Am 2 gateway-uri cu ip-urile la internet 1.2.3.4 si 5.6.7.8
Aceste 2 gw-uri au cate o subretea 10.0.1.0/24 si 10.0.2.0/24
intre ele este internetul si acestea au ca default route un gateway al
ISP1 si ISP2
toate cele bune, ambele sunt Gentoo linux, cu kernel 2.4.20 cu suport de
ipsec, si cu freeswan instalat.
in /etc/ipsec/ipsec.conf avem:
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
conn epower-mail
# Left security gateway, subnet behind it, next hop toward right.
left=192.168.0.1
leftsubnet=10.0.0.0/24
leftnexthop=%defaultroute
[EMAIL PROTECTED]
leftrsasigkey=0sAQN5KYwI4w.... (mi-am permis sa scot id-ul)
# Right security gateway, subnet behind it, next hop toward left.
right=192.168.0.2
rightsubnet=10.0.1.0/24
rightnexthop=%defaultroute
[EMAIL PROTECTED]
rightrsasigkey=0sAQPN2eLf9jli/m+h...(mi-am permis sa scot id-ul)
auto=add
key-urile le-am generat cu ipsec showhostkey --left pentru left
si ipsec showhostkey --right pentru right
...so...ii dau pe ambele:
#ipsec setup start
#ipsec auto --up epower-mail
si teoretic tre sa vad un SA established, or anything...
dar mie-mi zice ca: retransmission; will wait 20s for response
pe consola, mai zice ca no preshared key found for @epower.abc.com and
@mail.efg.com ...
wtf am I doing wrong?!
--
Stefan, a simple Debian user.
Linux registered user: #272012
[Linux is Friendly. It's just selective about who his friends are.]
---
Detalii despre listele noastre de mail: http://www.lug.ro/
