[HELP] Grosse galere de config avec Freeswan [HELP]

Grosse galere de config avec Freeswan [HELP] [HELP] - Logiciels - Linux et OS Alternatifs

Marsh Posté le 01-04-2003 à 11:35:19    

Salut à tous,
 
J'essai de réaliser ce type de VPN
 
LAN 172.20.0.0/16 ---- Gate VPN ---- client_VPN 192.168.10.43/24
                     eth0    eth1
                       
 
La passerelle VPN à 2 interfaces réseaux :
eth0 : 172.20.211.42/16
eth1 : 192.168.10.42/24
 
Le serveur VPN est un GNU/Linux Woody (kernel 2.4.20) sous Freeswan 1.99 et le client est un Win98 avec PGPnet 7.
 
 
Configuration de la passerelle VPN
----------------------------------
 

Code :
  1. vpnserver:~# cat /etc/ipsec.conf
  2. # /etc/ipsec.conf - FreeS/WAN IPsec configuration file
  4. # More elaborate and more varied sample configurations can be found
  5. # in FreeS/WAN's doc/examples file, and in the HTML documentation.
  8. # Essai
  10. config setup
  11.         interfaces="ipsec0=eth0 ipsec1=eth1"
  12.         klipsdebug=none
  13.         plutoload=%search
  14.         #klipsdebug=none
  15.         #plutodebug=none
  16.         #plutoload=%search
  17.         plutostart=%search
  18.         #uniqueids=yes
  20. #conn %default
  21.         #keyungtries=0
  23. conn cl-se
  25.         left=192.168.10.42
  26.         leftsubnet=172.20.0.0/16
  27.         leftid=@vpn.toto.lan
  28.         right=192.168.10.43
  29.         #rightnexthop=192.168.10.42
  30.         rightid=@cli.toto.lan
  31.         auto=add


 

Code :
  1. vpnserver:~# cat /etc/ipsec.secrets
  2. # This file holds shared secrets or RSA private keys for inter-Pluto
  3. # authentication.  See ipsec_pluto(8) manpage, and HTML documentation.
  5. # RSA private key for this host, authenticating it to any other host
  6. # which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
  7. # or configuration of other implementations, can be extracted conveniently
  8. # with "ipsec showhostkey".
  10. 192.168.10.43 192.168.10.42 172.20.211.42 172.20.0.0 : PSK
  11. "Ma_belle_clef"


 
 
Est ce que la config du serveur VPN est bonne ?
Car je ne sais pas s'il y a des erreurs sur la passerelle VPN (freeswan) ou sur le client (PGPnet).
 
 
 
Merci de votre aide. Car je galère depuis pas mal de temps !  :cry:
 
 
 
Voici les logs de FreeSwan (sur la passerelle VPN)
 

Code :
  1. Apr  1 11:39:08 vpnserver pluto[2365]: packet from 192.168.10.43:500: ignoring Vendor ID payload
  2. Apr  1 11:39:08 vpnserver pluto[2365]: "cl-se" #2: responding to Main Mode
  3. Apr  1 11:39:08 vpnserver pluto[2365]: "cl-se" #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
  4. Apr  1 11:39:08 vpnserver pluto[2365]: "cl-se" #2: no suitable connection for peer '192.168.10.43'
  5. Apr  1 11:39:10 vpnserver pluto[2365]: "cl-se" #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
  6. Apr  1 11:39:10 vpnserver pluto[2365]: "cl-se" #2: no suitable connection for peer '192.168.10.43'
  7. Apr  1 11:39:12 vpnserver pluto[2365]: "cl-se" #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
  8. Apr  1 11:39:12 vpnserver pluto[2365]: "cl-se" #2: no suitable connection for peer '192.168.10.43'
  9. Apr  1 11:39:16 vpnserver pluto[2365]: "cl-se" #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT
  10. Apr  1 11:39:16 vpnserver pluto[2365]: "cl-se" #2: no suitable connection for peer '192.168.10.43'
  11. Apr  1 11:40:18 vpnserver pluto[2365]: "cl-se" #2: max number of retransmissions (2) reached STATE_MAIN_R2


Message édité par madsurfer le 01-04-2003 à 15:52:19
Reply

Marsh Posté le 01-04-2003 à 11:35:19   

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed