|
|
konfiguracja openswan
krabu - 15-07-2009 23:17
Witam.
Mam mały problem z konfiguracją Openswan, niby wszystko jest dobrze, a jednak nie działa.
host_A - NETWORK - host_B
Pliki konfiguracyjne:
host A
conn xxxxx
type=tunnel
leftid=IP_A
leftsubnet=192.168.5.0/24
left=IP_A
right=IP_B
rightsubnet=192.168.2.0/24
rightid=IP_B
ikelifetime=240m
keylife=3600s
pfs=no
esp=3des
ike=3des-sha1-modp1024
compress=no
authby=secret
keyexchange=ike
keyingtries=0
auto=start
Druga strona analogicznie.
host_A:~# tcpdump -i eth0 -n host IP_B
23:40:07.646132 IP IP_A.500 > IP_B.500: isakmp: phase 2/others R inf[E]
23:40:07.649403 IP IP_A> IP_B.500: isakmp: phase 2/others R inf[E]
23:40:07.658222 IP IP_B.500 > IP_A.500: isakmp: phase 2/others I inf[E]
23:40:07.665129 IP IP_B.500 > IP_A.500: isakmp: phase 2/others I inf[E]
23:40:10.146828 IP IP_A.5097 > IP_B.1194: UDP, length 53
23:40:12.860429 IP IP_A.500 > IP_B.500: isakmp: phase 1 I ident
23:40:12.879530 IP IP_B.500 > IP_A.500: isakmp: phase 1 R ident
23:40:12.887256 IP IP_A.500 > IP_B.500: isakmp: phase 1 I ident
23:40:12.911884 IP IP_B.500 > IP_A.500: isakmp: phase 1 R ident
23:40:12.916822 IP IP_A.500 > IP_B.500: isakmp: phase 1 I ident[E]
23:40:12.932118 IP IP_B.500 > IP_A.500: isakmp: phase 1 R ident[E]
23:40:12.939450 IP IP_A.500 > IP_B.500: isakmp: phase 2/others I oakley-quick[E]
23:40:12.956407 IP IP_B.500 > IP_A.500: isakmp: phase 2/others R oakley-quick[E]
23:40:12.989818 IP IP_A.500 > IP_B.500: isakmp: phase 2/others I oakley-quick[E]
23:40:17.205194 IP IP_B.1194 > IP_A.5097: UDP, length 53
23:40:20.268978 IPIP_A.5097 > IP_B.1194: UDP, length 53
23:40:27.002525 IP IP_B.500 >IP_A.500: isakmp: phase 2/others R inf[E]
23:40:27.207086 IP IP_B.1194 > IP_A.5097: UDP, length 53
23:40:30.387393 IP IP_A.5097 > IP_B.1194: UDP, length 53
syslog host_A:
Jul 15 23:46:13 servantes kernel: [5271463.943777] NET: Unregistered protocol family 15
Jul 15 23:46:13 servantes ipsec_setup: ...Openswan IPsec stopped
Jul 15 23:46:13 servantes ipsec_setup: Stopping Openswan IPsec...
Jul 15 23:46:14 servantes kernel: [5271464.274592] NET: Registered protocol family 15
Jul 15 23:46:14 servantes kernel: [5271464.522365] padlock: VIA PadLock Hash Engine not detected.
Jul 15 23:46:14 servantes kernel: [5271464.610551] padlock: VIA PadLock Hash Engine not detected.
Jul 15 23:46:14 servantes kernel: [5271464.841149] padlock: VIA PadLock not detected.
Jul 15 23:46:14 servantes kernel: [5271464.986149] Initializing XFRM netlink socket
Jul 15 23:46:14 servantes ipsec_setup: NETKEY on eth0 IP_A/255.255.255.0 broadcast broadcast_IP_A
Jul 15 23:46:15 servantes ipsec_setup: ...Openswan IPsec started
Jul 15 23:46:15 servantes ipsec_setup: Starting Openswan IPsec 2.4.12...
Jul 15 23:46:16 servantes ipsec__plutorun: 104 "unima" #1: STATE_MAIN_I1: initiate
Jul 15 23:46:16 servantes ipsec__plutorun: ...could not start conn "xxxxx"
Podejrzewam, że to może dotyczyć:
padlock: VIA PadLock not detected.
ale że niewiele o tym w internecie znalazłem dlatego pytam. Jeśli ktoś wie o co może chodzić proszę o pomoc.
rpc - 24-10-2009 12:47
Ja używam racoon do ipsec
zerknij na
http://rpc.one.pl
tam są przykłady co prawda debian z openwrt ale pliki w sumie po obu stronach są identyczne
zanotowane.pldoc.pisz.plpdf.pisz.plminister.pev.pl
|
