lonely wolf wrote:
Ok, deci IPSEC scrie pe mine :) , din pacate nu am mai facut IPSEC
pana acum, doar OpenVPN.
asadar, stiti ceva success story cu Freeswan?
da, am folosit din 2000. inca am masini instalate in 2001.
merge bine pe kernel 2.6 ca am citit ceva doc-uri ca nu prea e
suportat pe 2.6
2.6 are deja ipsec in kernel.
sau ce as putea eventual folosi?
ai mai multe variante.
- cea purista: folosesti racoon. intreaba-l pe google, are raspuns
exact la intrebarea ta.
- metoda redhat: in distro RH noi poti sa creezi ifcfg-ipsec si se
ridica interfata la fel ca si ifcfg-eth. Detalii in manualul de la RH
pe site
- openswan (succesorul lui freeswan, care a decedat). documentatia e
la www.openswan.org
personal , intrucit am folosit multi ani freeswan, cind am trecut la
kernel-2.6 am folosit openswan. eram familiarizat cu setarile si mi
s-a parut de bun simt sa pastrez ceea ce aveam. pt cei care nu sint
asa puturosi ca mine, varianta racoon configurat ca la carte (nu via
openswan, care asta face de fapt) cred ca e o metoda OK
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
Am inceput sa fac configuratia cu openswan, reusesc sa ma conectez, dar
nu trec de Phase1:
002 "conexiune" #1: initiating Main Mode
104 "conexiune" #1: STATE_MAIN_I1: initiate
002 "conexiune" #1: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2
106 "conexiune" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "conexiune" #1: I did not send a certificate because I do not have one.
002 "conexiune" #1: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3
108 "conexiune" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "conexiune" #1: Main mode peer ID is ID_IPV4_ADDR: 'xxx.xxx.xxx.xxx'
002 "conexiune" #1: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4
004 "conexiune" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
002 "conexiune" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP
{using isakmp#1}
117 "conexiune" #2: STATE_QUICK_I1: initiate
010 "conexiune" #2: STATE_QUICK_I1: retransmission; will wait 20s for
response
010 "conexiune" #2: STATE_QUICK_I1: retransmission; will wait 40s for
response
031 "conexiune" #2: max number of retransmissions (2) reached
STATE_QUICK_I1. No acceptable response to our first Quick Mode message:
perhaps peer likes no proposal
000 "conexiune" #2: starting keying attempt 2 of an unlimited number,
but releasing whack
STATE_MAIN_I4: ISAKMP SA established - deduc ca se autentifica cu
preshared key, dar mai departe nu-i place ceva...
sa fie oare "quick mode" ?
=================================================
informatiile pe care le am despre celalat capat:
External IP of my Firewall xxx.xxx.xxx.xxx
DES
SHA
Shared Key : un_cuvant
My LAN 192.168.10.0 / 24
Diffie Hellman groupe 1
No perfect forword
N aggressive mode
Parameters SHA1 - DES are configured in both phase1 (configuration
gateway) and phase2 (configuration tunnel) of the VPN configuration.
Another information: in phase2 I have set the ESP mode for security
association.
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
