LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page ipsec help
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-17-2006, 02:35 AM   #1
ankscorek
Member
 
Registered: Mar 2003
Distribution: Slackware10.2,SUSE,FC,RHL,Vector Linux,WHAX,PHLAK,bt4,ubuntu,debian,aptosid,backtrack,blackbuntu
Posts: 529

Rep: Reputation: 31
ipsec help

im trying to get two hosts whose IP address are 194.200.200.1 &2 on ipsec....

here are the o/p


root@anks/]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.4/K2.6.12 (netkey)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [N/A]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for NETKEY IPsec stack support [OK]
Opportunistic Encryption Support [DISABLED]


here is the ipsec.conf


# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $

# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5


version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
interfaces="ipsec0=eth1"
# plutodebug / klipsdebug = "all", "none" or a combation from below:
klipsdebug=none
plutodebug=none
plutoload=%search
auto=add
plutostart=%search
conn %default
keyingtries=0
disablearrivalcheck=0
authby=rsasig
auth=ah
auto=start
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
# plutodebug="control parsing"
#
# Only enable klipsdebug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
# nat_traversal=yes
# virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12

# Add connections here

# sample VPN connection
#conn sample
# # Left security gateway, subnet behind it, nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it,
# # at startup, uncomment this.
# #auto=start
conn amit-anks
left=194.200.200.1 #amit
right=194.200.200.2 #anks[root@anks/]# ipsec auto --up amit-anks
024 need --listen before --initiate
[root@anks/]#
esp=3des-md5-96
espenckey=[192 bits]
espauthkey=[128 bits]

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf


the error is as ahead


[root@anks/]# ipsec auto --up amit-anks
024 need --listen before --initiate
[root@anks/]#


can some one pl guide me through ..the config is a simple host-to-host which is to work in a simple LAN enviornment..
Last edited by ankscorek; 03-17-2006 at 02:36 AM.
 
Old 03-30-2006, 03:42 AM   #2
ankscorek
Member
 
Registered: Mar 2003
Distribution: Slackware10.2,SUSE,FC,RHL,Vector Linux,WHAX,PHLAK,bt4,ubuntu,debian,aptosid,backtrack,blackbuntu
Posts: 529

Original Poster
Rep: Reputation: 31
here lies the solution

http://www.slackbasics.org/html/ipsec.html
 
0 members found this post helpful.
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPSec eagle683 Linux - Security 5 06-10-2005 10:53 AM
IPsec cranium2004 Linux - Security 5 05-01-2005 08:21 PM
ipsec?? new user Linux - Security 5 08-18-2003 11:37 PM
Ipsec MarleyGPN Linux - Networking 1 07-15-2003 08:18 AM
ipsec pk21 Linux - Software 2 01-30-2003 06:39 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:11 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration