[TCLUG] IPSEC

[Jeff Rasmussen]

I'm running into problems working with IPSEC under the 2.6 kernel
(KAME).  I'm trying to set up a simple pre-shared key vpn site-to-site
connection.  I have set up Debian as a router before using shorewall
and thought I would just have to create the tunnel and adjust the
shorewall firewall accordingly.  But I must be missing something.

Debian uses racoon-tool for setting up the vpn tunnel and this is my
configuration.

global:
        log: notify

peer(%default):
        verify_identifier: on
        connection(%default):
        src_ip: local_ip_address     #I've put in my dhcp assigned ip
address here

# Remote
peer(remote_ip_address):
        peers_identifier: address
connection(remote):
        dst_range: 172.17.17.0/24    #remote non-routeable network
        dst_ip: remote_ip_address
        admin_status: enabled

When I run racoon-tool 'vpnup remote' I get 'Starting VPN
remote...done.'  Nothing changes in route or under ifconfig.

What am I missing?

-- 
Jeff Rasmussen
GPG public key 0x9686C12F

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list