[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Interoperabilidade OPENSWAN e KAME


Estou tentando implementar a interoperabilidade entre OPENSWAN e KAME com PSK,
mas não consegui,

abaixo segue a configuração e a seguir os LOGS

Grato,



###GATEWAY OPENSWAN:##############################################################

/etc/ipsec.conf
#version        2.0
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=all
        plutoload=%search
        plutostart=%search
conn %default
        esp=3des-md5-96
        authby=rsasig
        leftrsasigkey=%dns
        rightrsasigkey=%dns
conn openswan-openswan
        left=200.111.111.1
        leftid=@FW
        leftsubnet=10.90.0.0/16
        leftnexthop=200.111.111.2
        leftrsasigkey=0sAQOJJQOy2Cn0O...
        right=200.XXX.XXX.XXX
        rightid=@CL
        rightsubnet=10.118.0.0/16
        rightnexthop=200.222.222.2
        rightrsasigkey=0sAQOdmIUpi...
        authby=rsasig
        auto=start
conn openswan-kame
        type=tunnel
        esp=sha1
        #keyexchange=ike
        #esp=des-md5
        #ike=3des-md5-96
        #compress=no
        #pfs=no
        auth=esp
        authby=secret
        auto=start
        left=200.111.111.1
        leftid=@FW
        leftsubnet=10.90.0.0/16
        leftnexthop=200.111.111.2
        right=200.333.333.1
        rightid=@LE
        rightsubnet=192.168.1.0/24
        rightnexthop=200.333.333.2


###GATEWAY KAME:##############################################################

/etc/racoon/racoon.conf

listen {
        isakmp 200.333.333.1 [500];
        strict_address;
}

remote 200.111.111.1 {
        exchange_mode main;
        lifetime time 24 hour;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}
sainfo address 192.168.1.0[any] any address 10.90.0.0/16[any] any {
        #pfs_group modp768;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate;
}

### RACOON.LOG ##############################################################

/var/log/racoon.log

2005-07-20 09:42:03: INFO: @(#)ipsec-tools 0.5.2 (http://ipsec-tools.sourceforge.net)
2005-07-20 09:42:03: INFO: @(#)This product linked OpenSSL 0.9.7e 25 Oct 2004 (http://www.openssl.org/)
2005-07-20 09:42:03: INFO: 200.333.333.1[500] used as isakmp port (fd=6)
2005-07-20 09:42:03: INFO: 200.333.333.1[500] used for NAT-T
2005-07-20 09:42:10: INFO: respond new phase 1 negotiation: 200.333.333.1[500]<=>200.111.111.1[500]
2005-07-20 09:42:10: INFO: begin Identity Protection mode.
2005-07-20 09:42:10: ERROR: ignore information because the message has no hash payload.
2005-07-20 09:42:20: ERROR: ignore information because the message has no hash payload.
2005-07-20 09:42:20: NOTIFY: the packet is retransmitted by 200.111.111.1[500].
2005-07-20 09:42:20: ERROR: ignore information because the message has no hash payload.





Humberto do Carmo
Tecnologia da Informacao
( 11-6525-8800 Ramal 8801
+ hcarmo@ecourbis.com.br


dilceu@linuxservers.com.br

22/07/2005 10:05

       
        To:        agnaldo <agnaldops@click21.com.br>
        cc:        debian-user-portuguese@lists.debian.org
        Subject:        Re: VPN!!!



Se vc for mais especifico quem sabe alguém possa te ajudar. Qual o tipo de vpn?
pptp, freeswan, openvpn etc...

como o pessoal costuma dizer, ainda não temos bola de cristal.

[]s
Dilceu

Citando agnaldo <agnaldops@click21.com.br>:

> pessoal preciso mudar meu servidores Conectiva VPN,
> para o Debian.
>
> Alguém tem alguma dica ou um manual!!!!
>
> obrigado
>
>
> Agnaldo




----------------------------------------------------------------
Essa mensagem foi enviada pelo webmail LinuxServers.


--
To UNSUBSCRIBE, email to debian-user-portuguese-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: