Estou enfrentando algumas dificuldades para estabelecer uma vpn entre um servidor FreeBSD 4.8 - STABLE e uma maquina Win98,
Segue abaixo as configuracoes..
KERNEL com ipsec --------------------- options IPSEC options IPSEC_ESP options IPSEC_DEBUG ---------------------
Tanto o racoon e poptop esta instalado pelo ports, seque a configuracao de ambos.
RACOON
------------------
path include "/usr/local/etc/racoon" ;
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;
path certificate "/usr/local/etc/cert" ;
log debug;
# Specification of default various timer.
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per a send.
# timer for waiting to complete each phase.
phase1 30 sec;
phase2 15 sec;
}listen
{
isakmp 172.16.158.253[500];
}
remote 200.xxx.xxx.xxx
{
exchange_mode aggressive, main, base;
doi ipsec_doi;
situation identity_only;
certificate_type x509 "user.crt" "user.key";
my_identifier asn1dn;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method rsasig;
dh_group 2 ;
}
}
---------------------------------
CERTIFICADORca.pem server-key.pem server.crt server.key ca.crt ca.pem user.crt user.key ---------------------------------
POPTOP
speed 115200 option /etc/ppp/options.pptpd debug localip 172.22.8.3 remoteip 172.22.8.128-254
---------------------------------- options.pptpd
auth require-chap proxyarp -chap -chapms +chapms-v2 mppe-128 mppe-stateless ms-wins 200.xxx.xxx.xxx ms-dns 200.xxx.xxx.xxx ----------------------------------- ppp.conf
loop: set timeout 0 set log phase chat connect lcp ipcp command set device localhost:pptp set dial set login # Server (local) IP address, Range for Clients, and Netmask set ifaddr 172.22.8.3 172.22.8.128-254 255.255.255.255 set server /tmp/loop "" 0177
loop-in: set timeout 0 set log phase lcp ipcp command allow mode direct
pptp: load loop enable chap enable MSChapV2 enable mppe disable deflate pred1 deny deflate pred1 disable pap # The next depends on your routing. Proxy arp is an easy way out # enable proxy accept dns # DNS Servers to assign client set dns 200.xxx.xxx.xxx 200.xxx.xxx.xxx #NetBIOS/WINS Servers to assign client set nbns 200.xxx.xxx.xxx set device !/etc/ppp/secure
------------------------------- Racoon debug log
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:222:isakmp_handler(): 172 bytes message received from 200.xxx.xxx.xxx[500]
Jul 17 20:23:01 jail racoon: DEBUG: plog.c:193:plogdump():
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:2248:isakmp_printpacket(): begin.
Jul 17 20:23:01 jail racoon: DEBUG: remoteconf.c:118:getrmconf(): configuration found for 200.xxx.xxx.xxx[500].
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:889:isakmp_ph1begin_r(): ===
Jul 17 20:23:01 jail racoon: INFO: isakmp.c:894:isakmp_ph1begin_r(): respond new phase 1 negotiation: 172.16.158.253[500]<=>200.xxx.xxx.xxx[500]
Jul 17 20:23:01 jail racoon: INFO: isakmp.c:899:isakmp_ph1begin_r(): begin Identity Protection mode.
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1112:isakmp_parsewoh(): begin.
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=1(sa)
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=13(vid)
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=13(vid)
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=13(vid)
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1178:isakmp_parsewoh(): succeed.
Jul 17 20:23:01 jail racoon: DEBUG: vendorid.c:137:check_vendorid(): received unknown Vendor ID
Jul 17 20:23:01 jail racoon: DEBUG: vendorid.c:137:check_vendorid(): received unknown Vendor ID
Jul 17 20:23:01 jail racoon: DEBUG: vendorid.c:137:check_vendorid(): received unknown Vendor ID
Jul 17 20:23:01 jail racoon: DEBUG: ipsec_doi.c:1117:get_proppair(): total SA len=80
Jul 17 20:23:01 jail racoon: DEBUG: plog.c:193:plogdump():
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1112:isakmp_parsewoh(): begin.
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=2(prop)
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1178:isakmp_parsewoh(): succeed.
Jul 17 20:23:01 jail racoon: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1 len=72
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1112:isakmp_parsewoh(): begin.
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=3(trns)
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=3(trns)
Jul 17 20:23:01 jail racoon: DEBUG: isakmp.c:1178:isakmp_parsewoh(): succeed.
Jul 17 20:23:01 jail racoon: DEBUG: ipsec_doi.c:1311:get_transform(): transform #1 len=32
Jul 17 20:23:01 jail racoon: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
Jul 17 20:23:01 jail racoon: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(3des)
Jul 17 20:23:01 jail racoon: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=SHA
Jul 17 20:23:01 jail racoon: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(sha1)
Jul 17 20:23:01 jail racoon: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group
Jul 17 20:23:01 jail racoon: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp1024)
Jul 17 20:23:06 jail racoon: DEBUG: isakmp.c:221:isakmp_handler(): ===
Na maquina win98 foi instalado o client da Microsoft L2tp/IPsec, o certificado .p12 ja foi instalado e configurado pra ser usado pela maquina.
O POPtop nao apresenta nenhum log, mais aparentemente estou no caminho.
Espero alguns alguns comentarios, "Patrick,Jean,Edson, e companhia ltda heheh"
Atenciosamente Soulofblack
UNIVERSIDADE FEDERAL DE SAO PAULO - UNIFESP D.I.S - LABOTARIO DE INFORMATICA EM SAUDE
_______________________________________________________________ Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr Historico: http://www4.fugspbr.org/lista/html/FUG-BR/
