IF you are not stuck to IPSec, you might want to take a look at OpenVPN (www.openvpn.org). I found OpenVPN easier to install than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution between my German office and our mainoffice in a matter of hours.
Thom van der Boon E-Mail: Thom.van.der.Boon@vdb.nl
=====
Thom.H. van der Boon b.v. Havens 563 Jan Evertsenweg 2-4 NL-3115 JA Schiedam Tel.: +31 (0)10 4272727 Fax: +31 (0)10 4736620 E-Mail: info@vdb.nl Home Page: http://www.vdb.nl/
simone72@email.it 23.05.2005 18:18:56 >>>
Hi list, I am trying to create a VPN between two different locations. On the first location we have a cisco pix 525 Natting the internal 192.168.100.x network, while on the second location we have a Centos3 box Natting via iptables the internal 192.168.10.x netowrk. My goal is to connect this 2 over the internet via IPsec. I created the IPsec Net2Net via the network configuration graphic tool, and I configured the cisco following the howto http://www.johnleach.co.uk/documents/freeswan-pix/freeswan-pix.html . From my understanding, I should have an ipsec0 network device showing up, so that I could route all traffic from 192.168.10.x directed to 192.168.100.x through it. The thing is that when I try to ifup ipsec0 I get the following errors:
modprobe: modprobe: Can't locate module ripemd160 modprobe: modprobe: Can't locate module cast128 modprobe: modprobe: Can't locate module lzs modprobe: modprobe: Can't locate module lzjh
So, after googling and reading a lot with no success, I would like to ask for advice on this, and successfull story :). I really need to have this VPN running, and I am not tied to this one solution only, linux-to-linux VPN, openVPN or anything else you could suggest would be great.
Thanks in advice
Simone _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thom van der Boon wrote:
IF you are not stuck to IPSec, you might want to take a look at OpenVPN (www.openvpn.org). I found OpenVPN easier to install than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution between my German office and our mainoffice in a matter of hours.
I have to second (resoundingly) Thom on this one. FreeSWAN is perhaps the most painful tool I have ever dealt with on a linux system, and I would avoid it if you could. OpenVPN is much more user friendly, though ultimately my company ended up using hardware appliances here (turned out to be cheaper than paying the sysadmin regularly to keep things up).
J
On Mon, 2005-05-23 at 13:44, Jonathan wrote:
IF you are not stuck to IPSec, you might want to take a look at OpenVPN (www.openvpn.org). I found OpenVPN easier to install than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution between my German office and our mainoffice in a matter of hours.
I have to second (resoundingly) Thom on this one. FreeSWAN is perhaps the most painful tool I have ever dealt with on a linux system, and I would avoid it if you could. OpenVPN is much more user friendly, though ultimately my company ended up using hardware appliances here (turned out to be cheaper than paying the sysadmin regularly to keep things up).
If you are running Centos 3.x you still have CIPE as a fill-in-the-form option in the redhat-config-network GUI (Click the 'new' button above the devices tab). Unfortunately it is gone in Centos 4.
on average i takes me less than 5 minutes to setup vpn with freeswan.....
4 mins of this usually involve finding the right kernel versions....
P. :-)
If anyone wants to know the easyway to use freeswan drop me aline it really is very simple.
Les Mikesell wrote:
On Mon, 2005-05-23 at 13:44, Jonathan wrote:
IF you are not stuck to IPSec, you might want to take a look at OpenVPN (www.openvpn.org). I found OpenVPN easier to install than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution between my German office and our mainoffice in a matter of hours.
I have to second (resoundingly) Thom on this one. FreeSWAN is perhaps the most painful tool I have ever dealt with on a linux system, and I would avoid it if you could. OpenVPN is much more user friendly, though ultimately my company ended up using hardware appliances here (turned out to be cheaper than paying the sysadmin regularly to keep things up).
If you are running Centos 3.x you still have CIPE as a fill-in-the-form option in the redhat-config-network GUI (Click the 'new' button above the devices tab). Unfortunately it is gone in Centos 4.
On Mon, 2005-05-23 at 16:22, Peter Farrow wrote:
on average i takes me less than 5 minutes to setup vpn with freeswan.....
