I am currently investigating setting up a connection with the following features:
- Linux 2.6.x Base System
- IPSec Compliant Gateway
- NAT on the Gateway to hide internal addresses from the remote network
http://www.sherman.ca/archives/2004/11/21/linux-26-ipsec-vpns/
http://ipsec-tools.sourceforge.net/
http://lartc.org/howto/lartc.ipsec.html
http://www.fw-1.de/aerasec/ng/vpn-racoon/CP-VPN1-NG-Linux-racoon.html
Update: I have been trying to find some decent information on configuration it looks as though the Redhat / CentOS deployment guide is quite helpful. Only problem is the system-config-network utility shows different options if running without X so you need to do your own file hacking to get it working.
http://www.centos.org/docs/5/html/5.1/Deployment_Guide/s1-ipsec-net2net.html#
Definately recommend using the above link it really works well on Redhat/CentOS. A simple ifup
It appears there is plenty of information out there by which to precede. All I need to do now is digest it and make it work.
Troubles:
Having bridging enabled on one gateway seems to defeat the IPSec tunnel in Lan2Lan mode. You can ping and see the ping packets hitting the remote host and returning through the tunnel. The bridging seems to confuse the packets and they don't arrive back at the source host.
Seems I'm not the only one
I notice that the default setup for the Redhat / CentOS ipsec configuration uses both AH and ESP. If you call the name of your ipsec connection ipsec0. Turn off AH by setting AH_PROTO=none in /etc/sysconfig/network-scripts/ifcfg-ipsec0
Interesting link re tunnel mode but to a single host.
http://hellewell.homeip.net/phillip/blogs/index.php?entry=entry070623-160740
0 Comments