Re: [rlug] openswan net-to-net problem

Mon, 11 Jun 2007 06:44:42 -0700 

> >sper ca ai pe undeva si "type=tunnel" si "authby=rsasig"
>
>



ok, hai ca am mai facut unele ajustari. Inca nu functioneaza dar e ceva mai
bine:

[EMAIL PROTECTED] ~]# /etc/rc.d/init.d/ipsec start
ipsec_setup: Starting Openswan IPsec 2.4.8...

[EMAIL PROTECTED] ~]# /etc/rc.d/init.d/ipsec status
IPsec running  - pluto pid: 5424
pluto pid 5424
2 tunnels up
[EMAIL PROTECTED] ~]#

Idem si pe masina nx cu acelasi mesaj la ipsec status ...

De ce 2 tunnels UP? cu ifconfig nu vad nici un tunel!

In syslog pe masina mail vad:
Jun 11 16:18:26 mail kernel: NET: Registered protocol family 15
Jun 11 16:18:26 mail kernel: hw_random: RNG not detected
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Jun 11 16:18:26 mail ipsec_setup: NETKEY on eth0 1.2.3.4/255.255.255.0broadcast
1.2.3.255 mtu 1410
Jun 11 16:18:26 mail ipsec_setup: ...Openswan IPsec started
Jun 11 16:18:26 mail ipsec_setup: Starting Openswan IPsec 2.4.8...
Jun 11 16:18:28 mail ipsec__plutorun: 104 "mail-to-nx" #2: STATE_MAIN_I1:
initiate
Jun 11 16:18:28 mail ipsec__plutorun: ...could not start conn "mail-to-nx"

In syslog pe masina nx vad:
Jun 11 19:31:33 nx kernel: NET: Registered protocol family 15
Jun 11 19:31:33 nx ipsec_setup: NETKEY on eth0 5.6.7.8/255.255.255.0broadcast
5.6.7.255 mtu 1410
Jun 11 19:31:33 nx ipsec_setup: ...Openswan IPsec started
Jun 11 19:31:33 nx ipsec_setup: Starting Openswan IPsec 2.4.8...
Jun 11 19:31:35 nx ipsec__plutorun: 104 "mail-to-nx" #1: STATE_MAIN_I1:
initiate
Jun 11 19:31:35 nx ipsec__plutorun: ...could not start conn "mail-to-nx"


Mai jos, ai si ipsec.conf-ul ajustat:

version 2.0
config setup
       #interfaces=%defaultroute
       klipsdebug=none
       plutodebug=all
       overridemtu=1410
       nat_traversal=yes
conn mail-to-nx
   type=tunnel
   authby=rsasig
   left=1.2.3.4
   leftsubnet=192.168.0.0/24
   [EMAIL PROTECTED]
   leftrsasigkey=...
   leftnexthop=%defaultroute
   right=5.6.7.8
   rightsubnet=10.0.0.0/24
   [EMAIL PROTECTED]
   rightrsasigkey=...
   rightnexthop=%defaultroute
   auto=start

Acum ce nu mai e in regula? In afara de "hw_random: RNG not detected" si de
nat_traversal=yes pe care pot sa-l trec pe no (fara nici un efect) eu
altceva nu vad ce as putea sa mai modific.

Any ideas?

Alx
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug






















					Raspunde prin e-mail lui