To who it may concern,

I'm trying to set up a VPN connection between an IPSEC server running on
Red Hat Linux 9.0.

I have a RedHat Firewall and I'm using a custom IPTABLES script to set up
all the firewall rules with 2 ethernet cards (ETH0 and ETH1).

ETH0 is my internal interface (with my internal IP address 192.168.200.x).

ETH1 is my external address (public IP address).

Here's the configuration of my IPTABLES script on startup:

# Generated by iptables-save v1.2.3 on Thu Jul 25 13:14:53 2002
*filter
:INPUT ACCEPT [6387:1029714]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1553:179245]
-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth1 -j ACCEPT
-A FORWARD -j LOG
COMMIT
# Completed on Thu Jul 25 13:14:53 2002
# Generated by iptables-save v1.2.3 on Thu Jul 25 13:14:53 2002
*nat
:PREROUTING ACCEPT [1661:133570]
:POSTROUTING ACCEPT [19:1177]
:OUTPUT ACCEPT [31:1977]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Thu Jul 25 13:14:53 2002

I have ip_forward turned ON and MASQUERADING ON as well.

This is my situation so far:

- I've downloaded and installed FREESWAN 2.04 in RPM format for Redhat 9.0
- I've followed the configuration outlined in this page:
http://www.freeswan.org/freeswan_tre...c/install.html
- I've generated a key for both machines and turned on OE
- I've tried to test this with a RedHat 9.0 machine INSIDE my LAN
- I've installed the same FREESWAN package that are installed on the
gateway/firewall

Here's my ipsec.conf file:

#ADDED for OE
conn block
auto=ignore

conn private
auto=ignore

conn private-or-clear
auto=ignore

conn clear-or-private
auto=ignore

conn clear
auto=ignore

conn packetdefault
auto=ignore
# END OF ADDITION

conn net-to-net
left=(public IP address on ETH1 of gateway/firewall) # Local vitals
leftsubnet=(public IP subnet)/24 # (not the
192.168.200.x address...the public address)
leftid=@(public IP host name of firewall) #
leftfirewall=yes
leftrsasigkey=0sAQO4hE+zH71Op...
leftnexthop=%defaultroute #

right=192.168.200.54 # Remote vitals (IP address of RedHat
# client inside the LAN)
rightsubnet=192.168.200.0/24 #
rightupdown=
rightid=@(hostname of client) #
rightrsasigkey=0sAQODxSssh84... #
rightnexthop=%defaultroute # correct in many situations
auto=add # authorizes but doesn't start this
# connection at startup

When I try to run this command:

/usr/local/sbin/ipsec auto --up net-to-net

this is the output of the command:

112 "net-to-net" #19: STATE_QUICK_I1: initiate
003 "net-to-net" #19: up-client command exited with status 127
032 "net-to-net" #19: STATE_QUICK_I1: internal error
003 "net-to-net" #19: up-client command exited with status 127
032 "net-to-net" #19: STATE_QUICK_I1: internal error
010 "net-to-net" #19: STATE_QUICK_I1: retransmission; will wait 20s for
response
010 "net-to-net" #19: STATE_QUICK_I1: retransmission; will wait 40s for
response
003 "net-to-net" #19: up-client command exited with status 127
032 "net-to-net" #19: STATE_QUICK_I1: internal error
031 "net-to-net" #19: max number of retransmissions (2) reached
STATE_QUICK_I1. No acceptable response to ou
r first Quick Mode message: perhaps peer likes no proposal
000 "net-to-net" #19: starting keying attempt 2 of an unlimited number,
but releasing whack

This is the output of the /var/log/secure file:

Dec 15 17:28:14 host pluto[2859]: "net-to-net" #28: up-client command
exited with status 127
Dec 15 17:28:24 host pluto[2859]: "net-to-net" #28: up-client output:
/usr/local/lib/ipsec/_updown: line 250:
ipfwadm: command not found
Dec 15 17:28:24 host pluto[2859]: "net-to-net" #28: up-client command
exited with status 127
Dec 15 17:28:29 host pluto[2859]: "net-to-net" #27: up-client output:
/usr/local/lib/ipsec/_updown: line 250:
ipfwadm: command not found
Dec 15 17:28:29 host pluto[2859]: "net-to-net" #27: up-client command
exited with status 127
Dec 15 17:28:33 host pluto[2859]: "net-to-net" #26: max number of
retransmissions (2) reached STATE_QUICK_I1.

This is where I'm at right now. I would like to set up a WIN XP client to
connect to my internal LAN from an external address. Many DOCs on the web
do not cover these steps clearly!!

Is there any documentation out these that can show how to setup this type
of VPN step by step? (RED HAT SERVER with FREESWAN Ipsec...server
functions as the network gateway and firewall....Win 2000, XP and 98
Client).

I'm very confused and in need of help!

Thanx and take care!

Danny (donato@ssi-corp.com)