitel-freeswan-0.4-12.noarch.rpm
rpm --help
rpm -force dmc-mitel-freeswan-0.4-12.noarch.rpm
rpm dmc-mitel-freeswan-0.4-12.noarch.rpm -force
rpm dmc-mitel-freeswan-0.4-12.noarch.rpm --force

rpm dmc-mitel-freeswan-0.4-12.noarch.rpm
rpm -force dmc-mitel-freeswan-0.4-12.noarch.rpm
rpm -ivh dmc-mitel-freeswan-0.4-12.noarch.rpm
ls
cd /usr/local/lib/ipsec/
ls
pico _updown
ipsec auto --add left-right
cd /usr/local/lib/ipsec/
pico ipsec
ipsec auto --ready
cd ipsec.secrets
cd /var/log
ls
cd secure
./secure
pico secure
pico /etc/ipsec.conf
ipsec status
ipsec setup --status
ipsec setup --start
ipsec barf
ipsec look
ipsec barf
ipsec status --restart
ipsec status --help
Title: Re: FreeS/wan
Post by: SalaTar on August 02, 2002, 04:01:59 AM
Aug  1 17:38:53 sme Pluto[4034]: "gate.local-gate.192.168.3.0" #43: ISAKMP SA established
Aug  1 17:54:22 sme Pluto[4034]: "net.local-gate.192.168.3.0" #44: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK to replace #30
Aug  1 17:54:22 sme Pluto[4034]: "net.local-gate.192.168.3.0" #44: sent QI2, IPsec SA established
Aug  1 17:56:04 sme Pluto[4034]: "gate.local-net.192.168.3.0" #45: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK to replace #32
Aug  1 17:56:05 sme Pluto[4034]: "gate.local-net.192.168.3.0" #45: sent QI2, IPsec SA established
Aug  1 17:57:31 sme Pluto[4034]: "net.local-net.192.168.3.0" #46: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK to replace #33
Aug  1 17:57:31 sme Pluto[4034]: "net.local-net.192.168.3.0" #46: sent QI2, IPsec SA established
Aug  1 17:58:35 sme Pluto[4034]: "gate.local-gate.192.168.3.0" #47: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK to replace #31
Aug  1 17:58:35 sme Pluto[4034]: "gate.local-gate.192.168.3.0" #47: sent QI2, IPsec SA established

all I know is its better than it was...
I am just messing with Linux maybe you experts will enlighten us to what the hell I did...or if I opened my ass to all sorts of hell  :)
Title: Re: FreeS/wan
Post by: Michael Smith on August 02, 2002, 06:04:20 PM
The docs on the FreeS/WAN website are out of date; anybody know what improvements 1.98b offers over 1.91?  Any favorite resources?  I'm still wrestling with browsing & NetBIOS issues but am reluctant to mess around too much as the current network is a production network that works well in doing its primary function, i.e. providing access via VPN to a SCO-UNIX box on the remote LAN.
Title: Re: FreeS/wan
Post by: Gerald on August 04, 2002, 02:42:10 AM
Confused, I read this thread, can't figure out who is doing what. I have a server that I upgrade to 5.5, it was working before with 5.1.2. Now there is no public key showing. Somewhere on this thread someone had written instructions on how to uninstall FreeS/wan and then reinstall I believe .91. Now I don't know if that is what is being adviced. Please clarify. TIA
Title: Re: FreeS/wan
Post by: Gerald on August 04, 2002, 02:42:11 AM
Confused, I read this thread, can't figure out who is doing what. I have a server that I upgrade to 5.5, it was working before with 5.1.2. Now there is no public key showing. Somewhere on this thread someone had written instructions on how to uninstall FreeS/wan and then reinstall I believe .91. Now I don't know if that is what is being adviced. Please clarify. TIA
Title: Re: FreeS/wan
Post by: Charlie Brady on August 05, 2002, 07:56:22 PM
SalaTar wrote:

> all I know is its better than it was...

Remove the freeswan-module RPM and it will still work.

Charlie