Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: timtaylor11 on December 02, 2004, 09:52:15 PM
-
Hello all. I have 2 e-smith boxes. One with a dedicated ip the other dhcp behind a dls modem set in gateway mode. I have the same version of SME on both.
# uname -a
Linux wolverine 2.4.20-18.7 #1 Thu May 29 08:32:50 EDT 2003 i686 unknown
Both sides show IPsec running.
The side with the static IP shows
[root@cpsremote root]# ipsec verify
Checking your system to see if IPsec got installed and started correctly
Version check and ipsec on-path [OK]
Checking for KLIPS support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
DNS checks.
Looking for forward key for cpsremote [OK]
Looking for KEY in reverse map: 154.150.58.164.in-addr.arpa [OK]
Does the machine have at least one non-private address [OK]
[root@cpsremote root]#
The side behind the DSL shows
root@wolverine root]# ipsec verify
Checking your system to see if IPsec got installed and started correctly
Version check and ipsec on-path [OK]
Checking for KLIPS support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
DNS checks.
Looking for forward key for wolverine [FAILED]
Looking for KEY in reverse map: 93.149.39.162.in-addr.arpa [FAILED]
Does the machine have at least one non-private address [OK]
[root@wolverine root]#
Both sides give me the same information when I do a restart but I can not get any traffic across the vpn.
[root@cpsremote etc]# service ipsec restart
ipsec_setup: Stopping FreeS/WAN IPsec...
ipsec_setup: Starting FreeS/WAN IPsec 1.99...
ipsec_setup: Using /lib/modules/2.4.20-18.7/kernel/net/ipsec/ipsec.o
[root@cpsremote etc]#
Have tried about every connedtion and option. I have tried it with only ip, host name, and can not seem to get it to work. Anyone got this to work yet. I see a lot of older ones not 6.0 trying with a dhcp ip address.
Tim Taylor
NOT TOOL TIME
-
Can you set the DSL modem to bridged mode and have the SME box do the username/password authentication? And do both sides have static IPs? Because that's the proven configuration.
-
the modem is set to bridge mode but the dsl is dynamic ip.
-
I don't recall seeing any success stories of FreeS/WAN LAN-to-LAN VPNs using dynamic IPs with any FreeS/WAN version under 2.0, which includes none of the SME contribs that I know of. I think OpenVPN may be more flexible in this regard but have no direct experience.
-
the freeswan contribs DO NOT WORK with dynip !
You may have a short success, but if the remote ip change, you have to restart freeswan on both sides !
-
hi,
I ve installed freeswan on two SME 6.0.1-1 Boxes with dynamic ips and as it described here it works only since one of the ip´s changes.
But I think this can be solved.
The only thing you have to do is to define a cronjob on both sides which restarts the inet-connection and after this the ipsec-service. For a short time in the night you ll be disconnected but in my enviroment this isn´t so important.
Normaly your dsl-connection disconnects after about 24 hours. To garantee that the ipsec-connection works all the day you have to disconnect 2 times in the night because the online-time vary every night about some minutes.
For example first at 23:00 and second time at 3:00 o´clock. So you should have a connection all the day.
Anyone tried something like this above a longer time?
I m going to test this ...
Michael