ipsec retransminnion

Anton Caniga Caniga na bentel.sk
Středa Únor 25 14:20:02 CET 2004


Dobry den,

na masine mam kernel 2.4.22 s patchom super-freeswan-1.99.8 v konfiguracom 
subore ipsec.conf mam toto:

config setup
	interfaces="ipsec0=eth0"
	klipsdebug=none
	plutodebug=none
	plutoload=%search
	plutostart=%search
	
conn test
	left=a1.b1.c1.d1
	leftsubnet=e1.f1.g1.h1/24
	leftnexthop=i1.j1.k1.l1
	right=a2.b2.c2.d2
	rightsubnet=e2.f2.g2.h2/24
	rightnexthop=i2.j2.k2.l2
	auth=ah
	auto=start
kde je  
eth0 verjene rozhranie pre danu gateway,
a1.b1.c1.d1 lava gateway,
e1.f1.g1.h1/24 specifikacia adresy pre privatny subnet,
i1.j1.k1.l1 lavy prvy router
to iste palti aj pre opacnu stranu.
V ipsec.secrets ma toto:

a1.b1.c1.d1 a2.b2.c2.d2 "0xd7..."


Pri spusteni tunelu mi do logu napise toto:

ipsec_setup: ...FreeS/WAN IPsec started
ipsec__plutorun: 104 "test" #1: STATE_MAIN_I1: initiate
ipsec__plutorun: 010 "test" #1: STATE_MAIN_I1: retransmission; will wait 20s 
for response
ipsec__plutorun: 010 "test" #1: STATE_MAIN_I1: retransmission; will wait 40s 
for response
ipsec__plutorun: 031 "test" #1: max number of retransmissions (2) reached 
STATE_MAIN_I1.  No acceptable response to our first IKE message
ipsec__plutorun: 000 "test" #1: starting keying attempt 2 of at most 3, but 
releasing whack
ipsec__plutorun: ...could not start conn "test"

,ale interfaces ipsec0 mi  vytvori.
Takto vyzera vypis ipsec look:

019216800100024:0:192.168.2.0/24:0   -> 192.168.1.0/24:0   => %trap:0 (0)
ipsec0->eth0 mtu=16260(1500)->1500
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     195.46.61.1     255.255.255.0   UG        0 0          0 
ipsec0
195.46.61.0     0.0.0.0         255.255.255.0   U         0 0          0 
ipsec0

Neviete mi poradit v com je problem.Ozaj a este jeden maly dotaz interfaces 
ipsec0 a eth0 su uplne totozna je to normalne alebo som spravil niekde chybu.

Velmi pekne dakujem vsetkym za ochotu. 






Další informace o konferenci Linux