VPN : pas de ping

[SecureMan]

Bonjour,

Voici l'architecture que je mets en place :

LAN1 <--> Routeur1 (VPN) <--> INTERNET <--> IPCOP <--> Routeur2 (VPN) <--> LAN2

Le VPN se monte correctement. Il est visible des deux cotes, cependant, je n'ai aucune reponse de ping ou autre.

J'ai transfere le 500, 50 et 51 sur IPCOP vers le Routeur2. Sur l'interface graphique d'IPCOp dans la section VPN, j'ai indique dans le VPN Hostname l'adresse IP du Routeur2.

Qqn aurait une idee ? S'agit il d'un probleme de route ?

Merci.

[belugha]

Le VPN se monte correctement. Il est visible des deux cotes, cependant, je n'ai aucune reponse de ping ou autre.

Bonjour,

Visible -> Cela veut dire quoi et comment ?

Ping -> De ou à ou ?

Que te dis les logs dans le /var/log/secure ?

[SecureMan]

Je vois que le tunnel est correctement monte sur les elements qui gerent le VPN de chaque cote. Sur chacun des equipements gerant le VPN, j'ai des logs indiquant que le tunnel est correctement monte, et je peux le visualiser dans le monitoring VPN.

Cependant, si, du reseau principal je lance un ping vers une machine du site secondaire, je n'ai pas de reponse, et reciproquement.

N'ayant pas de /var/log/secure (je suis sous 1.4b3), voici le contenu de mon /var/log/messages. Desole pour l'exhaustivite mais ne parvenant aps a resoudre mon probleme...

Jun 17 18:09:26 Grosse pluto[893]: loading secrets from "/etc/ipsec.secrets"
Jun 17 18:09:26 Grosse pluto[893]: | from whack: got --esp=aes128-sha1
Jun 17 18:09:26 Grosse pluto[893]: | from whack: got --ike=aes128-sha-modp1024
Jun 17 18:09:26 Grosse pluto[893]: added connection description "TEST"
Jun 17 18:09:26 Grosse pluto[893]: "TEST": we have no ipsecN interface for either end of this connection
Jun 17 18:09:29 Grosse pluto[893]: forgetting secrets
Jun 17 18:09:29 Grosse pluto[893]: loading secrets from "/etc/ipsec.secrets"
Jun 17 18:09:29 Grosse pluto[893]: "TEST": terminating SAs using this connection
Jun 17 18:09:29 Grosse pluto[893]: "TEST": deleting connection
Jun 17 18:09:36 Grosse pluto[893]: shutting down
Jun 17 18:09:36 Grosse pluto[893]: forgetting secrets
Jun 17 18:09:36 Grosse pluto[893]: shutting down interface ipsec0/eth2 192.168.25.1
Jun 17 18:09:36 Grosse pluto[893]: shutting down interface ipsec0/eth2 192.168.25.1
Jun 17 18:09:37 Grosse ipsec__plutorun: Starting Pluto subsystem...
Jun 17 18:09:37 Grosse pluto[1318]: Starting Pluto (Openswan Version 1.0.1)
Jun 17 18:09:37 Grosse pluto[1318]: including X.509 patch with traffic selectors (Version 0.9.37)
Jun 17 18:09:37 Grosse pluto[1318]: including NAT-Traversal patch (Version 0.6)
Jun 17 18:09:37 Grosse pluto[1318]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jun 17 18:09:37 Grosse pluto[1318]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jun 17 18:09:37 Grosse pluto[1318]: ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Jun 17 18:09:37 Grosse pluto[1318]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jun 17 18:09:37 Grosse pluto[1318]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Jun 17 18:09:37 Grosse pluto[1318]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Jun 17 18:09:37 Grosse pluto[1318]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jun 17 18:09:37 Grosse pluto[1318]: ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Jun 17 18:09:37 Grosse pluto[1318]: Changing to directory '/etc/ipsec.d/cacerts'
Jun 17 18:09:37 Grosse pluto[1318]: Warning: empty directory
Jun 17 18:09:37 Grosse pluto[1318]: Changing to directory '/etc/ipsec.d/crls'
Jun 17 18:09:37 Grosse pluto[1318]: Warning: empty directory
Jun 17 18:09:37 Grosse pluto[1318]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
Jun 17 18:09:37 Grosse pluto[1318]: listening for IKE messages
Jun 17 18:09:37 Grosse pluto[1318]: adding interface ipsec0/eth2 192.168.25.1
Jun 17 18:09:37 Grosse pluto[1318]: adding interface ipsec0/eth2 192.168.25.1:4500
Jun 17 18:09:37 Grosse pluto[1318]: loading secrets from "/etc/ipsec.secrets"
Jun 17 18:09:42 Grosse pluto[1318]: shutting down
Jun 17 18:09:42 Grosse pluto[1318]: shutting down interface ipsec0/eth2 192.168.25.1
Jun 17 18:09:42 Grosse pluto[1318]: shutting down interface ipsec0/eth2 192.168.25.1
Jun 17 18:09:43 Grosse ipsec__plutorun: Starting Pluto subsystem...
Jun 17 18:09:43 Grosse pluto[1529]: Starting Pluto (Openswan Version 1.0.1)
Jun 17 18:09:43 Grosse pluto[1529]: including X.509 patch with traffic selectors (Version 0.9.37)
Jun 17 18:09:43 Grosse pluto[1529]: including NAT-Traversal patch (Version 0.6)
Jun 17 18:09:44 Grosse pluto[1529]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jun 17 18:09:44 Grosse pluto[1529]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jun 17 18:09:44 Grosse pluto[1529]: ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Jun 17 18:09:44 Grosse pluto[1529]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jun 17 18:09:44 Grosse pluto[1529]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Jun 17 18:09:44 Grosse pluto[1529]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Jun 17 18:09:44 Grosse pluto[1529]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jun 17 18:09:44 Grosse pluto[1529]: ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Jun 17 18:09:44 Grosse pluto[1529]: Changing to directory '/etc/ipsec.d/cacerts'
Jun 17 18:09:44 Grosse pluto[1529]: Warning: empty directory
Jun 17 18:09:44 Grosse pluto[1529]: Changing to directory '/etc/ipsec.d/crls'
Jun 17 18:09:44 Grosse pluto[1529]: Warning: empty directory
Jun 17 18:09:44 Grosse pluto[1529]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
Jun 17 18:09:44 Grosse pluto[1529]: listening for IKE messages
Jun 17 18:09:44 Grosse pluto[1529]: adding interface ipsec0/eth2 192.168.25.1
Jun 17 18:09:44 Grosse pluto[1529]: adding interface ipsec0/eth2 192.168.25.1:4500
Jun 17 18:09:44 Grosse pluto[1529]: loading secrets from "/etc/ipsec.secrets"