Ola Pessoal Estou instalando uma VPN atrav�s de 2 modems ADSL. Os modems est�o no modo Router onde o IP V�lido fica no pr�prio modem. Sendo assim possuo regras de NAT que direcionam as chamadas do IP v�lido para o IP falso que est� configurado na placa de rede do meu computador. ( A porta que estou redirecionando � a 500 ).
O que acontece � que simplesmente n�o funciona e n�o sei o que esta errado. Fiz testes em uma rede local simulando os Gateways e a VPN funciona perfeitamente, o que quer dizer que a configura��o esta certo. Minhas duvidas s�o as seguintes: Consigo fazer VPN atraves de modems ADSL nos dois lados utilizando Freeswan? Quais portas devo liberar para a VPN com Freeswan (IPSec)? Se alguem puder me ajudar, estou passando os arquivos de log para alguem tentar detectar meu erro. [EMAIL PROTECTED] fabio]# ipsec verify Checking your system to see if IPsec got installed and started correctly Version check and ipsec on-path [OK] Checking for KLIPS support in kernel [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] DNS checks. Looking for forward key for fw.hospital.intranet [OK] Does the machine have at least one non-private address [FAILED] [EMAIL PROTECTED] fabio]# ipsec whack --status 000 interface ipsec0/eth0 192.168.1.254 000 000 "hospital-unimed": 192.168.2.0/24===200.96.66.134---192.168.1.1...10.0.0.138---200.102.201.73== =192.168.1.0/24 000 "hospital-unimed": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "hospital-unimed": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: ; unrouted 000 "hospital-unimed": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0 000 000 # cat /var/log/messages Mai 26 22:06:15 fw ipsec_setup: Starting FreeS/WAN IPsec 1.99... Mai 26 22:06:15 fw ipsec_setup: Using /lib/modules/2.4.21-28872cl/kernel/net/ipsec/ipsec.o May 26 22:06:15 fw /etc/hotplug/net.agent: invoke ifup ipsec2 May 26 22:06:15 fw /etc/hotplug/net.agent: invoke ifup ipsec1 May 26 22:06:15 fw /etc/hotplug/net.agent: invoke ifup ipsec0 May 26 22:06:15 fw /etc/hotplug/net.agent: invoke ifup ipsec3 May 26 22:06:15 fw ipsec_setup: KLIPS ipsec0 on eth0 192.168.1.254/255.255.255.0 broadcast 192.168.1.255 May 26 22:06:15 fw ipsec_setup: ...FreeS/WAN IPsec started May 26 22:06:16 fw kernel: ip_tables: (C) 2000-2002 Netfilter core team May 26 22:06:16 fw kernel: ip_conntrack version 2.1 (959 buckets, 7672 max) - 300 bytes per conntrack May 26 22:06:16 fw ipsec__plutorun: 022 "hospital-unimed": we have no ipsecN interface for either end of this connection May 26 22:06:16 fw ipsec__plutorun: ...could not route conn "hospital-unimed" May 26 22:06:16 fw ipsec__plutorun: 022 "hospital-unimed": we have no ipsecN interface for either end of this connection May 26 22:06:16 fw ipsec__plutorun: ...could not start conn "hospital-unimed" # cat /var/log/secure May 26 22:06:15 fw ipsec__plutorun: Starting Pluto subsystem... May 26 22:06:16 fw pluto[1428]: Starting Pluto (FreeS/WAN Version 1.99) May 26 22:06:16 fw pluto[1428]: including X.509 patch (Version 0.9.15) May 26 22:06:16 fw pluto[1428]: Changing to directory '/etc/ipsec.d/cacerts' May 26 22:06:16 fw pluto[1428]: Warning: empty directory May 26 22:06:16 fw pluto[1428]: Changing to directory '/etc/ipsec.d/crls' May 26 22:06:16 fw pluto[1428]: Warning: empty directory May 26 22:06:16 fw pluto[1428]: could not open my default X.509 cert file '/etc/x509cert.der' May 26 22:06:16 fw pluto[1428]: OpenPGP certificate file '/etc/pgpcert.pgp' not found May 26 22:06:16 fw pluto[1428]: added connection description "hospital-unimed" May 26 22:06:16 fw pluto[1428]: listening for IKE messages May 26 22:06:16 fw pluto[1428]: adding interface ipsec0/eth0 192.168.1.254 May 26 22:06:16 fw pluto[1428]: loading secrets from "/etc/ipsec.secrets" May 26 22:06:16 fw pluto[1428]: "hospital-unimed": we have no ipsecN interface for either end of this connection F�bio Ricardo Schneider, MSc --------------------------------------------------------------------------- Esta lista � patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br Regras de utiliza��o da lista: http://linux-br.conectiva.com.br FAQ: http://www.zago.eti.br/menu.html