4 mins of this usually involve finding the right kernel versions....
P. :-)
If anyone wants to know the easyway to use freeswan drop me aline it really is very simple.
Can you make it work where the endpoints are behind NAT gateways?
Thanks, for all the suggestions, this is so helpful. I have to say I thought using the redhat-config-network tool was the easiest way to do it, but once again I realize how graphical tools can be misleading sometimes. I have no ipsec.conf anywhere, so I assume I am not using freeswan. I checked on the site, but I cannot find any freeswan for kernel 2.4.21-* looks like there's only 2.4.20 or 2.4.22, so I am stuck. Checked the old updates for a 2.4.20 kernel but couldn't find any. If anyone can point me somewhere I can find a kernel suitable for freeswan I'd appreciate (running CentOS 3). I am not stuck with any solution, so OpenVPN is an option, although I found this good guide to make it work between cisco pix and freeswan and I'd rather give it a try. I red on the site that freeswan is no more under development, should this worry us? And final consideration, the box I am trying to VPN is the natting gateway, so thanks for the hints on iptables configuration.
Simone
Peter Farrow wrote:
on average i takes me less than 5 minutes to setup vpn with freeswan.....
4 mins of this usually involve finding the right kernel versions....
P. :-)
If anyone wants to know the easyway to use freeswan drop me aline it really is very simple.
Les Mikesell wrote:
On Mon, 2005-05-23 at 13:44, Jonathan wrote:
IF you are not stuck to IPSec, you might want to take a look at OpenVPN (www.openvpn.org). I found OpenVPN easier to install than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution between my German office and our mainoffice in a matter of hours.
I have to second (resoundingly) Thom on this one. FreeSWAN is perhaps the most painful tool I have ever dealt with on a linux system, and I would avoid it if you could. OpenVPN is much more user friendly, though ultimately my company ended up using hardware appliances here (turned out to be cheaper than paying the sysadmin regularly to keep things up).
If you are running Centos 3.x you still have CIPE as a fill-in-the-form option in the redhat-config-network GUI (Click the 'new' button above the devices tab). Unfortunately it is gone in Centos 4.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Give me your kernel version and I will find you an Ipsec compatible set .....
I have used 2.4.20... with IPSec...
P.
Simone wrote:
Thanks, for all the suggestions, this is so helpful. I have to say I thought using the redhat-config-network tool was the easiest way to do it, but once again I realize how graphical tools can be misleading sometimes. I have no ipsec.conf anywhere, so I assume I am not using freeswan. I checked on the site, but I cannot find any freeswan for kernel 2.4.21-* looks like there's only 2.4.20 or 2.4.22, so I am stuck. Checked the old updates for a 2.4.20 kernel but couldn't find any. If anyone can point me somewhere I can find a kernel suitable for freeswan I'd appreciate (running CentOS 3). I am not stuck with any solution, so OpenVPN is an option, although I found this good guide to make it work between cisco pix and freeswan and I'd rather give it a try. I red on the site that freeswan is no more under development, should this worry us? And final consideration, the box I am trying to VPN is the natting gateway, so thanks for the hints on iptables configuration.
Simone
Peter Farrow wrote:
on average i takes me less than 5 minutes to setup vpn with freeswan.....
4 mins of this usually involve finding the right kernel versions....
P. :-)
If anyone wants to know the easyway to use freeswan drop me aline it really is very simple.
Les Mikesell wrote:
On Mon, 2005-05-23 at 13:44, Jonathan wrote:
IF you are not stuck to IPSec, you might want to take a look at OpenVPN (www.openvpn.org). I found OpenVPN easier to install than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution between my German office and our mainoffice in a matter of hours.
I have to second (resoundingly) Thom on this one. FreeSWAN is perhaps the most painful tool I have ever dealt with on a linux system, and I would avoid it if you could. OpenVPN is much more user friendly, though ultimately my company ended up using hardware appliances here (turned out to be cheaper than paying the sysadmin regularly to keep things up).
