Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: David Woolley on October 16, 2002, 04:30:37 PM

Title: Help please for ipsec vpn v5.5u2
Post by: David Woolley on October 16, 2002, 04:30:37 PM

Hi

Thanks for your previous pointers Lloyd & Rob.

Please does anyone have any further info about installing a freeS/WAN VPN under v5.5U2 ?

At the moment, Ive installed the IPSEC VPN panel using dmc-mitel-freeswan-0.4-12.noarch.rpm
I've rewritten the reference to the RSA key path in the template file.  I've moved and renamed the updown 1.91 (although freeswan is v1.97, problem?) into /usr/local/lib/ipsec

What I'm finding is that defining the first ipsec vpn at the remote server prevents the local server from pinging the external ip of the remote.

This happens when I have defined the remote as a local network and when I have not.

I see that people are not reporting problems under v5.12.  What other issues would I face if I downgraded the SME version?

Many thanks

David

Title: Re: Help please for ipsec vpn v5.5u2
Post by: Lloyd Keen on October 17, 2002, 07:57:05 AM

David,
I have run IPsec under both 5.1.2 and 5.5U2 with no problems (apart from the initial setup :-) the only difference is that you need to turn compression off under 5.5 What sort of internet connection do you have at either end?

Title: Re: Help please for ipsec vpn v5.5u2
Post by: David Woolley on October 17, 2002, 11:37:34 AM

Thanks Lloyd

Its encouraging that you have succeeded.

I have dsl at both ends.

Could you run me through the commands for controlling compression please.

Is it relevant that defining an ipsec vpn (using the freeswan server-manager panel) at the remote end blocks the local end receiving a response to "ping"?

Thanks again for your time.

David

Title: Re: Help please for ipsec vpn v5.5u2
Post by: Michael Smith on October 18, 2002, 10:28:29 AM

Lloyd, a howto for 5.5 would be great, especially one that deals with later versions of FreeS/WAN ... care to take a swing at it?  I know there are lots of folks who read these forums who'd be very very interested!

Title: Re: Help please for ipsec vpn v5.5u2
Post by: Lloyd Keen on October 18, 2002, 05:37:25 PM

David,
I'll work with Darrell May over the next week to update the HOWTO for 5.5update2. Until then if you want to try turning off compression
#mcedit /etc/e-smith/templates/etc/ipsec.conf/20default and change the line that says
compress=yes to
compress=no
then rebuild the template with
#/sbin/e-smith/expand-template /etc/ipsec.conf followed by
#service ipsec restart

Title: Re: Help please for ipsec vpn v5.5u2
Post by: David Woolley on October 18, 2002, 08:29:39 PM

Lloyd,

Thank you very much for taking the trouble with this thread, and thanks for the offer to remake the howto.  

Would you consider including some post script about prerequisites for workstations on the two LANs connecting to and using the tunnels.

Also some info on if the tunnel may be verified to have been used for a particular transmission - rather than another, unsecured route.

Meanwhile, I'm ploughing through the freeS/WAN.org site and feeling a little more comfortable with my failure.

Thanks

David