Fala, galera. Estou com um laborat�rio de VPN aqui, mas estou tendo alguns problemas, se algu�m pudesse ajudar seria legal. Segue descri��o de ambiente:
Vers�o do FreeSwan: freeswan-1.95-1cl
Vers�o do Kernel: 2.4.18
ESTACAO1------------Linux1<><><><><>Linux2------ESTACAO2
ESTACAO1: 192.168.4.10
Linux1: 192.168.4.1 / 10.0.0.2
<><><><><><><> (CABO CROSS)
Linux2: 10.0.0.1 / 192.168.3.1
ESTACAO2: 192.168.3.10
Os roteamentos est�o todos OK! A rede funciona perfeitamente sem ipsec!
;)
IPSEC.CONF:
-------------------------------------------------
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
plutowait=no
conn teste
auto=start
type=tunnel
left=10.0.0.2
leftsubnet=192.168.4.0/24
right=10.0.0.1
rightsubnet=192.168.3.0/24
authby=secret
keyexchange=ike
keylife=8h
pfs=yes
rekeymargin=9m
rekeyfuzz=25%
----------------------------------------------
IPSEC.SECRETS:
----------------------------------------------
10.0.0.1 10.0.0.2: PSK "testando"
----------------------------------------------
Configura��o do iptables:
$IPT -t nat -A POSTROUTING -s 192.168.4.0/24 -o ipsec0 -j MASQUERADE
$IPT -A INPUT -i ipsec0 -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT
$IPT -A FORWARD -i ipsec0 -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j
ACCEPT
PROBLEMAS:
1-) Se eu removo as linhas leftsubnet / righsubnet os dois Linux
(10.0.0.x) conversam IPSEC, mas nem sequer pingam o IP interno do outro
(192.168.x.1)
2-) Se eu mantenho essas duas linhas, NADA funciona
Vi em v�rios lugares uma linha leftnexthope (righnexthope)e j� tentei
coloc�-la, apesar de n�o existir o next hope. J� tentei como sendo a
pr�pria m�quina ou a outra.
=============================================================================
# ipsec look
suse Wed Jul 24 13:01:35 ART 2002
10.0.0.2/32 -> 10.0.0.1/32 => [EMAIL PROTECTED]
[EMAIL PROTECTED] (108)
ipsec0->eth0 mtu=16260(1443)->1500
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=10.0.0.2
iv_bits=64bits iv=0x6e4aa6a42658ee14 ooowin=64 alen=128 aklen=128
eklen=192 life(c,s,h)=addtime(82952,0,0)
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=10.0.0.2
iv_bits=64bits iv=0x5a60092ce81bc0c0 ooowin=64 seq=56 alen=128 aklen=128
eklen=192
life(c,s,h)=bytes(9328,0,0)addtime(82966,0,0)usetime(83009,0,0)packets(56,0,0) idle=0
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=10.0.0.1
iv_bits=64bits iv=0x5ba94bcb1f9a8cb2 ooowin=64 alen=128 aklen=128
eklen=192 life(c,s,h)=addtime(82952,0,0)
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in src=10.0.0.1
iv_bits=64bits iv=0xc44b2fe36c9c9a5c ooowin=64 seq=98
bit=0xffffffffffffffff alen=128 aklen=128 eklen=192
life(c,s,h)=bytes(9072,0,0)addtime(82966,0,0)usetime(83009,0,0)packets(98,0,0) idle=0
[EMAIL PROTECTED] IPIP: dir=in src=10.0.0.1
life(c,s,h)=addtime(82952,0,0)
[EMAIL PROTECTED] IPIP: dir=out src=10.0.0.2
life(c,s,h)=addtime(82952,0,0)
[EMAIL PROTECTED] IPIP: dir=in src=10.0.0.1
life(c,s,h)=bytes(9072,0,0)addtime(82966,0,0)usetime(83009,0,0)packets(98,0,0) idle=0
[EMAIL PROTECTED] IPIP: dir=out src=10.0.0.2
life(c,s,h)=bytes(7536,0,0)addtime(82966,0,0)usetime(83009,0,0)packets(56,0,0) idle=0
Destination Gateway Genmask Flags MSS Window irtt
Iface
10.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0
eth0
10.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0
ipsec0
10.0.0.1 10.0.0.1 255.255.255.255 UGH 40 0 0
ipsec0
192.168.4.0 0.0.0.0 255.255.255.0 U 40 0 0
eth0
=============================================================================
Espero que eu tenho sido claro quanto aos problemas e a infra, mas se
for necess�rio mais informa��es, estou a disposi��o.
Atenciosamente,
Eri R. Bastos
signature.asc
Description: PGP signature