If you are running Centos 3.x you still have CIPE as a fill-in-the-form option in the redhat-config-network GUI (Click the 'new' button above the devices tab). Unfortunately it is gone in Centos 4.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
and 2.4.21.... :-)
Peter Farrow wrote:
Give me your kernel version and I will find you an Ipsec compatible set .....
I have used 2.4.20... with IPSec...
P.
Simone wrote:
Thanks, for all the suggestions, this is so helpful. I have to say I thought using the redhat-config-network tool was the easiest way to do it, but once again I realize how graphical tools can be misleading sometimes. I have no ipsec.conf anywhere, so I assume I am not using freeswan. I checked on the site, but I cannot find any freeswan for kernel 2.4.21-* looks like there's only 2.4.20 or 2.4.22, so I am stuck. Checked the old updates for a 2.4.20 kernel but couldn't find any. If anyone can point me somewhere I can find a kernel suitable for freeswan I'd appreciate (running CentOS 3). I am not stuck with any solution, so OpenVPN is an option, although I found this good guide to make it work between cisco pix and freeswan and I'd rather give it a try. I red on the site that freeswan is no more under development, should this worry us? And final consideration, the box I am trying to VPN is the natting gateway, so thanks for the hints on iptables configuration.
Simone
Peter Farrow wrote:
on average i takes me less than 5 minutes to setup vpn with freeswan.....
4 mins of this usually involve finding the right kernel versions....
P. :-)
If anyone wants to know the easyway to use freeswan drop me aline it really is very simple.
Les Mikesell wrote:
On Mon, 2005-05-23 at 13:44, Jonathan wrote:
IF you are not stuck to IPSec, you might want to take a look at OpenVPN (www.openvpn.org). I found OpenVPN easier to install than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution between my German office and our mainoffice in a matter of hours.
I have to second (resoundingly) Thom on this one. FreeSWAN is perhaps the most painful tool I have ever dealt with on a linux system, and I would avoid it if you could. OpenVPN is much more user friendly, though ultimately my company ended up using hardware appliances here (turned out to be cheaper than paying the sysadmin regularly to keep things up).
If you are running Centos 3.x you still have CIPE as a fill-in-the-form option in the redhat-config-network GUI (Click the 'new' button above the devices tab). Unfortunately it is gone in Centos 4.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Well, I would use lastest 2.4 kernel, 2.4.21-27.0.4, but I downloaded freeswan-utils-2.05 and kernel-module-freeswan-2.05 from dags repository for kernel 2.4.21-15 and I am giving it a try with that kernel. I would certainly appreciate if you could provide a set for the latest 2.4 kernel, and even more I would appreciate if you could tell me how to find it myself. I have seen on freeswan's website that I can grab the srpms, so I was wondering if recompilig could be an option (maybe with dag's spec file?) to always have a working freeswan set no matter which kernel I am using.
Thanks again, have a nice day
Simone
Peter Farrow wrote:
Give me your kernel version and I will find you an Ipsec compatible set .....
I have used 2.4.20... with IPSec...
P.
Simone wrote:
Thanks, for all the suggestions, this is so helpful. I have to say I thought using the redhat-config-network tool was the easiest way to do it, but once again I realize how graphical tools can be misleading sometimes. I have no ipsec.conf anywhere, so I assume I am not using freeswan. I checked on the site, but I cannot find any freeswan for kernel 2.4.21-* looks like there's only 2.4.20 or 2.4.22, so I am stuck. Checked the old updates for a 2.4.20 kernel but couldn't find any. If anyone can point me somewhere I can find a kernel suitable for freeswan I'd appreciate (running CentOS 3). I am not stuck with any solution, so OpenVPN is an option, although I found this good guide to make it work between cisco pix and freeswan and I'd rather give it a try. I red on the site that freeswan is no more under development, should this worry us? And final consideration, the box I am trying to VPN is the natting gateway, so thanks for the hints on iptables configuration.
Simone
Peter Farrow wrote:
on average i takes me less than 5 minutes to setup vpn with freeswan.....
4 mins of this usually involve finding the right kernel versions....
P. :-)
If anyone wants to know the easyway to use freeswan drop me aline it really is very simple.
