+ Responder ao Tópico



  1. #1
    darthv
    Srs
    Estou com o seguinte problema, copiei o pacote freeswan-module-1.99_2.4.18_3-0
    e freeswan-1.99_2.4.18_3-0 do site www.freeswang.org (em RH7.3) para instalar entre duas speed bussines a vpn em dois servidores rh 7.3 kernel 2.4.18-3. Apos instalados os pacotes e configurar o ipsec.conf nao estou conseguindo executar a
    comunicacao entres as redes.
    Dados dos servidores e redes
    servidor 1 eth0 200.x.x.21 eth1 192.168.0.10 rede interna 192.168.0.10/255.255.0.0 - EM LEFT
    servidor 2 eth0 200.x.x.179 eth1 192.168.1.10 rede interna 192.168.1.0/255.255.255.0 - EM RIGHT
    Servidores com firewall e MASQ em iptables que foram desativados com iptables -F e /etc/init.d/iptables stop
    Configuracao ipsec.conf
    config setup
    interfaces=%defaultroute
    klipsdebug=none
    plutodebug=none
    plutoload=%search
    plutostart=%search
    uniqueids=yes
    conn %default
    keyingtries=0
    disablearrivalcheck=no
    authby=rsasig
    leftrsasigkey=%dnsondemand
    rightrsasigkey=%dnsondemand
    conn sample
    left=200.x.x.211
    leftsubnet=192.168.0.1/24
    leftnexthop=200.x.x.193
    leftrsasigkey=1234
    right=200.x.x.179
    rightsubnet=192.168.1.0/24
    rightnexthop=200.x.x.129
    rightrsasigkey=5678
    auto=add
    -----------------
    Executei o service ipsec start no servidor 1
    resposta:
    service ipsec start
    ipsec_setup: Starting FreeS/WAN IPsec 1.99...
    ipsec_setup: Using /lib/modules/2.4.18-3/kernel/net/ipsec/ipsec.o
    ipsec_setup: ipchains: Protocol not available -----> ???? (nao entendi)
    Uso iptables
    Executo o service ipsec start no servidor 2
    resposta:
    service ipsec start
    ipsec_setup: Starting FreeS/WAN IPsec 1.99...
    ipsec_setup: Using /lib/modules/2.4.18-3/kernel/net/ipsec/ipsec.o
    Executo ipsec auto --up sample no servidor 1
    reposta:
    ipsec auto --up sample
    104 "sample" #1: STATE_MAIN_I1: initiate
    106 "sample" #1: STATE_MAIN_I2: sent MI2, expecting MR2
    108 "sample" #1: STATE_MAIN_I3: sent MI3, expecting MR3
    004 "sample" #1: STATE_MAIN_I4: ISAKMP SA established
    112 "sample" #2: STATE_QUICK_I1: initiate
    004 "sample" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
    Executo ipsec auto --up sample no servidor 2
    112 "sample" #3: STATE_QUICK_I1: initiate
    004 "sample" #3: STATE_QUICK_I2: sent QI2, IPsec SA established
    Executo ipsec look no servidor 1
    reposta:
    192.168.0.0/24 -> 192.168.1.0/24 => tun0x1004@200.x.x.179 esp0xf9f24d3a@200.x.x.179 (0)
    ipsec0->eth0 mtu=16260(1500)->1500
    esp0xf8cecbeb@200.x.x.211 ESP_3DES_HMAC_MD5: dir=in src=200.x.x.179 iv_bits=64bits iv=0x7966288086de620c ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(68,0,0)
    esp0xf8cecbec@200.x.x.211 ESP_3DES_HMAC_MD5: dir=in src=200.x.x.179 iv_bits=64bits iv=0xbd6db2b593262bef ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(54,0,0)
    esp0xf9f24d39@200.206.x.179 ESP_3DES_HMAC_MD5: dir=out src=200.x.x.211 iv_bits=64bits iv=0xe7fad5e32064a0b8 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(68,0,0)
    esp0xf9f24d3a@200.206.x.179 ESP_3DES_HMAC_MD5: dir=out src=200.x.x.211 iv_bits=64bits iv=0xf884df19604abbcb ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(54,0,0)
    tun0x1001@200.x.x.211 IPIP: dir=in src=200.x.x.179 policy=192.168.1.0/24->192.168.0.0/24 flags=0x8<> life(c,s,h)=addtime(68,0,0)
    tun0x1002@200.x.x.179 IPIP: dir=out src=200.x.x.211 life(c,s,h)=addtime(68,0,0)
    tun0x1003@200.x.x.211 IPIP: dir=in src=200.x.x.179 policy=192.168.1.0/24->192.168.0.0/24 flags=0x8<> life(c,s,h)=addtime(54,0,0)
    tun0x1004@200.x.x.179 IPIP: dir=out src=200.x.x.211 life(c,s,h)=addtime(54,0,0)
    Destination Gateway Genmask Flags MSS Window irtt Iface
    0.0.0.0 200.x.x.193 0.0.0.0 UG 40 0 0 eth0
    192.168.1.0 200.x.x.193 255.255.255.0 UG 40 0 0 ipsec0
    200.x.x.192 0.0.0.0 255.255.255.192 U 40 0 0 eth0
    200.x.x.192 0.0.0.0 255.255.255.192 U 40 0 0 ipsec0
    Executo ipsec look no servidor 2
    192.168.1.0/24 -> 192.168.0.0/24 => tun0x1004@200.x.x.211 esp0xf8cecbec@200.x.x.211 (0)
    ipsec0->eth0 mtu=16260(1500)->1500
    esp0xf8cecbeb@200.x.x.211 ESP_3DES_HMAC_MD5: dir=out src=200.x.x.179 iv_bits=64bits iv=0x46518165804ad0ae ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(199,0,0)
    esp0xf8cecbec@200.x.x.211 ESP_3DES_HMAC_MD5: dir=out src=200.x.x.179 iv_bits=64bits iv=0xe16e6c7828122b1c ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(184,0,0)
    esp0xf9f24d39@200.x.x.179 ESP_3DES_HMAC_MD5: dir=in src=200.x.x.211 iv_bits=64bits iv=0xf7abf811dfc707fc ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(199,0,0)
    esp0xf9f24d3a@200.x.x.179 ESP_3DES_HMAC_MD5: dir=in src=200.x.x.211 iv_bits=64bits iv=0xde9c9f54d533ff0f ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(184,0,0)
    tun0x1001@200.x.x.179 IPIP: dir=in src=200.x.x.211 policy=192.168.0.0/24->192.168.1.0/24 flags=0x8<> life(c,s,h)=addtime(199,0,0)
    tun0x1002@200.x.x.211 IPIP: dir=out src=200.x.x.179 life(c,s,h)=addtime(199,0,0)
    tun0x1003@200.x.x.179 IPIP: dir=in src=200.x.x.211 policy=192.168.0.0/24->192.168.1.0/24 flags=0x8<> life(c,s,h)=addtime(184,0,0)
    tun0x1004@200.x.x.211 IPIP: dir=out src=200.x.x.179 life(c,s,h)=addtime(184,0,0)
    Destination Gateway Genmask Flags MSS Window irtt Iface
    0.0.0.0 200.x.x.129 0.0.0.0 UG 40 0 0 eth0
    192.168.0.0 200.x.x.129 255.255.255.0 UG 40 0 0 ipsec0
    200.x.x.128 0.0.0.0 255.255.255.192 U 40 0 0 eth0
    200.x.x.128 0.0.0.0 255.255.255.192 U 40 0 0 ipsec0
    --------------------
    ipsec verify em servidor 1
    Checking your system to see if IPsec got installed and started correctly
    Version check and ipsec on-path [OK]
    Checking for KLIPS support in kernel [OK]
    Checking for RSA private key (/etc/ipsec.secrets) [OK]
    Checking that pluto is running [OK]
    Checking if IPchains has port 500 hole (all) ipchains: Protocol not available
    [BLOCKED]
    Checking if IPchains has port 500 hole (default) ipchains: Protocol not available
    [BLOCKED]
    Checking if IPchains has port 500 hole (eth0) ipchains: Protocol not available
    [BLOCKED]
    Checking if IPchains has port 500 hole (eth1) ipchains: Protocol not available
    [BLOCKED]
    Checking if IPchains has port 500 hole (ipsec0) ipchains: Protocol not available
    [BLOCKED]
    Checking if IPchains has port 500 hole (lo) ipchains: Protocol not available
    [BLOCKED]
    DNS checks.
    Looking for forward key for servidor1.dominio1 [OK]
    Does the machine have at least one non-private address [FAILED]

