From: Selcuk Demirci (demirci_selcuk@yahoo.com)
Date: Fri 15 Jul 2005 - 12:20:23 EEST
Selam,
openswan ile adsl hat uzerinden uzaktaki Pix ile site-to-site vpn baglantisi kurmaya calisiyorum. Anlasilir olmasi acisindan asagiya ilgili ciktilari ekledim.
ipsec servisini baslatiyorum...
[root@vpn ]# service ipsec start
ipsec_setup: Starting Openswan IPsec U2.3.1/K2.6.11-1.1369_FC4...
ipsec_setup: insmod /lib/modules/2.6.11-1.1369_FC4/kernel/net/ipv4/ah4.ko
ipsec_setup: insmod /lib/modules/2.6.11-1.1369_FC4/kernel/net/ipv4/esp4.ko
ipsec_setup: insmod /lib/modules/2.6.11-1.1369_FC4/kernel/net/ipv4/ipcomp.ko
ipsec_setup: insmod /lib/modules/2.6.11-1.1369_FC4/kernel/net/ipv4/xfrm4_tunnel.ko
ipsec servisi baslatilmasi sirasinda log icerigi
[root@vpn ]# tail /var/log/secure
Jul 15 11:40:01 vpn pluto[11967]: Could not change to directory '/etc/ipsec.d/aacerts'
Jul 15 11:40:01 vpn pluto[11967]: Could not change to directory '/etc/ipsec.d/ocspcerts'
Jul 15 11:40:01 vpn pluto[11967]: Could not change to directory '/etc/ipsec.d/crls'
Jul 15 11:40:01 vpn pluto[11967]: added connection description "s2s"
Jul 15 11:40:01 vpn pluto[11967]: listening for IKE messages
Jul 15 11:40:01 vpn pluto[11967]: adding interface ppp0/ppp0 81.214.74.102:500
Jul 15 11:40:01 vpn pluto[11967]: adding interface eth0/eth0 192.168.101.11:500
Jul 15 11:40:01 vpn pluto[11967]: adding interface lo/lo 127.0.0.1:500
Jul 15 11:40:01 vpn pluto[11967]: adding interface lo/lo ::1:500
Jul 15 11:40:01 vpn pluto[11967]: loading secrets from "/etc/ipsec.secrets"
Routing tablosu
[root@vpn ]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
81.214.74.102 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.101.11 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 81.214.74.1 0.0.0.0 UG 0 0 0 ppp0
ipsec.conf icindeki tunel baglantisini ayaga kaldiriyorum..
[root@vpn ]# ipsec auto --up s2s
104 "s2s" #1: STATE_MAIN_I1: initiate
106 "s2s" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "s2s" #1: received Vendor ID payload [XAUTH]
003 "s2s" #1: received Vendor ID payload [Dead Peer Detection]
003 "s2s" #1: received Vendor ID payload [Cisco-Unity]
003 "s2s" #1: ignoring unknown Vendor ID payload [d37ce407a008e2d3ec3f597ade20afbc]
108 "s2s" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "s2s" #1: STATE_MAIN_I4: ISAKMP SA established
117 "s2s" #2: STATE_QUICK_I1: initiate
003 "s2s" #2: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
004 "s2s" #2: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x203f5169 <0x3af29ae3 xfrm=3DES_0-HMAC_MD5}
Baglantinin kuruldugu mesajini aliyorum. Ancak, asagidaki cikti tunelin varolmadigini soyluyor.
[root@vpn ]# service ipsec status
IPsec running
pluto pid 11967
No tunnels up
Ve son routing tablosu...
[root@vpn ]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
81.214.74.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.100.0 81.214.74.1 255.255.255.0 UG 0 0 0 ppp0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 81.214.74.1 0.0.0.0 UG 0 0 0 ppp0
Bu tabloda sanal ipsec arabirimlerini gormem gerektigini dusunuyorum. Nerede hata yaptigim konusunda fikri olan var mi?
adsl tarafi icin nexthop = 81.214.74.1/32
pix'in arkasindaki network = 192.168.100.0/24
Tesekkurler.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Linux-sunucu mailing list
Linux-sunucu@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-sunucu