I am attempting to create an ipsec tunnel between two CentOS 5.1 systems, network-to-network with two different 192.168.xxx.0/24 LAN segments. I have gone through the documentation on the centos web site, and have the machines to the point where the /var/log/messages show ``IPsec-SA established'' on both machines after runnig ``ifup ipsec0'' (same ipsec0 on each machine).
IP forwarding is configured in /etc/sysctl.conf and in the proper /proc ``file''.
``netstat -rn'' shows a reasonable looking route on each machine with the gateway as the private IP for the internal LAN.
The iptables on each machine are totally clear with no filters.
Attempting to ping the private interface on the remote machine results in this where the xx.xx... is the IP address of the public LAN.
From xx.xx.xxx.xxx icmp_seq=2 Destination Host Unreachable
Running tcpdump on another Linux box on the remote network that is our main connection to the internet so sits between the remote machine and our T1 does not show any packets from the machine attempting to ping the remote or attempting to make an ssh connection to the remote machine's private IP.
At this point I'm at a loss as what to try to debug this. My previous IPsec experience was with Freeswan on an older SuSE box which is quite different in the system setup. The centos/rh documentation is not totally clear what IP is meant by SRCGW, but looking at the ifcfg-ipsec script, it assigns the private IP of the internal network NIC if SRCGW is not set.
I expected to see an ``ipsec0'' device from ``ifconfig'', as was done with freeswan, but either that's not the case with ipsec-tools or I have something hosed.
Bill