-----BEGIN PGP SIGNED MESSAGE----- On Thursday 14 August 2003 19:17, Fábio Mendonça Albuquerque Cunha wrote: > I'm trying to do a full oportunism setup, and now begins my troubles ... > > when I run this command : > > # ipsec verify --host myhost.domainname.com.br > Looking for TXT in forward map: myhost.domainname.com.br [OK] > Looking for TXT in reverse map: 000.00.000.000.in-addr.arpa [MISSING]
(I'm going to assume you anonymized this output ie, there was a real IP address in there. Otherwise you've got a problem with your forward DNS lookups. ;) > I put my in my file rev.domain these entries : *snip* > XXX.XXX.XXX.XXX.in-addr.arpa. IN PTR myhost.domain.com.br. (I > insert this record ) > > XXX.XXX.XXX.XXX.in-addr.arpa. IN TXT "MTA=yes"(I insert this > record) For full Opportunism, you also need to add an appropriate, FreeS/WAN-generated TXT record to your reverse DNS. There isn't one present in your zone file. You can generate such a record by: ipsec showhostkey --txt XXX.XXX.XXX.XXX (where XXX.XXX.XXX.XXX is myhost.domain.com.br's IP address.) > What means "Does the machine have at least one non-private address > [FAILED]"? It means that your machine has an interface with non-routeable internet address - that this machine is most likely functioning as a NAT box. This is part of a check to make certain NAT entries don't conflict with IPsec tunnels. > Is it a concern for my initiate-only setup ??? No. - -- Sam Sgro [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: For the matching public key, finger the Reply-To: address. iQCVAwUBPz0MBUOSC4btEQUtAQFSvAP+IboJ4q4CNwdn7dae9jQiZOw9g6GDEHlO jUE0JBLVrlS8Eb58tf1bx/qQoDHLTj5obSkRXg7CKHh8yFkhuHsd4ArXjgiUfKdQ /s6hNPe6+kO5Zec9mVf2MYYHm9UsS61vUFcyqd2GzeQdU5w3LVBKjVL2QZJbbR3H pwBHke4TqMA= =uMiL -----END PGP SIGNATURE----- _______________________________________________ FreeS/WAN Users mailing list [EMAIL PROTECTED] https://mj2.freeswan.org/cgi-bin/mj_wwwusr
