On 6/12/07, Linux User <[EMAIL PROTECTED]> wrote:
On 6/12/07, Andrei Pascal <[EMAIL PROTECTED]> wrote: > On Tue, 2007-06-12 at 14:20 +0300, Linux User wrote: > > > > [EMAIL PROTECTED] ~]# ipsec verify > > Checking your system to see if IPsec got installed and started > > correctly: > > Version check and ipsec on-path [OK] > > Linux Openswan U2.4.7/K2.6.9-55.ELsmp (netkey) > > Checking for IPsec support in kernel [OK] > > NETKEY detected, testing for disabled ICMP send_redirects [OK] > > NETKEY detected, testing for disabled ICMP accept_redirects [OK] > > Checking for RSA private key (/etc/ipsec.secrets) > > [DISABLED] > > ipsec showhostkey: no default key in "/etc/ipsec.secrets" > > Checking that pluto is running [OK] > > Two or more interfaces found, checking IP forwarding [OK] > > Checking NAT and MASQUERADEing [OK] > > Checking for 'ip' command [OK] > > Checking for 'iptables' command [OK] > > Opportunistic Encryption Support > > [DISABLED] > > [EMAIL PROTECTED] ~]# > > Apăi om bun, ţie aici îţi zice FOARTE clar: > > Checking for RSA private key (/etc/ipsec.secrets) [DISABLED] > ipsec showhostkey: no default key in "/etc/ipsec.secrets" > > Dacă nu pui cheile, mira-m-aş să se şi ridice tunelu' ăla... Nu folosesc RSA ci PSK (pre shared key) pentru ca am definit in conn %default: authby=secret leftrsasigkey=%none rightrsasigkey=%none iar secretul este definit in /etc/ipsec.secrets (dat si el pe lista)
Si ca sa inchidem acest thread, config-urile date pe lista erau bune. Problema venea de la un fisier din /etc/ipsec.d/policies. Un mv /etc/ipsec.d/policies /etc/ipsec.d/policies.unused! Multe mutumiri wolfy, pentru sprijinul acordat in solutionarea problemei. Alx
_______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug
