Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > IPSec Routing for unencrypted traffix

Reply
Thread Tools Display Modes

IPSec Routing for unencrypted traffix

 
 
Marc Warne
Guest
Posts: n/a

 
      05-19-2005, 06:30 PM
Hi,

Here's my home setup:

192.168.1.1 192.168.1.3
192.168.0.100 192.168.0.1
[ internet ] <---> [ linux 1 ] <---> [ linux 2 ] <---> [ non-linux ]
| | |
unencrypted encrypted unencrypted
ADSL wireless CAT5

The 'linux 1' box is essentially the router to the Internet. Connections
from 'linux 2' go via a wireless link, through 'linux 1' and to the
Internet. This link is encrypted using IPSec (ipsec.confs shown below).

The non-linux machine does not and cannot have IPSec running. I need
to be able to route traffic from the non-linux machine through 'linux 2'
(preferably encrypting it on the fly) and to 'linux 1'. I have the
setup working fine when the wireless link is not encrypted, but the
non-linux machine cannot even ping 'linux 2' and I'm not sure how to
get this to work and for traffic to be routed.

Both Linux machines are running kernel 2.6.

ipsec.conf for linux 1:
-----------------------
#!/usr/sbin/setkey -f

flush;
spdflush;

add 192.168.0.100 192.168.0.1 esp 0x301 -m tunnel -E rijndael-cbc "password00000001";
add 192.168.0.1 192.168.0.100 esp 0x201 -m tunnel -E rijndael-cbc "2222222222222222";

# Security policies
spdadd 192.168.0.1/32 0.0.0.0/0 any -P in ipsec
esp/tunnel/192.168.0.1-192.168.0.100/require;

spdadd 0.0.0.0/0 192.168.0.1/32 any -P out ipsec
esp/tunnel/192.168.0.100-192.168.0.1/require;


ipsec.conf for linux 2:
-----------------------
#!/usr/sbin/setkey -f

flush;
spdflush;

add 192.168.0.100 192.168.0.1 esp 0x301 -m tunnel -E rijndael-cbc "password00000001";
add 192.168.0.1 192.168.0.100 esp 0x201 -m tunnel -E rijndael-cbc "22222222234-asm!";

# Security policies
spdadd 192.168.0.1/32 0.0.0.0/0 any -P out ipsec
esp/tunnel/192.168.0.1-192.168.0.100/require;

spdadd 0.0.0.0/0 192.168.0.1/32 any -P in ipsec
esp/tunnel/192.168.0.100-192.168.0.1/require;



Could somebody please tell me what I need to add to allow the routing
(and preferably encryption) to work? I presume it'll be a line or two
to add just on ipsec.conf for 'linux 2', but I'm not sure.

Thanks very much.

All the best,

Marc Warne
--
(E-Mail Removed)
http://www.alpha-programming.co.uk/
 
Reply With Quote
 
 
 
Reply

« Is there any static ARP concept for static IP network? | No response from the gateway »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
WPA encrypted connection reporting as unencrypted Niniel Wireless Networks 3 01-27-2009 09:49 PM
IPSEC routing ? Scott Windows Networking 7 01-10-2009 11:42 AM
IPSEC routing problem... Jani Niemi Linux Networking 0 11-19-2006 05:53 PM
IPsec tunneling problem: tcpdump and iptables see unencrypted traffic Jurjen Oskam Linux Networking 0 05-23-2004 02:39 PM
IPsec tunneling problem: tcpdump and iptables see unencrypted traffic Jurjen Oskam Linux Networking 0 05-23-2004 01:03 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11