[linux] FreeS/Wan a FW-1

Jozef Novikmec novikmec na devil.lynx.sk
Pondělí Červen 3 17:38:17 CEST 2002 

Aku autentizaciu pouzivas?

Aku mas verziu FreeSWANu?

Dňa Po, 2002-06-03 at 17:26, Julius Loman napísal:
> Ahojte
> 
> pokusam sa rozbehat nasledujuci problem:
> Na stroji s linuxom (MDK) a dial-up pripojenim potrebujem rozbehnut
> pristup skrz Checkpoint FW-1/VPN-1 pristup do LAN 
> 
> Nacrt situacie (klasicky road warrior pripad)
> 
> (IPcky a.b.c.d a a.b.c.z su samozrejme IRL nahradene skutocnymi)
> 
> 
>     *--------------= ISP =-----*----------*%%%%%%%%%%%%%%
>  Linux                       router      FW-1      LAN
>  Dialup/ppp                 a.b.c.z    a.b.c.d   10.10.0.0/16
> 
> 
> PPP spojenie k ISP funguje OK
> Freeswan IPsec nainstalovane (z distribucie)
> 
> pri nahodeni IPsec dostanem takuto hlasku:
> --------
> 104 "linux-encdom" #4: STATE_MAIN_I1: initiate
> 003 "linux-encdom" #4: Notify Message Type of ISAKMP Notification Payload has an unknown value: 9101
> 003 "linux-encdom" #4: malformed payload in packet
> 010 "linux-encdom" #4: STATE_MAIN_I1: retransmission; will wait 20s for response
> 010 "linux-encdom" #4: STATE_MAIN_I1: retransmission; will wait 40s for response
> 031 "linux-encdom" #4: max number of retransmissions (2) reached STATE_MAIN_I1.
>  No acceptable response to our first IKE message
> 000 "linux-encdom" #4: starting keying attempt 2 of at most 3, but releasing whack
> --------
> 
> ipsec.conf vypada nasledovne
> 
> --------
> config setup
> 	interfaces=%defaultroute
> 	klipsdebug=none
> 	plutodebug=none
> 	plutoload=
> 	plutostart=
> 
> conn linux-encdom
> 	type=tunnel
> 	left=%defaultroute
> 	leftsubnet=
> 	leftnexthop=
> 	right=a.b.c.d
> 	rightnexthop=a.b.c.z
> 	rightsubnet=10.10.0.0/16
> 	keyexchange=ike
> 	auth=esp

IMHO by tu malo byt skor authby=rsasig alebo authby=secret podla toho
aku chces pouzit.

> 	pfs=no
> --------
> 
> 
> 
> v logu FW-1 sa objavi pri pokuse nahodit encdom toto:
> 
> reason Client Encryption: No commnon authentification method with
> firewall.
> 
> Na FW-1 som v nastaveni postupoval podla:
> http://support.checkpoint.com/kb/docs/public/firewall1/4_1/pdf/fw-linuxvpn.pdf
> 
> a nastavenia vypadaju byt ok...
> 
> nic viac v logu nevidim
> 
> kde moze byt zadrhel ? nestretol sa niekto z Vas s podobnou vecou ?
> Trochu som googlil, ale tam odporucaju vymazat nejaky subory z FW, ak to
> robi problemy aj pri instalacii policy (to u mne nie je) inak som nic
> rozumne nenasiel..
> 
> Popripade mi viete poslat nejaku example konfiguraciu road-warriora pre
> FreeS/wan, ktora zarucene funguje ? 
> 
> Dik moc
> 
> -- 
> 
> [ Julius Loman ] [ lomo na lomo.sk ] [ http://lomo.sk ] [ icq: 35732873 ]
> 
>  Linux IS user friendly, it's just selective who its friends are...

Další informace o konferenci linux