+ Responder ao Tópico



  1. #1
    darthv
    Visitante

    Padrão ipsec RH 73 em rpm - vpn no connection !!

    Srs
    Estou com o seguinte problema, copiei o pacote freeswan-module-1.99_2.4.18_3-0
    e freeswan-1.99_2.4.18_3-0 do site www.freeswang.org (em RH7.3) para instalar entre duas speed bussines a vpn em dois servidores rh 7.3 kernel 2.4.18-3. Apos instalados os pacotes e configurar o ipsec.conf nao estou conseguindo executar a
    comunicacao entres as redes.
    Dados dos servidores e redes
    servidor 1 eth0 200.x.x.21 eth1 192.168.0.10 rede interna 192.168.0.10/255.255.0.0 - EM LEFT
    servidor 2 eth0 200.x.x.179 eth1 192.168.1.10 rede interna 192.168.1.0/255.255.255.0 - EM RIGHT
    Servidores com firewall e MASQ em iptables que foram desativados com iptables -F e /etc/init.d/iptables stop
    Configuracao ipsec.conf
    config setup
    interfaces=%defaultroute
    klipsdebug=none
    plutodebug=none
    plutoload=%search
    plutostart=%search
    uniqueids=yes
    conn %default
    keyingtries=0
    disablearrivalcheck=no
    authby=rsasig
    leftrsasigkey=%dnsondemand
    rightrsasigkey=%dnsondemand
    conn sample
    left=200.x.x.211
    leftsubnet=192.168.0.1/24
    leftnexthop=200.x.x.193
    leftrsasigkey=1234
    right=200.x.x.179
    rightsubnet=192.168.1.0/24
    rightnexthop=200.x.x.129
    rightrsasigkey=5678
    auto=add
    -----------------
    Executei o service ipsec start no servidor 1
    resposta:
    service ipsec start
    ipsec_setup: Starting FreeS/WAN IPsec 1.99...
    ipsec_setup: Using /lib/modules/2.4.18-3/kernel/net/ipsec/ipsec.o
    ipsec_setup: ipchains: Protocol not available -----> ???? (nao entendi)
    Uso iptables
    Executo o service ipsec start no servidor 2
    resposta:
    service ipsec start
    ipsec_setup: Starting FreeS/WAN IPsec 1.99...
    ipsec_setup: Using /lib/modules/2.4.18-3/kernel/net/ipsec/ipsec.o
    Executo ipsec auto --up sample no servidor 1
    reposta:
    ipsec auto --up sample
    104 "sample" #1: STATE_MAIN_I1: initiate
    106 "sample" #1: STATE_MAIN_I2: sent MI2, expecting MR2
    108 "sample" #1: STATE_MAIN_I3: sent MI3, expecting MR3
    004 "sample" #1: STATE_MAIN_I4: ISAKMP SA established
    112 "sample" #2: STATE_QUICK_I1: initiate
    004 "sample" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
    Executo ipsec auto --up sample no servidor 2
    112 "sample" #3: STATE_QUICK_I1: initiate
    004 "sample" #3: STATE_QUICK_I2: sent QI2, IPsec SA established
    Executo ipsec look no servidor 1
    reposta:
    192.168.0.0/24 -> 192.168.1.0/24 => [email protected] [email protected] (0)
    ipsec0->eth0 mtu=16260(1500)->1500
    [email protected] ESP_3DES_HMAC_MD5: dir=in src=200.x.x.179 iv_bits=64bits iv=0x7966288086de620c ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(68,0,0)
    [email protected] ESP_3DES_HMAC_MD5: dir=in src=200.x.x.179 iv_bits=64bits iv=0xbd6db2b593262bef ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(54,0,0)
    [email protected] ESP_3DES_HMAC_MD5: dir=out src=200.x.x.211 iv_bits=64bits iv=0xe7fad5e32064a0b8 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(68,0,0)
    [email protected] ESP_3DES_HMAC_MD5: dir=out src=200.x.x.211 iv_bits=64bits iv=0xf884df19604abbcb ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(54,0,0)
    [email protected] IPIP: dir=in src=200.x.x.179 policy=192.168.1.0/24->192.168.0.0/24 flags=0x8<> life(c,s,h)=addtime(68,0,0)
    [email protected] IPIP: dir=out src=200.x.x.211 life(c,s,h)=addtime(68,0,0)
    [email protected] IPIP: dir=in src=200.x.x.179 policy=192.168.1.0/24->192.168.0.0/24 flags=0x8<> life(c,s,h)=addtime(54,0,0)
    [email protected] IPIP: dir=out src=200.x.x.211 life(c,s,h)=addtime(54,0,0)
    Destination Gateway Genmask Flags MSS Window irtt Iface
    0.0.0.0 200.x.x.193 0.0.0.0 UG 40 0 0 eth0
    192.168.1.0 200.x.x.193 255.255.255.0 UG 40 0 0 ipsec0
    200.x.x.192 0.0.0.0 255.255.255.192 U 40 0 0 eth0
    200.x.x.192 0.0.0.0 255.255.255.192 U 40 0 0 ipsec0
    Executo ipsec look no servidor 2
    192.168.1.0/24 -> 192.168.0.0/24 => [email protected] [email protected] (0)
    ipsec0->eth0 mtu=16260(1500)->1500
    [email protected] ESP_3DES_HMAC_MD5: dir=out src=200.x.x.179 iv_bits=64bits iv=0x46518165804ad0ae ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(199,0,0)
    [email protected] ESP_3DES_HMAC_MD5: dir=out src=200.x.x.179 iv_bits=64bits iv=0xe16e6c7828122b1c ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(184,0,0)
    [email protected] ESP_3DES_HMAC_MD5: dir=in src=200.x.x.211 iv_bits=64bits iv=0xf7abf811dfc707fc ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(199,0,0)
    [email protected] ESP_3DES_HMAC_MD5: dir=in src=200.x.x.211 iv_bits=64bits iv=0xde9c9f54d533ff0f ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(184,0,0)
    [email protected] IPIP: dir=in src=200.x.x.211 policy=192.168.0.0/24->192.168.1.0/24 flags=0x8<> life(c,s,h)=addtime(199,0,0)
    [email protected] IPIP: dir=out src=200.x.x.179 life(c,s,h)=addtime(199,0,0)
    [email protected] IPIP: dir=in src=200.x.x.211 policy=192.168.0.0/24->192.168.1.0/24 flags=0x8<> life(c,s,h)=addtime(184,0,0)
    [email protected] IPIP: dir=out src=200.x.x.179 life(c,s,h)=addtime(184,0,0)
    Destination Gateway Genmask Flags MSS Window irtt Iface
    0.0.0.0 200.x.x.129 0.0.0.0 UG 40 0 0 eth0
    192.168.0.0 200.x.x.129 255.255.255.0 UG 40 0 0 ipsec0
    200.x.x.128 0.0.0.0 255.255.255.192 U 40 0 0 eth0
    200.x.x.128 0.0.0.0 255.255.255.192 U 40 0 0 ipsec0
    --------------------
    ipsec verify em servidor 1
    Checking your system to see if IPsec got installed and started correctly
    Version check and ipsec on-path [OK]
    Checking for KLIPS support in kernel [OK]
    Checking for RSA private key (/etc/ipsec.secrets) [OK]
    Checking that pluto is running [OK]
    Checking if IPchains has port 500 hole (all) ipchains: Protocol not available
    [BLOCKED]
    Checking if IPchains has port 500 hole (default) ipchains: Protocol not available
    [BLOCKED]
    Checking if IPchains has port 500 hole (eth0) ipchains: Protocol not available
    [BLOCKED]
    Checking if IPchains has port 500 hole (eth1) ipchains: Protocol not available
    [BLOCKED]
    Checking if IPchains has port 500 hole (ipsec0) ipchains: Protocol not available
    [BLOCKED]
    Checking if IPchains has port 500 hole (lo) ipchains: Protocol not available
    [BLOCKED]
    DNS checks.
    Looking for forward key for servidor1.dominio1 [OK]
    Does the machine have at least one non-private address [FAILED]

