Linux 2.6 IPSec Tunnels

securitylists_at_speed.seas.upenn.edu
Date: 04/08/04

  • Next message: Nagy Gergely: "SMS gateway server" 
    Date: Thu, 8 Apr 2004 16:27:25 -0400
To: security-basics@securityfocus.com

    Hi list,

    I'm trying to set up IPSec tunnels between two private (nonrouteable)
    networks using the 2.6 kernel's native IPSec and ipsec-tools (which are
    a port of the KAME IPSec utilities). I've successfully gotten transport
    mode working (using the information at
    http://www.ipsec-howto.org/x237.html) but I am unsure on how to do
    tunnel mode (and documentation is, as a whole, quite scarce). Following
    the directions on that site, I can set up the tunnels between the
    gateways allright (apparently, but I cannot test it--traffic between the
    gateways themselves is unencrypted). But I don't know what to do on the
    gateways to get the proper routing.

    So if I have the following network setup:

    [10.0.1.0/24] <--> [gateway1] <---Internet---> [gateway2] <-->
    [10.0.2.0/24]

    How do I configure gateway1 to route 10.0.2.0/24 through the tunnel, and
    vice-versa on gateway2? I assume I need to turn on ip_forwarding, but
    there must be some route configuration I need to perform as well, I
    assume?

    Can anyone direct me on what to do or where to find better documentation
    on this?

    Thanks,
    Dan

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Nagy Gergely: "SMS gateway server"

    Relevant Pages

    • Re: FreeSwan and windows 2000 VPN
      ... Windows 2000 Workstation will only support IPSEC tunnels if it has a static ... This requirement took Win2K's native IPSEC support out of the running for us ...
      (comp.os.linux.security)
    • Re: FreeSwan and windows 2000 VPN
      ... Windows 2000 Workstation will only support IPSEC tunnels if it has a static ... This requirement took Win2K's native IPSEC support out of the running for us ...
      (comp.os.linux.security)
    • Re: Draytek Vigor 2600, L2TP tunnels?
      ... >> I can make PPTP connections, and router to router tunnels, but I can't get ... >> past Phase 1 of the L2TP using Internet Connect, ... > getting the IPsec tunnel going in the first place. ... > always difficult esp as the Vigor doesn't support NAT traversal. ...
      (uk.comp.sys.mac)
    • Re: RV042 and pix with load balancing
      ... I also have a tasman t1 router with to lan ... The GRE tunnels must terminate on a router, PIX don't route the way you ... IPsec can be done by firewall or by router. ...
      (comp.dcom.sys.cisco)
    • weird. LOL
      ... >these terminologies give me a feeling of being nothing ... >a truck driver on some freeway. ... >or gateways or tunnels!!! ...
      (microsoft.public.win2000.group_policy)