Prezados,
busco ajuda, pois realmente estou desesperado.
Posasuo um fedora core 5, com openswan isntalado, fechando vpn com um cisco PIX.
O tunel fecha, porem não consigo dar nem receber os replys dos ping spor exemplo..
Meu log fica assim:
Código :Apr 10 17:30:53 chattv01 ipsec_setup: KLIPS ipsec0 on eth0 x.x.x.x/255.255.255.240 broadcast x.x.x.x Apr 10 17:30:53 chattv01 ipsec_setup: ...Openswan IPsec started Apr 10 17:30:54 chattv01 ipsec__plutorun: ipsec_auto: fatal error in "packetdefault": %defaultroute requested but not known Apr 10 17:30:54 chattv01 ipsec__plutorun: 021 no connection named "packetdefault" Apr 10 17:30:54 chattv01 ipsec__plutorun: ...could not route conn "packetdefault" Apr 10 17:30:54 chattv01 kernel: audit(1144701054.185:556): avc: denied { read } for pid=12822 comm="ip" name="urandom" dev=tmpfs ino=1999 scontext=root:system_r:ifconfig_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file Apr 10 17:30:54 chattv01 kernel: audit(1144701054.185:557): avc: denied { read write } for pid=12822 comm="ip" name="[27416]" dev=sockfs ino=27416 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket Apr 10 17:30:54 chattv01 kernel: audit(1144701054.185:558): avc: denied { read write } for pid=12822 comm="ip" name="[27542]" dev=sockfs ino=27542 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket Apr 10 17:30:54 chattv01 ipsec__plutorun: 104 "acotel-m4u" #1: STATE_MAIN_I1: initiate Apr 10 17:30:54 chattv01 kernel: audit(1144701054.197:559): avc: denied { read } for pid=12826 comm="ip" name="urandom" dev=tmpfs ino=1999 scontext=root:system_r:ifconfig_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file Apr 10 17:30:54 chattv01 ipsec__plutorun: ...could not start conn "acotel-m4u" Apr 10 17:30:54 chattv01 kernel: audit(1144701054.197:560): avc: denied { read write } for pid=12826 comm="ip" name="[27416]" dev=sockfs ino=27416 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket Apr 10 17:30:54 chattv01 kernel: audit(1144701054.197:561): avc: denied { read write } for pid=12826 comm="ip" name="[27542]" dev=sockfs ino=27542 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket Apr 10 17:30:54 chattv01 kernel: audit(1144701054.201:562): avc: denied { read } for pid=12827 comm="ip" name="urandom" dev=tmpfs ino=1999 scontext=root:system_r:ifconfig_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file Apr 10 17:30:54 chattv01 kernel: audit(1144701054.201:563): avc: denied { read write } for pid=12827 comm="ip" name="[27416]" dev=sockfs ino=27416 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket Apr 10 17:30:54 chattv01 kernel: audit(1144701054.201:564): avc: denied { read write } for pid=12827 comm="ip" name="[27542]" dev=sockfs ino=27542 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket Apr 10 17:30:54 chattv01 kernel: audit(1144701054.201:565): avc: denied { write } for pid=12827 comm="ip" name="flush" dev=proc ino=-268435293 scontext=root:system_r:ifconfig_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file Apr 10 17:30:55 chattv01 kernel: audit(1144701055.177:566): avc: denied { read } for pid=12839 comm="ip" name="urandom" dev=tmpfs ino=1999 scontext=root:system_r:ifconfig_t:s0 tcontext=system_u:object_r:urandom_device_t:s0 tclass=chr_file Apr 10 17:30:55 chattv01 kernel: audit(1144701055.177:567): avc: denied { read write } for pid=12839 comm="ip" name="[27416]" dev=sockfs ino=27416 scontext=root:system_r:ifconfig_t:s0 tcontext=root:system_r:initrc_t:s0 tclass=unix_stream_socket Apr 10 17:30:55 chattv01 kernel: audit(1144701055.177:568): avc: denied { write } for pid=12839 comm="ip" name="flush" dev=proc ino=-268435293 scontext=root:system_r:ifconfig_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file
Muito estranho, meus arquivos de configuração estão assim:
Código :#ipsec auto --up pix route add -net 200.184.147.0 netmask 255.255.255.0 dev ipsec0 # /etc/ipsec.conf - OpenSWAN IPSec configuration file #The version information is needed for OpenSWAN version 2.0 # basic configuration config setup interfaces="ipsec0=eth0" klipsdebug=none plutodebug=none # Add connections here conn acotel-m4u type= tunnel right=x.x.x.x rightnexthop=x.x.x.xGW left=y.y.y.y leftsubnet=y.y.y.y/32 leftnexthop=y.y.y.yGW esp=3des-md5-96 pfs=yes disablearrivalcheck=yes authby= secret keyexchange=ike auto=start # Disable Opportunistic Encryption # essential for inertoperating with Cisco devices conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore # End of config for disabling Opportunistic Encryption "/etc/ipsec.conf" 57L, 979C
e meu ipsec.secrests está:
x.x.x.x y.y.y.y : PSK "key"
Por favor, estou desesperado.. alguem que ja teve essa experiencia poderia me ajduar?
serei muito grato.
[]´s