[linux] FreeS/Wan a FW-1
Jozef Novikmec
novikmec na devil.lynx.sk
Pondělí Červen 3 17:38:17 CEST 2002
Aku autentizaciu pouzivas?
Aku mas verziu FreeSWANu?
Dňa Po, 2002-06-03 at 17:26, Julius Loman napísal:
> Ahojte
>
> pokusam sa rozbehat nasledujuci problem:
> Na stroji s linuxom (MDK) a dial-up pripojenim potrebujem rozbehnut
> pristup skrz Checkpoint FW-1/VPN-1 pristup do LAN
>
> Nacrt situacie (klasicky road warrior pripad)
>
> (IPcky a.b.c.d a a.b.c.z su samozrejme IRL nahradene skutocnymi)
>
>
> *--------------= ISP =-----*----------*%%%%%%%%%%%%%%
> Linux router FW-1 LAN
> Dialup/ppp a.b.c.z a.b.c.d 10.10.0.0/16
>
>
> PPP spojenie k ISP funguje OK
> Freeswan IPsec nainstalovane (z distribucie)
>
> pri nahodeni IPsec dostanem takuto hlasku:
> --------
> 104 "linux-encdom" #4: STATE_MAIN_I1: initiate
> 003 "linux-encdom" #4: Notify Message Type of ISAKMP Notification Payload has an unknown value: 9101
> 003 "linux-encdom" #4: malformed payload in packet
> 010 "linux-encdom" #4: STATE_MAIN_I1: retransmission; will wait 20s for response
> 010 "linux-encdom" #4: STATE_MAIN_I1: retransmission; will wait 40s for response
> 031 "linux-encdom" #4: max number of retransmissions (2) reached STATE_MAIN_I1.
> No acceptable response to our first IKE message
> 000 "linux-encdom" #4: starting keying attempt 2 of at most 3, but releasing whack
> --------
>
> ipsec.conf vypada nasledovne
>
> --------
> config setup
> interfaces=%defaultroute
> klipsdebug=none
> plutodebug=none
> plutoload=
> plutostart=
>
> conn linux-encdom
> type=tunnel
> left=%defaultroute
> leftsubnet=
> leftnexthop=
> right=a.b.c.d
> rightnexthop=a.b.c.z
> rightsubnet=10.10.0.0/16
> keyexchange=ike
> auth=esp
IMHO by tu malo byt skor authby=rsasig alebo authby=secret podla toho
aku chces pouzit.
> pfs=no
> --------
>
>
>
> v logu FW-1 sa objavi pri pokuse nahodit encdom toto:
>
> reason Client Encryption: No commnon authentification method with
> firewall.
>
> Na FW-1 som v nastaveni postupoval podla:
> http://support.checkpoint.com/kb/docs/public/firewall1/4_1/pdf/fw-linuxvpn.pdf
>
> a nastavenia vypadaju byt ok...
>
> nic viac v logu nevidim
>
> kde moze byt zadrhel ? nestretol sa niekto z Vas s podobnou vecou ?
> Trochu som googlil, ale tam odporucaju vymazat nejaky subory z FW, ak to
> robi problemy aj pri instalacii policy (to u mne nie je) inak som nic
> rozumne nenasiel..
>
> Popripade mi viete poslat nejaku example konfiguraciu road-warriora pre
> FreeS/wan, ktora zarucene funguje ?
>
> Dik moc
>
> --
>
> [ Julius Loman ] [ lomo na lomo.sk ] [ http://lomo.sk ] [ icq: 35732873 ]
>
> Linux IS user friendly, it's just selective who its friends are...
Další informace o konferenci linux