Les Mikesell wrote:
On Mon, 2005-05-23 at 13:44, Jonathan wrote:
IF you are not stuck to IPSec, you might want to take a look at OpenVPN (www.openvpn.org). I found OpenVPN easier to install than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution between my German office and our mainoffice in a matter of hours.
I have to second (resoundingly) Thom on this one. FreeSWAN is perhaps the most painful tool I have ever dealt with on a linux system, and I would avoid it if you could. OpenVPN is much more user friendly, though ultimately my company ended up using hardware appliances here (turned out to be cheaper than paying the sysadmin regularly to keep things up).
If you are running Centos 3.x you still have CIPE as a fill-in-the-form option in the redhat-config-network GUI (Click the 'new' button above the devices tab). Unfortunately it is gone in Centos 4.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
go to rpm.pbone.net and click on the advanced search
enter kernel-2.4.21-15 and download a 2.4.21-15 kernel to match your freeswan rpms, regressing from 2.4.21-27 to 2.4.21-15 will not be problem for you unless a system chipset driver is missing in which case you may lose a network card or get slower disk performance.
You can check the disk performance on each kernel with
hdparm -t /dev/hda for example if you have an ide drive....
The most likely (but still improbable) problem you will get is a slower chipset disk driver.... but I would bet money on it being ok...
P.
Simone wrote:
Well, I would use lastest 2.4 kernel, 2.4.21-27.0.4, but I downloaded freeswan-utils-2.05 and kernel-module-freeswan-2.05 from dags repository for kernel 2.4.21-15 and I am giving it a try with that kernel. I would certainly appreciate if you could provide a set for the latest 2.4 kernel, and even more I would appreciate if you could tell me how to find it myself. I have seen on freeswan's website that I can grab the srpms, so I was wondering if recompilig could be an option (maybe with dag's spec file?) to always have a working freeswan set no matter which kernel I am using.
Thanks again, have a nice day
Simone
Peter Farrow wrote:
Give me your kernel version and I will find you an Ipsec compatible set .....
I have used 2.4.20... with IPSec...
P.
Simone wrote:
Thanks, for all the suggestions, this is so helpful. I have to say I thought using the redhat-config-network tool was the easiest way to do it, but once again I realize how graphical tools can be misleading sometimes. I have no ipsec.conf anywhere, so I assume I am not using freeswan. I checked on the site, but I cannot find any freeswan for kernel 2.4.21-* looks like there's only 2.4.20 or 2.4.22, so I am stuck. Checked the old updates for a 2.4.20 kernel but couldn't find any. If anyone can point me somewhere I can find a kernel suitable for freeswan I'd appreciate (running CentOS 3). I am not stuck with any solution, so OpenVPN is an option, although I found this good guide to make it work between cisco pix and freeswan and I'd rather give it a try. I red on the site that freeswan is no more under development, should this worry us? And final consideration, the box I am trying to VPN is the natting gateway, so thanks for the hints on iptables configuration.
Simone
Peter Farrow wrote:
on average i takes me less than 5 minutes to setup vpn with freeswan.....
4 mins of this usually involve finding the right kernel versions....
P. :-)
If anyone wants to know the easyway to use freeswan drop me aline it really is very simple.
Les Mikesell wrote:
On Mon, 2005-05-23 at 13:44, Jonathan wrote:
> IF you are not stuck to IPSec, you might want to take a look at > OpenVPN (www.openvpn.org). I found OpenVPN easier to install > than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution > between my German office and our mainoffice in a matter of hours. > > > >
I have to second (resoundingly) Thom on this one. FreeSWAN is perhaps the most painful tool I have ever dealt with on a linux system, and I would avoid it if you could. OpenVPN is much more user friendly, though ultimately my company ended up using hardware appliances here (turned out to be cheaper than paying the sysadmin regularly to keep things up).
If you are running Centos 3.x you still have CIPE as a fill-in-the-form option in the redhat-config-network GUI (Click the 'new' button above the devices tab). Unfortunately it is gone in Centos 4.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Jonathan -
Les Mikesell -
Peter Farrow -
Simone -
Thom van der Boon