[linux] FreeS/Wan a FW-1

Julius Loman lomo na lomo.sk
Pondělí Červen 3 18:34:20 CEST 2002


On Mon, Jun 03, 2002 at 05:38:17PM +0200, Jozef Novikmec <novikmec na devil.lynx.sk> wrote:
> Aku autentizaciu pouzivas?
shared secret
> 
> Aku mas verziu FreeSWANu?
1.95 (posledna)
> 
> Dňa Po, 2002-06-03 at 17:26, Julius Loman napísal:
> > Ahojte
> > 
> > pokusam sa rozbehat nasledujuci problem:
> > Na stroji s linuxom (MDK) a dial-up pripojenim potrebujem rozbehnut
> > pristup skrz Checkpoint FW-1/VPN-1 pristup do LAN 
> > 
> > Nacrt situacie (klasicky road warrior pripad)
> > 
> > (IPcky a.b.c.d a a.b.c.z su samozrejme IRL nahradene skutocnymi)
> > 
> > 
> >     *--------------= ISP =-----*----------*%%%%%%%%%%%%%%
> >  Linux                       router      FW-1      LAN
> >  Dialup/ppp                 a.b.c.z    a.b.c.d   10.10.0.0/16
> > 
> > 
> > PPP spojenie k ISP funguje OK
> > Freeswan IPsec nainstalovane (z distribucie)
> > 
> > pri nahodeni IPsec dostanem takuto hlasku:
> > --------
> > 104 "linux-encdom" #4: STATE_MAIN_I1: initiate
> > 003 "linux-encdom" #4: Notify Message Type of ISAKMP Notification Payload has an unknown value: 9101
> > 003 "linux-encdom" #4: malformed payload in packet
> > 010 "linux-encdom" #4: STATE_MAIN_I1: retransmission; will wait 20s for response
> > 010 "linux-encdom" #4: STATE_MAIN_I1: retransmission; will wait 40s for response
> > 031 "linux-encdom" #4: max number of retransmissions (2) reached STATE_MAIN_I1.
> >  No acceptable response to our first IKE message
> > 000 "linux-encdom" #4: starting keying attempt 2 of at most 3, but releasing whack
> > --------
> > 
> > ipsec.conf vypada nasledovne
> > 
> > --------
> > config setup
> > 	interfaces=%defaultroute
> > 	klipsdebug=none
> > 	plutodebug=none
> > 	plutoload=
> > 	plutostart=
> > 
> > conn linux-encdom
> > 	type=tunnel
> > 	left=%defaultroute
> > 	leftsubnet=
> > 	leftnexthop=
> > 	right=a.b.c.d
> > 	rightnexthop=a.b.c.z
> > 	rightsubnet=10.10.0.0/16
> > 	keyexchange=ike
> > 	auth=esp
> 
> IMHO by tu malo byt skor authby=rsasig alebo authby=secret podla toho
> aku chces pouzit.
> 
> > 	pfs=no
> > --------
> > 
> > 
> > 
> > v logu FW-1 sa objavi pri pokuse nahodit encdom toto:
> > 
> > reason Client Encryption: No commnon authentification method with
> > firewall.
> > 
> > Na FW-1 som v nastaveni postupoval podla:
> > http://support.checkpoint.com/kb/docs/public/firewall1/4_1/pdf/fw-linuxvpn.pdf
> > 
> > a nastavenia vypadaju byt ok...
> > 
> > nic viac v logu nevidim
> > 
> > kde moze byt zadrhel ? nestretol sa niekto z Vas s podobnou vecou ?
> > Trochu som googlil, ale tam odporucaju vymazat nejaky subory z FW, ak to
> > robi problemy aj pri instalacii policy (to u mne nie je) inak som nic
> > rozumne nenasiel..
> > 
> > Popripade mi viete poslat nejaku example konfiguraciu road-warriora pre
> > FreeS/wan, ktora zarucene funguje ? 
> > 
> > Dik moc
> > 
> > -- 
> > 
> > [ Julius Loman ] [ lomo na lomo.sk ] [ http://lomo.sk ] [ icq: 35732873 ]
> > 
> >  Linux IS user friendly, it's just selective who its friends are...
> 
> 
> 
> _______________________________________________
> http://lists.linux.sk/listinfo/linux
> http://search.lists.linux.sk

-- 

[ Julius Loman ] [ lomo na lomo.sk ] [ http://lomo.sk ] [ icq: 35732873 ]

 It's now safe to throw off your computer.
------------- další část ---------------
Netextová příloha byla odstraněna...
JmÊno: [Şådný popis není k dispozici]
Typ: application/pgp-signature
Velikost: 232 bytes
Popis: [Şådný popis není k dispozici]
Url : http://lists.linux.sk/pipermail/linux/attachments/20020603/d39376ea/attachment.bin 


Další informace o konferenci linux