Amigos continuo na luta para configurar a net com VPN pra poder voltar a usar apenas o Ubuntu quando dou o comando abaixo dá errado...
era...@erasmo-desktop:~$ sudo ipsec whack --name Brisanet --initiate 002 "Brisanet" #1: initiating Main Mode 104 "Brisanet" #1: STATE_MAIN_I1: initiate 003 "Brisanet" #1: ignoring unknown Vendor ID payload [4f454b427a64597b774d5d40] 003 "Brisanet" #1: received Vendor ID payload [Dead Peer Detection] 002 "Brisanet" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 106 "Brisanet" #1: STATE_MAIN_I2: sent MI2, expecting MR2 002 "Brisanet" #1: I am sending my cert 002 "Brisanet" #1: I am sending a certificate request 003 "Brisanet" #1: unable to locate my private key for RSA Signature 224 "Brisanet" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED 002 "Brisanet" #1: sending notification AUTHENTICATION_FAILED to 201.65.232.15:500 note que meu ipsec.conf está assim /etc/ipsec.conf - Openswan IPsec configuration file # RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006-10-19 03:49:46 paul Exp $ # This file: /usr/share/doc/openswan/ipsec.conf-sample # # Manual: ipsec.conf.5 version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup protostack=netkey nat_traversal=no nhelpers=0 fragicmp=no #Disable Opportunistic Encryption include /etc/ipsec.d/examples/no_oe.conf # VPN Brisanet conn Brisanet # # ---------------------------------------------------------- # Use certificates. Disable Perfect Forward Secrecy. # Initiate rekeying. # Connection type _must_ be Transport Mode. # authby=rsasig pfs=no rekey=yes keyingtries=3 type=transport # # Neste ponto voce deve colocar o endereco IP que voce recebe da Torre # e o endereco de Gateway, normalmente um endereco da rede 10 left=10.235.24.2 leftnexthop=10.235.0.1 # # The certificate of this client. # leftcert=/etc/ipsec.d/erasmojosecrt.pem leftrsasigkey=%cert leftprotoport=17/1701 # # ---------------------------------------------------------- # # Servidor de VPN right=portalegre.brisanet.com.br # # AS LINHAS ABAIXO NÃO DEVEM SER ALTERADAS rightid="C=BR, ST=Ceara, O=Brisanet Internet, OU=Brisanet Internet, CN=Brisanet, e=supo...@...<http://br.groups.yahoo.com/group/openswan-br/post?postID=dkeBPkiDXCO1BpFcJ1ZER_N15qybvWbg5sHFYwDAGQ0KjhsbUqQt8-xAZvKFimQh2tPZDJATgla5wm9HgYE5vg> " # (Alternatives for rightcert= are also possible) rightrsasigkey=%cert rightca=%same rightprotoport=17/1701 auto=add Depois disso repeti os comandos /etc/init.d/ipsec restart era...@erasmo-desktop:~$ sudo /etc/init.d/ipsec restart ipsec_setup: Stopping Openswan IPsec... ipsec_setup: stop ordered, but IPsec appear to be stopped already! ipsec_setup: doing cleanup anyway... ipsec_setup: Starting Openswan IPsec 2.4.12... e ipsec auto --up Brisanet só que desse não tive retorno ... era...@erasmo-desktop:~$ sudo ipsec auto --up Brisanet O CURSOR FICOU SÓ PISCANDO E PRONTO. Para tentar ajudar a encontrar o erro ai vai o xl2tpd.conf ; ; Sample l2tpd configuration file ; ; This example file should give you some idea of how the options for l2tpd ; should work. The best place to look for a list of all options is in ; the source code itself, until I have the time to write better documetation :) ; Specifically, the file "file.c" contains a list of commands at the end. ; ; You most definitely don't have to spell out everything as it is done here ; ; [global] ; Global parameters: ; port = 1701 ; * Bind to port 1701 ; auth file = /etc/l2tpd/l2tp-secrets ; * Where our challenge secrets are ; access control = yes ; * Refuse connections without IP match ; rand source = dev ; Source for entropy for random ; ; numbers, options are: ; ; dev - reads of /dev/urandom ; ; sys - uses rand() ; ; egd - reads from egd socket ; ; egd is not yet implemented ; ; [lns default] ; Our fallthrough LNS definition ; exclusive = no ; * Only permit one tunnel per host ; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range ; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts ; ip range = 192.168.0.5 ; * But this one is okay ; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP ; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's ; no lac = untrusted.marko.net ; * This guy can't connect ; hidden bit = no ; * Use hidden AVP's? ; local ip = 192.168.1.2 ; * Our local IP to use ; length bit = yes ; * Use length bit in payload? ; require chap = yes ; * Require CHAP auth. by peer ; refuse pap = yes ; * Refuse PAP authentication ; refuse chap = no ; * Refuse CHAP authentication ; refuse authentication = no ; * Refuse authentication