search for: netkey

Hi, I have setup a IPSEC VPN using Openswan to connect a Draytek router to a CentOS 5.2/Shorewall 4.2.9 firewall. The VPN establishes OK but I''m getting a problem with packets from the left hand subnet getting masqueraded rather than routed down the IPSEC VPN as though they were going out onto the net. I''ve spent the last day searching Google and so far I''ve hit a

# ipsec verify ... If you encounter network related SElinux errors, especially when using KLIPS, try disabling SElinux ... Well, it is not running KLIPS but netkey, anyways I feel not comfortable about disabling selinux on a ipsec router. I am not sure how to handle possible probems in this case, too. If I decide not to disable selinux, and I run into problems, should I a) report it to redhat as a bug, because it is b) disable selinux because ipsec is not m...

...of the SA is expired and do a setkey -F on the remote and then ping through the tunnel. Because the old SA's are preferred and the remote no longer has the old SA's the server and the remote cannot talk through the tunnel. Looking at the source code in netipsec/key.c and comparing it with netkey/key.c I see the there is some differences that didn't make it into netipsec/key.c. Here is a context diff applied to 1.3.2.2 of the changes I made to fix the problem. *** /tmp/ipsec.key.c Thu Sep 11 14:26:07 2003 --- /usr/src/sys/netipsec/key.c Thu Sep 11 14:27:42 2003 *************** ***...

Hi, I want to connect to a Cisco Pix using ipsec. In RH9 I was able to compile openswan 2.4.0 and use it, but in Centos 3.7 I can apply the openswan klips patch. I noted that the centos 3.7 kernel has a ipsec patch from redhat, does this NETKEY patch works with openswan? What ipsec solution do I have in centos 3.7? Should I use another kernel? many thanks Oliver -- Oliver Schulze L. <oliver at samera.com.py>

...tf-ipsec-nat-t-ike-05 Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: ASSERTION FAILED at /builddir/build/BUILD/openswan-2.6.32/programs/pluto/ikev1_main.c:1112: st->st_sec_in_use==FALSE Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: using kernel interface: netkey .... Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: #2: "ciscovpntest":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 39s; nodpd; idle; import:admin initiate Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: #2: pending Phase 2 for &q...