[Swan] labeled_ipsec RHEL6 <-> RHEL7 problem
Ted Toth
txtoth at gmail.com
Fri Sep 26 17:30:18 EEST 2014
Updated to libreswan-3.10-1.el6.x86_64 and it started working (I
think) as now I can ssh ...
On Fri, Sep 26, 2014 at 9:05 AM, Ted Toth <txtoth at gmail.com> wrote:
> I'm trying to setup a RHEL6 and RHEL7 box to talk labeled ipsec but
> it's not working completely. Here's my configuration on the RHEL6 box:
> conn dot75
> authby=secret
> rekey=no
> type=transport
> keylife=3600s
> left=%defaultroute
> right=192.168.25.75
> auto=start
> phase2=esp
> phase2alg=aes-sha1
> labeled_ipsec=yes
> policy_label=system_u:object_r:ipsec_spd_t:s0-s15:c0.c1023
> leftprotoport=tcp
> rightprotoport=tcp
>
> The RHEL7 box uses the same except 'right' is the ip of the RHEL6 box.
>
> When I try and ssh from RHEL6 to RHEL7 I get a connection timeout.
> sshing from RHEL7 to RHEL6 works. If I don't use labeled_ipsec
> everything works as expected. RHEL6 has libreswan-3.8-1.el6.x86_64 and
> RHEL7 has
> libreswan-3.8-5.el7.x86_64. Any ideas on how to fix this problem?
>
> Ted
More information about the Swan
mailing list