altogether ; require authentication = yes ; * Require peer to authenticate ; unix authentication = no ; * Use /etc/passwd for auth. ; name = myhostname ; * Report this as our hostname ; ppp debug = no ; * Turn on PPP debugging ; pppoptfile = /etc/ppp/options.l2tpd.lns ; * ppp options file ; call rws = 10 ; * RWS for call (-1 is valid) ; tunnel rws = 4 ; * RWS for tunnel (must be > 0) ; flow bit = yes ; * Include sequence numbers ; challenge = yes ; * Challenge authenticate peer ; ; ; [lac marko] ; Example VPN LAC definition ; lns = lns.marko.net ; * Who is our LNS? ; lns = lns2.marko.net ; * A backup LNS (not yet used) ; redial = yes ; * Redial if disconnected? ; redial timeout = 15 ; * Wait n seconds between redials ; max redials = 5 ; * Give up after n consecutive failures ; hidden bit = yes ; * User hidden AVP's? ; local ip = 192.168.1.1 ; * Force peer to use this IP for us ; remote ip = 192.168.1.2 ; * Force peer to use this as their IP ; length bit = no ; * Use length bit in payload? ; require pap = no ; * Require PAP auth. by peer ; require chap = yes ; * Require CHAP auth. by peer ; refuse pap = yes ; * Refuse PAP authentication ; refuse chap = no ; * Refuse CHAP authentication ; refuse authentication = no ; * Refuse authentication altogether ; require authentication = yes ; * Require peer to authenticate ; name = marko ; * Report this as our hostname ; ppp debug = no ; * Turn on PPP debugging ; pppoptfile = /etc/ppp/options.l2tpd.marko ; * ppp options file for this lac ; call rws = 10 ; * RWS for call (-1 is valid) ; tunnel rws = 4 ; * RWS for tunnel (must be > 0) ; flow bit = yes ; * Include sequence numbers ; challenge = yes ; * Challenge authenticate peer ; ; [lac cisco] ; Another quick LAC ; lns = cisco.marko.net ; * Required, but can take from default ; require authentication = yes [lac Brisanet] lns = portalegre.brisanet.com.br ;require chap = yes require pap = yes require authentication = yes ; Nome do usuario que vai se autenticar na VPN name = erasmoj...@...<http://br.groups.yahoo.com/group/openswan-br/post?postID=-h8z8nARwbYxbN9dDuKnOi4G7opGZeFq4CgiTqMzckqj2YwtSD-G6jOB-X9tybHg7XijF2xYEyZZduW8hAuxS0k> ppp debug = no pppoptfile = /etc/ppp/options.xl2tpd.client length bit = yes o /etc/ppp/pap-secrets está assim # # /etc/ppp/pap-secrets # # This is a pap-secrets file to be used with the AUTO_PPP function of # mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option # which will cause pppd to consult /etc/passwd (and /etc/shadow in turn) # after a user has passed this file. Don't be disturbed therefore by the fact # that this file defines logins with any password for users. /etc/passwd # (again, /etc/shadow, too) will catch passwd mismatches. # # This file should block ALL users that should not be able to do AUTO_PPP. # AUTO_PPP bypasses the usual login program so it's necessary to list all # system userids with regular passwords here. # # ATTENTION: The definitions here can allow users to login without a # password if you don't use the login option of pppd! The mgetty Debian # package already provides this option; make sure you don't change that. # INBOUND connections # Every regular user can use PPP and has to use passwords from /etc/passwd * hostname "" * # UserIDs that cannot use PPP at all. Check your /etc/passwd and add any # other accounts that should not be able to use pppd! guest hostname "*" - master hostname "*" - root hostname "*" - support hostname "*" - stats hostname "*" - # OUTBOUND connections # Here you should add your userid password to connect to your providers via # PAP. The * means that the password is to be used for ANY host you connect # to. Thus you do not have to worry about the foreign machine name. Just # replace password with your password. # If you have different providers with different passwords then you better # remove the following line. # * password erasmoj...@...<http://br.groups.yahoo.com/group/openswan-br/post?postID=-h8z8nARwbYxbN9dDuKnOi4G7opGZeFq4CgiTqMzckqj2YwtSD-G6jOB-X9tybHg7XijF2xYEyZZduW8hAuxS0k>* minha senha do email brisanet O arquivo /etc/ppp/options.xl2tpd.client está assim ipcp-accept-local ipcp-accept-remote refuse-eap noccp noauth crtscts idle 1800 mtu 1410 mru 1410 nodefaultroute debug lock #proxyarp usepeerdns connect-delay 5000 -- Erasmo José Pereira de Oliveira Contato: (84)9998-8232 -- Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece Lista de discussão Ubuntu Brasil Histórico, descadastramento e outras opções: https://lists.ubuntu.com/mailman/listinfo/ubuntu-br

