Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: charlie on July 25, 2003, 02:04:04 AM
-
We are trying to get IPSEC (freeswan) working using the howto floating around and are having a problem.The two sites are connected by DSL with two dsl modems. The wan ports are on the same subnet (64.179.124.192 and .215 with a subnet 255.255.255.0). The lan addresses are 192.168.1.1 and 192.168.0.1 (255.255.255.0).
We get no ipsec traffic between locations and can not ping each other. Anyone have any ideas?
-
Charlie
I had the same problem some months back.
But you havent mentioned which version of sme you have 4.1.2, 5.1.2, 5.5,5.6?
If it's 5.1.2 do a search for my name ADSERG this will show you the problems i had and what i did to fix it with the help of other users in this forum.
Kindest Regards
Adserg
-
Adserg,
I 'm having the same problem as Charlie. In my case the servers are V5.6 and both are on the same subnet:
site1 (200.84.40.230)
site2 (200.84.42.55)
Mask (255.255.252.0)
both behind an ADSL bridge-modem.
The rpm's where downloaded from:
http://www.saco-service.de/SME/contrib/devinfo-freeswan-1.99/
I looked at the thread you started regarding this problem and conclude that the problem was a missing _updown script . The how-to in the above website mentiones nothig about this script.
Can you point me to the how-to you read?
Regards,
Ernesto
-
I did the following:
[root@sme-server root]# ipsec verify
Checking your system to see if IPsec got installed and started correctly
Version check and ipsec on-path [OK]
Checking for KLIPS support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
DNS checks.
Looking for forward key for sme-server [FAILED]
Looking for KEY in reverse map: 55.42.84.200.in-addr.arpa [OK]
Does the machine have at least one non-private address [OK]
and wonder if the failed [Looking for forward key] might be the cause of the problem we are experiencing.
In my case it's important to find a solution for servers using dynamic DNS as this is the only economically posible solution for the personal or family VPN in Venezuela.
Charlie, a came across this http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/quickstart.html
and think it might help solve the problem. If you get the chance to read through, would you comment on your interpretation of its contents as I am having problems understanding the procedure of including the KEY and TXT in the DNS.
Hope this gets us going.
Regards,
Ernesto