OpenVZ Forum


Home » General » Support » IPSEC with Bridged network
IPSEC with Bridged network [message #32854] Wed, 03 September 2008 07:49 Go to next message
jmslkn is currently offline  jmslkn
Messages: 19
Registered: June 2007
Junior Member
Hi All,

I am working on an IPSEC tunnel between OpenVZ HN to a company network. The IPSEC tunnel (openswan) is up and running, but I have problems with the packet routinng, travelling. Please do not tell me to use OpenVPN (we already have), we need IPSEC tunnel also to connect a company network (cisco router).

The network is bridged, the virtual servers have private IP address (10.10.10.0/24) and the machines are accessible with a local OpenVPN connection (which is works well).
http://www.jvds.com/guide/bridging.php

The virtual server network is 10.10.10.0/24, and the remote connection (cisco) network is 10.70.70.0/24.

What is the correct way to set up the routes between the two sites?

I have found a conflicting configuration options between the OpenVZ documentation and the OpenSwan implementation:

1) OpenVZ configuration states that we do not want all our interfaces to send redirects:
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

2) OpenSwan documentation (selfcheck) states that:

$ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.14/K2.6.18-92.1.1.el5.028stab057.2 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]

Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]

Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]


Any idea? Thanks for your help.

Report message to a moderator

Re: IPSEC with Bridged network [message #32990 is a reply to message #32854] Mon, 15 September 2008 08:43 Go to previous message
jmslkn is currently offline  jmslkn
Messages: 19
Registered: June 2007
Junior Member
Any idea?

Report message to a moderator

Previous Topic: Supported OS's
Next Topic: How to download and boot a template
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sun Jul 14 21:48:17 GMT 2024

Total time taken to generate the page: 0.02323 seconds
Powered by FUDforum Powered by Virtuozzo Containers