Linux User wrote:
Hello again,
Luat openswan-2.4.8, compilat si instalat pe ambele masini utilizind
suportul built in kernel 2.6 pentru IPsec stack (NETKEY) (rpmbuild -ta
--clean --target=i686 openswan-2.4.8.tar.gz & rpm -ivh
/home/alex/rpm/RPMS/i686/openswan-2.4.8-1.i686.rpm)
Ambele gateway-uri au adrese de IP publice, exact asa cum spun ei in
exemplul acesta: http://wiki.openswan.org/index.php/Openswan/Configure.
Generat left si right RSA key pe ambele masini, copiat cheile in
ipsec.conf,
editat/copiat ipsec.conf (identic pe ambele masini):
conn mail-to-nx
left=1.2.3.4 (adresa publica left net)
leftsubnet=192.168.0.0/24
[EMAIL PROTECTED]
leftrsasigkey=0sAQPZpo...
leftnexthop=%defaultroute
right=5.6.7.8 (adresa publica right net)
rightsubnet=10.0.0.0/24
[EMAIL PROTECTED]
rightrsasigkey=0sAQPcC...
rightnexthop=%defaultroute
auto=add
de ce "add" si nu "start" ?
sper ca ai pe undeva si "type=tunnel" si "authby=rsasig"
Pe ambele masini (centos4.5, kernel 2.6.9-55.EL) dau jos firewall-ul
e suficient sa adaugi o regula prin care sa accepti pachetele de la peer.
si incerc sa pornesc tunelul.
Pe masina mail (din stinga) incerc asa cum spun ei:
[EMAIL PROTECTED] ~]# ipsec auto --up mail-to-nx
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Pornesc pluto:
[EMAIL PROTECTED] ~]# /usr/libexec/ipsec/pluto
nu asa se porneste, ci cu:
service ipsec start
--
Quote from the Boss: "Teamwork is a lot of people doing what I say."
(Marketing executive, Citrix Corporation)
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
