Linux and Freeswan 2

[tadan]

Hi all!
I have a madnrake 9.2 with freeswan.
I must to use freeswan to make a gate-2-gate conn.
I f I make ipsec verify I receive this error:
[cite on]
Checking your system to see if IPsec got installed and started correctly
Version check and ipsec on-path [OK]
Checking for KLIPS support in kernel [OK]
Checking for RSA private key (/etc/freeswan/ipsec.secrets) [OK]
Checking that pluto is running [OK]
DNS checks.
/usr/lib/ipsec/verify: line 46: host: command not found
Looking for TXT in forward map: miao /usr/lib/ipsec/verif
y: line 55: host: command not found
[MISSING]
Does the machine have at least one non-private address [OK]

[cite off]

What's the mess? (

Many tnx

Francesco "tadan"



Francesco Cabigliera "Tadan"
----------------------------
Italiano Amateur Radio Station
----------- IW3IDS ---------
On Echolink - APRS Active

 

[lgarner]

Offhand it looks like the "host" command isn't found. Is it in your path? Check /usr/lib/ipsec/verify and see what it's doing on lines 46 & 55.

 

[tadan]

Hi lgarner!

On line 46:
[cite on]
host -t key $host |egrep '(0x4200|16896)' >/dev/null
[cite off]

on line 55:
[cite on]
host -t txt $host | egrep 'X-IPsec-Server' >/dev/null
[cite off]

There strings are inserted into an if statement.

Many tnx

Francesco "tadan"


Francesco Cabigliera "Tadan"
----------------------------
Italiano Amateur Radio Station
----------- IW3IDS ---------
On Echolink - APRS Active

 

[lgarner]

OK, what happens if you run "host" at the command prompt? If it's not in your path, you could add the full path to the verify file, or symlink it to a directory that is in your path.

 

[tadan]

Hi!
with root perms. if I try to launch "host" I recevie the error:
[cite on]
bash: host: command not found
[cite off]

also, if I try to launch the ipsec connection with the command ipsec auto --up mynameconnection
I receive the error
[cite on]
021 no connection named "mynameconnetcion"
[cite off]

(note that mynameconnection is the value of var conn into ipsec.conf)

many tnx

Francesco "tadan"


Francesco Cabigliera "Tadan"
----------------------------
Italiano Amateur Radio Station
----------- IW3IDS ---------
On Echolink - APRS Active

 

[lgarner]

You'll need to find the 'host' command. Otherwise, this is beyond my expertise. I've still have some FreeS/WAN links, but I set them up manually. It looks like your setup is looking to DNS for the key and maybe description (the KEY and TXT lookups).

If the command is on your computer, you could hunt it down with "find / -name host". If it's not there, then I don't know. Maybe run the Linux installation again, and check the packages carefully? That command's just always been in my installations, like "cat" and "ls".

 

[jaymzter]

in mandrake 9.1 `host' is part of the bind-utils-9.2.2-1mdk package. ensure that is installed `rpm -qa|grep bind`

 

[tadan]

Hi all!
Many many tnx for you're posts!
Ok now I have been installed succesfully the bind-utils pkg!
If I launch ipsec verify now I have this error:
[cite on]
Dns checks:
Looking for TXT in forward map: miao [MISSING]
[cite off]

(miao is the name of my linux machine! )

I think there some missing about dns parms. but I don't how can I do!
I've been verify the eth0 config. and there are the dns!!


Mant thanks

Francesco "Tadan"



Francesco Cabigliera "Tadan"
----------------------------
Italiano Amateur Radio Station
----------- IW3IDS ---------
On Echolink - APRS Active

 

[ericbrunson]

You need to add a text record to your DNS maps. It's in the installation howto.