Senhores,
Tenho muitas dúvidas sobre o assunto a primeira é:
os Ipsec.conf das maquinas quando vc está usando RSA fica
ipsec.conf da maquina 1 (eu) ficaria assim
exemplo: conn eu-tu
Letf = minha maquina 1(eu)
restante dos parametros
leftrsasigkey= maquina 1
right = minha máquina 2(tu)
restante dos parametros
rightrsasigkey= maquina 2
como ficaria o Ipsec.conf da maquina 2(tu)
resolvido isto Estou querendo fazer uma Vpn entre empresas, das seguintes formas
VPN1(ipsec) ---------------------------- client ipsec(win9x,NT,2000,xp)
Um servidor VPN com IPSEC FREESWAN, e um client usando ipsec ( Tem com ser Feito ????)
rede 10.10.10.2/24 -------------------VPN1(ipsec) ------------------------------VPN2(ipsec) ---------- rede 10.10.10.1/24 ( Li um artigo aqui na Underlinux que trata sobre este assunto eu já iniciei meus testes
Abaixo segue os Logs e os erros que estão aprensentando:
ipsec_setup: KLIPS ipsec0 on eth0 200.xxx.xxx.xxx/255.255.255.xxx broadcast 200.xxx.xxx.xxx
ipsec_setup: WARNING: ipsec0 has route filtering turned on, KLIPS may not work
ipsec_setup: (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = `1´, should be 0)
ipsec_setup: WARNING: eth0 has route filtering turned on, KLIPS may not work
ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = `1´, should be 0)
Este Erro está mencionado no artigo, estranho e que são duas maquinas com a mesma configuração, e apenas uma apresenta este erro acima.
ipsec__plutorun: Starting Pluto subsystem...
ipsec_setup: ...FreeS/WAN IPsec started
ipsec_setup: ^M^[[80C^[[10D^[[1;32mdone^[[m^O
Pluto[24773]: Starting Pluto (FreeS/WAN Version 1.95)
Pluto[24773]: including X.509 patch (Version 0.9.<IMG SRC="images/forum/icons/icon_cool.gif">
Pluto[24773]: Changing to directory ´/etc/ipsec.d/cacerts´
Pluto[24773]: Warning: empty directory
Pluto[24773]: Changing to directory ´/etc/ipsec.d/crls´
Pluto[24773]: Warning: empty directory
Pluto[24773]: could not open my X.509 cert file ´/etc/x509cert.der´
Pluto[24773]: OpenPGP certificate file ´/etc/pgpcert.pgp´ not found
Pluto[24773]: listening for IKE messages
Pluto[24773]: adding interface ipsec0/eth0 200.xxx.xxx.xxx
Pluto[24773]: loading secrets from "/etc/ipsec.secrets"
Pluto[24773]: "/etc/ipsec.secrets" line 30: malformed end of RSA private key -- unexpected token after ´}´
ipsec__plutorun: 003 "/etc/ipsec.secrets" line 30: malformed end of RSA private key -- unexpected token after
as mensagens que recebi nos logs depois de algum tempo
Pluto[25906]: "eol-heaven" #1: responding to Main Mode
Pluto[25906]: "eol-heaven" #1: discarding duplicate packet; already STATE_MAIN_R2
Pluto[25906]: "eol-heaven" #1: discarding duplicate packet; already STATE_MAIN_R2
Pluto[25906]: "eol-heaven" #2: responding to Main Mode
Pluto[25906]: "eol-heaven" #1: max number of retransmissions (2) reached STATE_MAIN_R2
Pluto[25906]: "eol-heaven" #2: discarding duplicate packet; already STATE_MAIN_R2
Pluto[25906]: "eol-heaven" #2: discarding duplicate packet; already STATE_MAIN_R2
Pluto[25906]: "eol-heaven" #2: max number of retransmissions (2) reached STATE_MAIN_R2
Pluto[25906]: "eol-heaven" #3: responding to Main Mode
Pluto[25906]: "eol-heaven" #3: discarding duplicate packet; already STATE_MAIN_R2
Pluto[25906]: "eol-heaven" #3: discarding duplicate packet; already STATE_MAIN_R2
Pluto[25906]: "eol-heaven" #3: max number of retransmissions (2) reached STATE_MAIN_R2
Pluto[25906]: "eol-heaven" #4: responding to Main Mode
Pluto[25906]: "eol-heaven" #4: discarding duplicate packet; already STATE_MAIN_R2
Pluto[25906]: "eol-heaven" #4: discarding duplicate packet; already STATE_MAIN_R2
Pluto[25906]: "eol-heaven" #4: max number of retransmissions (2) reached STATE_MAIN_R2
Pluto[25906]: "eol-heaven" #5: responding to Main Mode
Pluto[25906]: "eol-heaven" #5: discarding duplicate packet; already STATE_MAIN_R2
Pluto[25906]: shutting down
Pluto[25906]: "eol-heaven": deleting connection
Pluto[25906]: "eol-heaven" #5: deleting state (STATE_MAIN_R2)
Derrubei o serviço Ipsec
Pluto[25906]: shutting down interface ipsec0/eth0 200.xxx.xxx.xxx
kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
kernel: klips_info<IMG SRC="images/forum/icons/icon_razz.gif">fkey_cleanup: shutting down PF_KEY domain sockets.
kernel: klips_info:cleanup_module: ipsec module unloaded.
ipsec_setup: ...FreeS/WAN IPsec stopped
ipsec_setup: Stopping FreeS/WAN IPsec...^M^[[80C^[[10D^[[1;32mdone^[[m^O
ipsec_setup: Starting FreeS/WAN IPsec 1.95...
rede 10.10.10.2/24 -------------------VPN1(ipsec) ------------------------------
|
| client ipsec(rede externa)
VPN2(ipsec) ---------- rede 10.10.10.1/24
|
| client ipsec(rede externa)
* Aqui eu quero fazer ums vpn entre dois hosts Linux e aproveitar as mesmas para que clientes que estejam fora destas redes se conectem a ela por cliente win9x,nt,2000,xp) tem como ser feito isso ??
Estou catalogando todos os documentos que encontro sobre o assunto.
quem tiver mais alguma documentação sobre este assunto por favor me enviem por email [email protected]
[]´s
Fabio Sena