On Tuesday 12 August 2003 11:26, you wrote: cum adica left-ul si right-ul raman acelasi? adica nu ma mai joc cu ipsec showhostkey --left pentru left si --right pt right? or what?
> On Tuesday 12 August 2003 10:50, Balu Stefan wrote: > Salve > In primul rand ce versiune de ipsec folosesti? (1 sau 2) > De obicei la instalare se pun key-uri default. Incearca sa le > regenerezi: ipsec newhostkey --bits 1024 > /etc/ipsec.secrets > Pe ambele gw-uri folosesti acelasi fisier ( left-ul si right-ul raman > acelasi), se prine el cum tre' sa le puna. > > Uite un ex: > > conn defender-depozit > # Left security gateway, subnet behind it, next hop toward > right. left=10.x.y.2 > leftsubnet=192.168.1.0/24 > leftnexthop=10.x.y.1 > # Right security gateway, subnet behind it, next hop toward > left. right=10.w.z.2 > rightsubnet=192.168.2.0/24 > rightnexthop=10.w.z.1 > # To authorize this connection, but not actually start it, at > startup, # uncomment this. > keyingtries=0 > auth=ah > authby=rsasig > leftrsasigkey=... > rightrsasigkey=... > auto=start > > > Am 2 gateway-uri cu ip-urile la internet 1.2.3.4 si 5.6.7.8 > > Aceste 2 gw-uri au cate o subretea 10.0.1.0/24 si 10.0.2.0/24 > > intre ele este internetul si acestea au ca default route un gateway > > al ISP1 si ISP2 > > > > toate cele bune, ambele sunt Gentoo linux, cu kernel 2.4.20 cu > > suport de ipsec, si cu freeswan instalat. > > > > in /etc/ipsec/ipsec.conf avem: > > > > config setup > > # THIS SETTING MUST BE CORRECT or almost nothing will work; > > # %defaultroute is okay for most simple cases. > > interfaces=%defaultroute > > # Debug-logging controls: "none" for (almost) none, "all" for > > lots. klipsdebug=none > > plutodebug=none > > # Use auto= parameters in conn descriptions to control startup > > actions. plutoload=%search > > plutostart=%search > > # Close down old connection when new one using same ID shows up. > > uniqueids=yes > > > > > > conn epower-mail > > # Left security gateway, subnet behind it, next hop toward right. > > left=192.168.0.1 > > leftsubnet=10.0.0.0/24 > > leftnexthop=%defaultroute > > [EMAIL PROTECTED] > > leftrsasigkey=0sAQN5KYwI4w.... (mi-am permis sa scot id-ul) > > # Right security gateway, subnet behind it, next hop toward left. > > right=192.168.0.2 > > rightsubnet=10.0.1.0/24 > > rightnexthop=%defaultroute > > [EMAIL PROTECTED] > > rightrsasigkey=0sAQPN2eLf9jli/m+h...(mi-am permis sa scot > > id-ul) auto=add > > > > key-urile le-am generat cu ipsec showhostkey --left pentru left > > si ipsec showhostkey --right pentru right > > ...so...ii dau pe ambele: > > > > #ipsec setup start > > #ipsec auto --up epower-mail > > > > si teoretic tre sa vad un SA established, or anything... > > dar mie-mi zice ca: retransmission; will wait 20s for response > > > > pe consola, mai zice ca no preshared key found for @epower.abc.com > > and @mail.efg.com ... > > > > wtf am I doing wrong?! > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ -- Stefan, a simple Debian user. Linux registered user: #272012 [Linux is Friendly. It's just selective about who his friends are.] --- Detalii despre listele noastre de mail: http://www.lug.ro/