    ipsec verify em servidor 2
    Checking your system to see if IPsec got installed and started correctly
    Version check and ipsec on-path [OK]
    Checking for KLIPS support in kernel [OK]
    Checking for RSA private key (/etc/ipsec.secrets) [OK]
    Checking that pluto is running [OK]
    DNS checks.
    Looking for forward key for servidor2.dominio2 [OK]
    Does the machine have at least one non-private address [FAILED]


    Tento executar um simple do servidor 1 em workstation na outra ponta e nada (ping 192.168.1.23),
    nao estou conseguindo a comunicacao efetiva
    Aonde estou errando?

    Desde ja agradeco ,

    Darthv




    <IMG SRC="images/forum/icons/icon_eek.gif">

  2. #2
    Não me informei direito, mas pode ser que o seu IPTABLES não tenha módulo para o protocolo IPSEC ou seu FreeSwan não tá configurado pra módulo suportando IPTABLES..... tente verificar isso, e tente atualizar o seu IPTABLES para uma versão mais nova... Talves isso possa ajudar, tentarei verificar por aqui...
    [´s]



  3. #3
    Maiko
    Vc näo está com o ipchains instalado ai näo?

  4. #4
    Maiko
    Vc näo está com o ipchains instalado ai näo?



  5. #5
    darthv
    o pacote ipchains está instalado nos dois servidores






Tópicos Similares

  1. o q usar em uma vpn no conectiva 10
    Por jmarcosr no fórum Servidores de Rede
    Respostas: 1
    Último Post: 27-09-2005, 18:04
  2. Vpn no RH com clientes windows
    Por no fórum Servidores de Rede
    Respostas: 3
    Último Post: 02-06-2003, 10:19
  3. Servidor dhcp tentando fazer update em uma zona no servidor
    Por Th0r no fórum Servidores de Rede
    Respostas: 2
    Último Post: 13-02-2003, 08:43
  4. vpn no redhat 7.2 com client ssh sentinel
    Por fubica no fórum Segurança
    Respostas: 0
    Último Post: 26-11-2002, 16:04
  5. vpn no redhat 7.2 com client ssh sentinel
    Por fubica no fórum Segurança
    Respostas: 0
    Último Post: 26-11-2002, 16:03

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L