[Swan] labeled_ipsec RHEL6 <-> RHEL7 problem
Ted Toth
txtoth at gmail.com
Fri Sep 26 17:05:23 EEST 2014
I'm trying to setup a RHEL6 and RHEL7 box to talk labeled ipsec but
it's not working completely. Here's my configuration on the RHEL6 box:
conn dot75
authby=secret
rekey=no
type=transport
keylife=3600s
left=%defaultroute
right=192.168.25.75
auto=start
phase2=esp
phase2alg=aes-sha1
labeled_ipsec=yes
policy_label=system_u:object_r:ipsec_spd_t:s0-s15:c0.c1023
leftprotoport=tcp
rightprotoport=tcp
The RHEL7 box uses the same except 'right' is the ip of the RHEL6 box.
When I try and ssh from RHEL6 to RHEL7 I get a connection timeout.
sshing from RHEL7 to RHEL6 works. If I don't use labeled_ipsec
everything works as expected. RHEL6 has libreswan-3.8-1.el6.x86_64 and
RHEL7 has
libreswan-3.8-5.el7.x86_64. Any ideas on how to fix this problem?
Ted
More information about the Swan
mailing list