On Tuesday 12 August 2003 11:32, Balu Stefan wrote: Adica daca pe host 1 ai conn host1-hos2 left =10.x.y.z right =10.w.z.t ... pe host 2 pui tot conn host1-host2 left=10.x.y.z right=1-.w.y.t ...
> On Tuesday 12 August 2003 11:26, you wrote: > > cum adica left-ul si right-ul raman acelasi? > adica nu ma mai joc cu ipsec showhostkey --left pentru left si --right > pt right? or what? > > > On Tuesday 12 August 2003 10:50, Balu Stefan wrote: > > Salve > > In primul rand ce versiune de ipsec folosesti? (1 sau 2) > > De obicei la instalare se pun key-uri default. Incearca sa le > > regenerezi: ipsec newhostkey --bits 1024 > /etc/ipsec.secrets > > Pe ambele gw-uri folosesti acelasi fisier ( left-ul si right-ul raman > > acelasi), se prine el cum tre' sa le puna. > > > > Uite un ex: > > > > conn defender-depozit > > # Left security gateway, subnet behind it, next hop toward > > right. left=10.x.y.2 > > leftsubnet=192.168.1.0/24 > > leftnexthop=10.x.y.1 > > # Right security gateway, subnet behind it, next hop toward > > left. right=10.w.z.2 > > rightsubnet=192.168.2.0/24 > > rightnexthop=10.w.z.1 > > # To authorize this connection, but not actually start it, at > > startup, # uncomment this. > > keyingtries=0 > > auth=ah > > authby=rsasig > > leftrsasigkey=... > > rightrsasigkey=... > > auto=start > > > > > Am 2 gateway-uri cu ip-urile la internet 1.2.3.4 si 5.6.7.8 > > > Aceste 2 gw-uri au cate o subretea 10.0.1.0/24 si 10.0.2.0/24 > > > intre ele este internetul si acestea au ca default route un gateway > > > al ISP1 si ISP2 > > > > > > toate cele bune, ambele sunt Gentoo linux, cu kernel 2.4.20 cu > > > suport de ipsec, si cu freeswan instalat. > > > > > > in /etc/ipsec/ipsec.conf avem: > > > > > > config setup > > > # THIS SETTING MUST BE CORRECT or almost nothing will work; > > > # %defaultroute is okay for most simple cases. > > > interfaces=%defaultroute > > > # Debug-logging controls: "none" for (almost) none, "all" for > > > lots. klipsdebug=none > > > plutodebug=none > > > # Use auto= parameters in conn descriptions to control startup > > > actions. plutoload=%search > > > plutostart=%search > > > # Close down old connection when new one using same ID shows up. > > > uniqueids=yes > > > > > > > > > conn epower-mail > > > # Left security gateway, subnet behind it, next hop toward right. > > > left=192.168.0.1 > > > leftsubnet=10.0.0.0/24 > > > leftnexthop=%defaultroute > > > [EMAIL PROTECTED] > > > leftrsasigkey=0sAQN5KYwI4w.... (mi-am permis sa scot id-ul) > > > # Right security gateway, subnet behind it, next hop toward left. > > > right=192.168.0.2 > > > rightsubnet=10.0.1.0/24 > > > rightnexthop=%defaultroute > > > [EMAIL PROTECTED] > > > rightrsasigkey=0sAQPN2eLf9jli/m+h...(mi-am permis sa scot > > > id-ul) auto=add > > > > > > key-urile le-am generat cu ipsec showhostkey --left pentru left > > > si ipsec showhostkey --right pentru right > > > ...so...ii dau pe ambele: > > > > > > #ipsec setup start > > > #ipsec auto --up epower-mail > > > > > > si teoretic tre sa vad un SA established, or anything... > > > dar mie-mi zice ca: retransmission; will wait 20s for response > > > > > > pe consola, mai zice ca no preshared key found for @epower.abc.com > > > and @mail.efg.com ... > > > > > > wtf am I doing wrong?! > > > > --- > > Detalii despre listele noastre de mail: http://www.lug.ro/ --- Detalii despre listele noastre de mail: http://www.lug.ro/
