Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Adrian on October 10, 2002, 05:29:50 PM

Title: IPSEC0 Notraffic TX RX
Post by: Adrian on October 10, 2002, 05:29:50 PM

Hello all

I have gone through the general forum and experienced forum but nothing i have found yet has fixed my problem. (FREESWAN 1.9.1-05)

I have server A and serverB.

A is setup as a server B is setup as a client.

As per the howto i have told each server A+B of each others internal and external lan's in the server manager. I have also added the local addresses in the server manager. Also in the server manager i have also added a local network on both server A+B.(Is this ok there seems to be some confusion about this?)

Both server's know of each others encription key.

The problem i am having is that i have no idea if my tunnel is up and if it is what name does it have by default? how do i check for both.

I cant ping through the tunnel at all and if  i do an ifconfig ipsec0 there is no tx or rx traffic just seems totaly dead. I have turned of compression in ipsec.conf no joy.

can some one help ive looked at loads of help pages and my ipsec.conf seems more complicated say compared to smoothwall which i beleive is the same?

How do i bring up ipsec0??/

Can someone help please have come to a grinding halt.


Regards to all

Adrian

Title: Re: IPSEC0 Notraffic TX RX
Post by: Lloyd Keen on October 11, 2002, 02:43:35 PM

Adrian,
Do both A and B have static IP's? What version of SME are you using?
Also in the server manager i have also added a local network on both server A+B.(Is this ok there seems to be some confusion about this?)

Yes you need to do this. See also http://e-smith.org/bugs/index.php3?op=showBug&bugID=71
A simple ifconfig will show you if the interface is up or down. You should see eth0, eth1 and ipsec0 (among others). If you can see ipsec0 it is up (it may not be connected to the remote server, but it is up). If A's local network is 192.168.10.0 and B's is 192.168.20.0, pinging one of the local hosts (probably 192.168.20.1) from A will tell you if the connection is up. Click on the modify button in the IPsec configuration of the server-manager and then check /var/log/messages for errors. Double check the first 6 and last 6 digits of the encryption keys on both servers, you may have dropped a character maybe? You do need to turn off compression under 5.5, however, there is no need to do this with 5.1.2

Title: Re: IPSEC0 Notraffic TX RX
Post by: Adrian on October 11, 2002, 04:37:05 PM

Hi Lloyd  

Thank you for responding mate.

Do both A and B have static IP's?  Yes Server A  eg:217.37.xxx.1 Server B eg:217.207.xxx.xxx.146

 What version of SME are you using?  Using SME 5.1.2 both ends.

A simple ifconfig will show you if the interface is up or down. You should see eth0, eth1 and ipsec0 (among others). If you can see ipsec0 it is up (it may not be connected to the remote server, but it is up).  Yes that is what i see.

Encryption key OK on both. have checked.

Local Network A: 172.31.4.0 ,Server .1  Local Network B: 130.44.4.10 ,Server .14
th ser
I have also started and stopped both services and they appear to startup ok.

In IPsec in the server manager what i find is that if all settings are selected to yes then i cant ping the external interface on both? all are set to NO at the moment. I suspect this could cause a problem but dont know? When i enable all to yes,I find both try and send packets which are dropped but nothing is received.And VPN or Putty connectivity is impossible. Server A setup as Server, Server B setup as Client.

Title: Re: IPSEC0 Notraffic TX RX
Post by: Lloyd Keen on October 11, 2002, 06:47:40 PM

Yes Server A eg:217.37.xxx.1 Server B eg:217.207.xxx.xxx.146
if all settings are selected to yes then i cant ping the external interface on both
You should be able to ping the external interface of both servers regardless of whether IPsec is installed or not.
Local Network A: 172.31.4.0 ,Server .1 Local Network B: 130.44.4.10 ,Server .14
Hmmm something seems funny here, why does Network A have a private IP address but Network B has a public IP address?
I would leave all settings to yes and don't worry about turning off encyption.

Title: Re: IPSEC0 Notraffic TX RX
Post by: Lloyd Keen on October 11, 2002, 06:50:35 PM

and don't worry about turning off encyption
Sorry I meant don't worry about turning off compression.

Title: Re: IPSEC0 Notraffic TX RX
Post by: Michael Smith on October 12, 2002, 12:53:12 AM

All I can say is -- check, recheck and check again.  I tried time and again to set up one of these VPNs according to the excellent HOWTO but it didn't work until I got it *exactly* right ... external IPs, internal IPs, network masks, local networks & encryption keys.  I copied & pasted the keys & made SURE I hadn't included any end-of-line or end-of file characters.

Once I got everything right, it magically came up & has been rock-solid ever since.  Checked w/ping, then used for access via IP address to a SCO Unix box and SBS server.  (Still can't browse from a 9x machine; 2K & XP OK ... but that's another story.)

Title: Re: IPSEC0 Notraffic TX RX
Post by: Adrian S on October 14, 2002, 03:42:30 PM

Lloyd and Michael

Yup basicaly your are correct, I found out for some reason if i use a 172.31.4.0 it get's the right hump server connectivity drops. Hoverver if i use a 192.168.xx.xx it comes up straight away?

Again Thank you guys i appreciate all the help i have been given.

Kind Regards to all

Adrian