(linux-br)Problemas com OpenSwan no Linux

Sat, 05 Nov 2005 15:36:57 -0800 

Pessoal,

Estou testando vpn sobre Ipsec, uma com ponta com IP
válido (200.178.67.90) e a outra com ponta dinamica
(velox). Estou tendo alguns erros no log. São eles :

# Tentando levantar conexao no link Velox 

[EMAIL PROTECTED] ~]# ipsec auto --up velox-to-intrace
104 "velox-to-intrace" #1: STATE_MAIN_I1: initiate
010 "velox-to-intrace" #1: STATE_MAIN_I1:
retransmission; will wait 20s for response
010 "velox-to-intrace" #1: STATE_MAIN_I1:
retransmission; will wait 40s for response

# Status do Ipsec no Velox

000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 192.168.0.1
000 interface eth1/eth1 192.168.100.1
000 interface ppp0/ppp0 201.19.126.39
000 %myid = (none)
000 debug dns
000
000 "velox-to-intrace":
192.168.1.0/[EMAIL PROTECTED],[EMAIL PROTECTED]@home.net,S=C]===192.168.0.0/24;
unrouted; eroute owner: #0
000 "velox-to-intrace":   ike_life: 3600s; ipsec_life:
28800s; rekey_margin: 540s; rekey_fuzz: 100%;
keyingtries: 0
000 "velox-to-intrace":   policy:
RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface:
ppp0;
000 "velox-to-intrace":   newest ISAKMP SA: #0; newest
IPsec SA: #0;
000
000 #1: "velox-to-intrace" STATE_MAIN_I1 (sent MI1,
expecting MR1); EVENT_RETRANSMIT in 17s
000 #1: pending Phase 2 for "velox-to-intrace"
replacing #0
000

# Logs do Servidor com Ip Valido

Nov  5 16:52:27 capelete pluto[8428]: loading secrets
from "/etc/ipsec.secrets"
Nov  5 16:52:38 capelete pluto[8428]: packet from
201.19.126.39:500: initial Main Mode message received
on 200.167.245.71:500 but no connection has been
authorized

# Status do Ipsec no Link de IP valido

000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 200.167.245.71
000 interface eth0:0/eth0:0 192.168.1.6
000 interface eth0:1/eth0:1 192.168.2.1
000 interface eth0:2/eth0:2 192.168.3.1
000 interface eth0:3/eth0:3 192.168.4.1
000 interface eth0:4/eth0:4 192.168.5.1
000 interface eth1/eth1 192.168.1.2
000 %myid = (none)
000 debug dns

# logs do ipsec look

[EMAIL PROTECTED] ~]# ipsec look
capelete.intrace.net Sat Nov  5 17:01:27 BRST 2005
cat: /proc/net/ipsec_spigrp: No such file or directory
cat: /proc/net/ipsec_eroute: No such file or directory
egrep: /proc/net/ipsec_tncfg: No such file or
directory
sort: open failed: /proc/net/ipsec_spi: No such file
or directory

Isso acontece nas duas pontas. Alguem ja fez isso
funcionar? Liberei no firewall as portas 500 UDP e
TCP, protocolos 50 e 51, porta 4500 UDP,  mas nada
funciona.

lembrete : nao respondam falando para migrar para o
openvpn, pois preciso do ipsec para interligar com um
nortel .

Atenciosamente,

Rodrigo Faria 



        



        
                
_______________________________________________________ 
Yahoo! Acesso Grátis: Internet rápida e grátis. 
Instale o discador agora!
http://br.acesso.yahoo.com/

---------------------------------------------------------------------------
Esta lista é patrocinada pela Conectiva S.A. Visite http://www.conectiva.com.br

Arquivo: http://bazar2.conectiva.com.br/mailman/listinfo/linux-br
Regras de utilização da lista: http://linux-br.conectiva.com.br
FAQ: http://www.zago.eti.br/menu.html

Responder a