[Swan] labeled_ipsec RHEL6 <-> RHEL7 problem
Ted Toth
txtoth at gmail.com
Fri Sep 26 18:03:40 EEST 2014
Well now I don't think it's working. I wrote a simple socket
server/client and in the client I call getpeercon which fails with:
Traceback (most recent call last):
File "simpleclient.py", line 6, in <module>
(rc, con) = selinux.getpeercon(clientsocket.fileno())
OSError: [Errno 92] Protocol not available
I noticed in the output of 'ipsec auto status' a line
'SELinux=disabled' what does this mean?
Ted
On Fri, Sep 26, 2014 at 9:30 AM, Ted Toth <txtoth at gmail.com> wrote:
> Updated to libreswan-3.10-1.el6.x86_64 and it started working (I
> think) as now I can ssh ...
>
> On Fri, Sep 26, 2014 at 9:05 AM, Ted Toth <txtoth at gmail.com> wrote:
>> I'm trying to setup a RHEL6 and RHEL7 box to talk labeled ipsec but
>> it's not working completely. Here's my configuration on the RHEL6 box:
>> conn dot75
>> authby=secret
>> rekey=no
>> type=transport
>> keylife=3600s
>> left=%defaultroute
>> right=192.168.25.75
>> auto=start
>> phase2=esp
>> phase2alg=aes-sha1
>> labeled_ipsec=yes
>> policy_label=system_u:object_r:ipsec_spd_t:s0-s15:c0.c1023
>> leftprotoport=tcp
>> rightprotoport=tcp
>>
>> The RHEL7 box uses the same except 'right' is the ip of the RHEL6 box.
>>
>> When I try and ssh from RHEL6 to RHEL7 I get a connection timeout.
>> sshing from RHEL7 to RHEL6 works. If I don't use labeled_ipsec
>> everything works as expected. RHEL6 has libreswan-3.8-1.el6.x86_64 and
>> RHEL7 has
>> libreswan-3.8-5.el7.x86_64. Any ideas on how to fix this problem?
>>
>> Ted
More information about the Swan
mailing list