    ipsec verify em servidor 2
    Checking your system to see if IPsec got installed and started correctly
    Version check and ipsec on-path [OK]
    Checking for KLIPS support in kernel [OK]
    Checking for RSA private key (/etc/ipsec.secrets) [OK]
    Checking that pluto is running [OK]
    DNS checks.
    Looking for forward key for servidor2.dominio2 [OK]
    Does the machine have at least one non-private address [FAILED]


    Tento executar um simple do servidor 1 em workstation na outra ponta e nada (ping 192.168.1.23),
    nao estou conseguindo a comunicacao efetiva
    Aonde estou errando?

    Desde ja agradeco ,

    Darthv




    <IMG SRC="images/forum/icons/icon_eek.gif">

  2. #2
    Visitante

    Padrão ipsec RH 73 em rpm - vpn no connection !!

    Não me informei direito, mas pode ser que o seu IPTABLES não tenha módulo para o protocolo IPSEC ou seu FreeSwan não tá configurado pra módulo suportando IPTABLES..... tente verificar isso, e tente atualizar o seu IPTABLES para uma versão mais nova... Talves isso possa ajudar, tentarei verificar por aqui...
    [´s]



  3. #3
    Maiko
    Visitante

    Padrão ipsec RH 73 em rpm - vpn no connection !!

    Vc näo está com o ipchains instalado ai näo?

  4. #4
    Maiko
    Visitante

    Padrão ipsec RH 73 em rpm - vpn no connection !!

    Vc näo está com o ipchains instalado ai näo?



  5. #5
    darthv
    Visitante

    Padrão ipsec RH 73 em rpm - vpn no connection !!

    o pacote ipchains está instalado nos dois servidores