Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: tiBoun on February 25, 2009, 04:09:01 AM

Title: SME 7.4 - IPSec/VPN Site-to-Site
Post by: tiBoun on February 25, 2009, 04:09:01 AM

Hi everyone,

I am trying to setup a permanent connection between 2 SME Servers (7.4).

After following this http://wiki.contribs.org/Ipsec (http://wiki.contribs.org/Ipsec), and reading the original topic on this forum, I still can't make them connected.

Among the weird message I get oin the log:
racoon: INFO: unsupported PF_KEY message REGISTER

Does anyone has an idea ?

Thanks for your help.

Title: Re: SME 7.4 - IPSec/VPN Site-to-Site
Post by: David Harper on February 25, 2009, 05:25:21 AM

Welcome to the forums :)

Quote from: tiBoun on February 25, 2009, 04:09:01 AM

Among the weird message I get oin the log:
racoon: INFO: unsupported PF_KEY message REGISTER

Try posting the log messages from both server, so we can see what might be going on.

Title: Re: SME 7.4 - IPSec/VPN Site-to-Site
Post by: tiBoun on February 25, 2009, 06:53:31 AM

Actually I reainstalled SME server and still no connection, but the errors are differents. Sorry ...

This is from the server sme1:

Code: [Select]

Feb 25 14:35:37 sme network: Bringing up interface eth0:  succeeded
Feb 25 14:35:37 sme ifup: RTNETLINK answers: Network is unreachable
Feb 25 14:35:37 sme ifup: RTNETLINK answers: File exists
Feb 25 14:35:38 sme kernel: NET: Registered protocol family 15
Feb 25 14:35:38 sme racoon: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net)
Feb 25 14:35:38 sme racoon: INFO: @(#)This product linked OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/)
Feb 25 14:35:38 sme racoon: INFO: 12.1.1.1[500] used as isakmp port (fd=8)
Feb 25 14:35:38 sme racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=9)
Feb 25 14:35:38 sme network: Bringing up interface ipsec0:  succeeded
Feb 25 14:35:38 sme wan: Starting wan succeeded
...
Feb 25 14:35:44 sme racoon: INFO: 192.168.40.38[500] used as isakmp port (fd=8)
Feb 25 14:35:44 sme racoon: INFO: 12.1.1.1[500] used as isakmp port (fd=9)
Feb 25 14:35:44 sme racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=10)

This is from server sme2:

Code: [Select]

Feb 25 14:28:50 sme2 network: Bringing up interface eth0:  succeeded
Feb 25 14:28:50 sme2 ifup: RTNETLINK answers: Network is unreachable
Feb 25 14:28:50 sme2 ifup: RTNETLINK answers: File exists
Feb 25 14:28:50 sme2 kernel: NET: Registered protocol family 15
Feb 25 14:28:51 sme2 racoon: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net)
Feb 25 14:28:51 sme2 racoon: INFO: @(#)This product linked OpenSSL 0.9.7a Feb 19 2003 (http://www.openssl.org/)
Feb 25 14:28:51 sme2 racoon: INFO: 12.1.2.1[500] used as isakmp port (fd=8)
Feb 25 14:28:51 sme2 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=9)
Feb 25 14:28:51 sme2 network: Bringing up interface ipsec0:  succeeded
Feb 25 14:28:51 sme2 wan: Starting wan succeeded
...
Feb 25 14:28:58 sme2 racoon: INFO: 192.168.40.50[500] used as isakmp port (fd=8)
Feb 25 14:28:58 sme2 racoon: INFO: 12.1.2.1[500] used as isakmp port (fd=9)
Feb 25 14:28:58 sme2 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=10)

Since, the SME servers are also Gateway, should I put their internal IP address or external IP address on the SRCGW parameter of "/etc/sysconfig/network-scripts/ifcfg-ipsec0" file ?

Besides, I am actually testing this permanent VPN connection, meaning, I am using 2 computers running VMWare. Each of them has a SME Server with two ethernet cards: one in HostOnly and the other on Bridge.

Thanks for your help.

Title: Re: SME 7.4 - IPSec/VPN Site-to-Site
Post by: Stefano on February 25, 2009, 09:10:02 AM

hi

you could try openvpn.. search on the forums and in the wiki for documentation and howtos

Ciao
Stefano

Title: Re: SME 7.4 - IPSec/VPN Site-to-Site
Post by: tiBoun on February 25, 2009, 09:29:39 AM

Well,

After looking at the OpenVPN HowTo, it is for having a more reliable VPN connection between the server and Clients (XP/2000/Vista).

In my case, I am trying to connect two SME Server.

Title: Re: SME 7.4 - IPSec/VPN Site-to-Site
Post by: Stefano on February 25, 2009, 10:57:16 AM

Quote from: tiBoun on February 25, 2009, 09:29:39 AM

Well,

After looking at the OpenVPN HowTo, it is for having a more reliable VPN connection between the server and Clients (XP/2000/Vista).

In my case, I am trying to connect two SME Server.

ROTFL.. where did you read it? openvpn can be used to create a lan-to-lan vpn

here (http://web.inter.nl.net/users/hanscees/sme7/openvpnsitetositetunnelsme7.html) you will find what you need. :-)

ciao
Stefano

Title: Re: SME 7.4 - IPSec/VPN Site-to-Site
Post by: janet on February 25, 2009, 11:05:09 AM

tiBoun

For OpenVPN-Bridge (server to server) see

http://sme.firewall-services.com/spip.php?rubrique3

as advised in the contribs wiki article for OpenVPN (client to server)

Title: Re: SME 7.4 - IPSec/VPN Site-to-Site
Post by: tiBoun on February 26, 2009, 02:08:09 AM

Thank you !

I'll try with OpenVPN and I hope I will manage to make it work :p

Cheers