Pessoal,
Gostaria de uma ajuda com o freeswan.... ele tah conectando mas nao consigo
pingar por exemplo da minha makina 172.16.7.72 para a makina da outra lan
(192.168.7.99) e vice versa.. instalei a versao 2.03
agradeco ajuda...
segue resultado de ipsec verify, ipsec eroute e ipsec look e log
/var/log/secure
IPSEC VERIFY
------------------
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux FreeS/WAN 2.03
Checking for KLIPS support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking [EMAIL PROTECTED] from 172.16.7.64/26 to 192.168.7.0/24 [OK]
[FAILED]
SNAT from 0.0.0.0/0 to 0.0.0.0/0 kills tunnel 0.0.0.0/0 -> 192.168.7.0/24
Opportunistic Encryption DNS checks:
Looking for TXT in forward map: cyan
[MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse map: 56.183.204.200.in-addr.arpa. [OK]
IPSEC LOOK
----------------
cyan Mon Nov 10 10:25:40 BRST 2003
172.16.7.64/26 -> 192.168.7.0/24 => [EMAIL PROTECTED]
[EMAIL PROTECTED] (0)
ipsec0->eth0 mtu=16260(1500)->1500
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=200.168.66.219
iv_bits=64bits iv=0xec2aa8f498ab8b45 ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(747,0,0) refcount=4 ref=9
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=200.168.66.219
iv_bits=64bits iv=0xd2e043f3353c9fdb ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(708,0,0) refcount=4 ref=19
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=200.204.183.56
iv_bits=64bits iv=0x6f35aaef62e8cdd9 ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(747,0,0) refcount=4 ref=14
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=200.204.183.56
iv_bits=64bits iv=0x4249e5d038af37d2 ooowin=64 alen=128 aklen=128 eklen=192
life(c,s,h)=addtime(708,0,0) refcount=4 ref=24
[EMAIL PROTECTED] IPIP: dir=in src=200.168.66.219
policy=192.168.7.0/24->172.16.7.64/26 flags=0x8<>
life(c,s,h)=addtime(747,0,0) refcount=4 ref=8
[EMAIL PROTECTED] IPIP: dir=out src=200.204.183.56
life(c,s,h)=addtime(747,0,0) refcount=4 ref=13
[EMAIL PROTECTED] IPIP: dir=in src=200.168.66.219
policy=192.168.7.0/24->172.16.7.64/26 flags=0x8<>
life(c,s,h)=addtime(708,0,0) refcount=4 ref=18
[EMAIL PROTECTED] IPIP: dir=out src=200.204.183.56
life(c,s,h)=addtime(708,0,0) refcount=4 ref=23
Destination Gateway Genmask Flags MSS Window irtt
Iface
0.0.0.0 200.204.183.1 0.0.0.0 UG 0 0 0
eth0
192.168.7.0 200.204.183.1 255.255.255.0 UG 0 0 0
ipsec0
200.204.183.0 0.0.0.0 255.255.255.192 U 0 0 0
eth0
200.204.183.0 0.0.0.0 255.255.255.192 U 0 0 0
ipsec0
IPSEC EROUTE
0 172.16.7.64/26 -> 192.168.7.0/24 =>
[EMAIL PROTECTED]
LOG /VAR/LOG/SECURE
------------------------------
Nov 10 10:12:39 cyan pluto[32317]: Starting Pluto (FreeS/WAN Version 2.03
X.509-1.4.8 PLUTO_USES_KEYRR)
Nov 10 10:12:39 cyan pluto[32317]: Using KLIPS IPsec interface code
Nov 10 10:12:39 cyan pluto[32317]: Changing to directory
'/etc/ipsec.d/cacerts'
Nov 10 10:12:39 cyan pluto[32317]: Warning: empty directory
Nov 10 10:12:39 cyan pluto[32317]: Changing to directory '/etc/ipsec.d/crls'
Nov 10 10:12:39 cyan pluto[32317]: Warning: empty directory
Nov 10 10:12:40 cyan pluto[32317]: added connection description "vpn"
Nov 10 10:12:40 cyan pluto[32317]: listening for IKE messages
Nov 10 10:12:40 cyan pluto[32317]: adding interface ipsec0/eth0
200.204.183.56
Nov 10 10:12:40 cyan pluto[32317]: loading secrets from "/etc/ipsec.secrets"
Nov 10 10:12:41 cyan pluto[32317]: "vpn" #1: initiating Main Mode
Nov 10 10:12:41 cyan pluto[32317]: "vpn" #1: ERROR: asynchronous network
error report on eth0 for message to 200.168.66.219 port 500, complainant
200.168.66.219: Connection refused [errno 111, origin ICMP type 3 code 3
(not authenticated)]
Nov 10 10:13:11 cyan last message repeated 2 times
Nov 10 10:13:13 cyan pluto[32317]: "vpn" #2: responding to Main Mode
Nov 10 10:13:13 cyan pluto[32317]: "vpn" #2: Peer ID is ID_IPV4_ADDR:
'200.168.66.219'
Nov 10 10:13:13 cyan pluto[32317]: "vpn" #2: sent MR3, ISAKMP SA established
Nov 10 10:13:13 cyan pluto[32317]: "vpn" #3: responding to Quick Mode
Nov 10 10:13:13 cyan pluto[32317]: "vpn" #3: IPsec SA established
{ESP=>0x7a56c863 <0x67147269}
Nov 10 10:13:51 cyan pluto[32317]: "vpn" #1: max number of retransmissions
(2) reached STATE_MAIN_I1. No response (or no acceptable response) to our
first IKE message
Nov 10 10:13:51 cyan pluto[32317]: "vpn" #1: starting keying attempt 2 of at
most 3
Nov 10 10:13:51 cyan pluto[32317]: "vpn" #4: initiating Main Mode to replace
#1
Nov 10 10:13:52 cyan pluto[32317]: "vpn" #4: Peer ID is ID_IPV4_ADDR:
'200.168.66.219'
Nov 10 10:13:52 cyan pluto[32317]: "vpn" #4: ISAKMP SA established
Nov 10 10:13:52 cyan pluto[32317]: "vpn" #5: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#4}
Nov 10 10:13:52 cyan pluto[32317]: "vpn" #5: sent QI2, IPsec SA established
{ESP=>0x7a56c864 <0x6714726a}
_______________________________________________
slack-users mailing list
[EMAIL PROTECTED]
http://www.linuxmag.com.br/mailman/listinfo/slack-users
