A l'aide, Prob Cnx RPV avec la 1.4.0

[PatHbt]

Salut à tous (tes),

Je reviens avec mes questions banales pour certains mais c'est pas evident quand on commence...

J'essaie de faire fonctionner un RPV entre 2 IPCop-1.4.0, je galere et + je cherche, + je m'enfonce.
Je me demande si c'est pas + facile avec la MNF...

Avec cette version, faut-il aller modifier ipsec.conf, ipsec.secret et rc.firewall comme decrit à plusieurs reprises sur le forum entre 1.3 et 1.4.

Dans les Logs, j'ai toujours "we have no ipsecN interface for either end of this connection" et pourtant les interfaces IPsec0 à IPsec15 se sont crées apres ma config, sur les 2 sites.
Voici un extrait de ifconfig de mes 2 sites:

COTE CLIENT:
ipsec0 Link encap:Ethernet HWaddr 00:08:A1:71:6B:B1
inet addr:10.0.0.251 Mask:255.0.0.0
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

COTE SERVEUR:
ipsec0 Link encap:Point-to-Point Protocol
inet addr:81.250.125.79 Mask:255.255.255.255
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

Si qqu'un a une idée...
@+Pat

[PatHbt]

En fait , j'ai laissé de cote les certificats et essaie de valider mon VPN avec une authentification par mot de passe. J'ai mis le meme mot de passe de chaque coté evidemment.

Si vous avez une idée d'apres la lecture de ces logs coté client: (j'y perds mon latin)

Oct 21 13:08:55 gwce pluto[15135]: "vpncreaweb" #2: initiating Main Mode
Oct 21 13:08:55 gwce pluto[15135]: "vpncreaweb" #2: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Oct 21 13:08:55 gwce pluto[15135]: "vpncreaweb" #2: received Vendor ID payload [Dead Peer Detection]
Oct 21 13:08:55 gwce pluto[15135]: "vpncreaweb" #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Oct 21 13:08:55 gwce pluto[15135]: "vpncreaweb" #2: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
Oct 21 13:08:55 gwce pluto[15135]: "vpncreaweb" #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Oct 21 13:08:56 gwce pluto[15135]: "vpncreaweb" #2: ignoring informational payload, type INVALID_ID_INFORMATION
Oct 21 13:08:56 gwce pluto[15135]: "vpncreaweb" #2: received and ignored informational message
Oct 21 13:08:58 gwce pluto[15135]: forgetting secrets
Oct 21 13:08:58 gwce pluto[15135]: loading secrets from "/etc/ipsec.secrets"
Oct 21 13:08:58 gwce pluto[15135]: "vpncreaweb": deleting connection
Oct 21 13:08:58 gwce pluto[15135]: "vpncreaweb" #2: deleting state (STATE_MAIN_I3)
Oct 21 13:08:58 gwce pluto[15135]: | from whack: got --esp=3des
Oct 21 13:08:58 gwce pluto[15135]: | from whack: got --ike=3des
Oct 21 13:08:58 gwce pluto[15135]: added connection description "vpncreaweb"
Oct 21 13:08:58 gwce pluto[15135]: "vpncreaweb" #3: initiating Main Mode
Oct 21 13:08:58 gwce pluto[15135]: "vpncreaweb" #3: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Oct 21 13:08:58 gwce pluto[15135]: "vpncreaweb" #3: received Vendor ID payload [Dead Peer Detection]
Oct 21 13:08:58 gwce pluto[15135]: "vpncreaweb" #3: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Oct 21 13:08:58 gwce pluto[15135]: "vpncreaweb" #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
Oct 21 13:08:58 gwce pluto[15135]: "vpncreaweb" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Oct 21 13:08:59 gwce pluto[15135]: "vpncreaweb" #3: ignoring informational payload, type INVALID_ID_INFORMATION
Oct 21 13:08:59 gwce pluto[15135]: "vpncreaweb" #3: received and ignored informational message
Oct 21 13:09:05 gwce pluto[15135]: packet from 81.250.125.70:500: Phase 1 message is part of an unknown exchange
Oct 21 13:09:08 gwce pluto[15135]: "vpncreaweb" #3: discarding duplicate packet; already STATE_MAIN_I3
Oct 21 13:09:08 gwce pluto[15135]: "vpncreaweb" #3: ignoring informational payload, type INVALID_ID_INFORMATION
Oct 21 13:09:08 gwce pluto[15135]: "vpncreaweb" #3: received and ignored informational message
Oct 21 13:09:11 gwce pluto[15135]: packet from 81.250.125.70:500: Phase 1 message is part of an unknown exchange
Oct 21 13:09:25 gwce pluto[15135]: packet from 81.250.125.70:500: Phase 1 message is part of an unknown exchange
Oct 21 13:09:28 gwce pluto[15135]: "vpncreaweb" #3: discarding duplicate packet; already STATE_MAIN_I3
Oct 21 13:09:29 gwce pluto[15135]: "vpncreaweb" #3: ignoring informational payload, type INVALID_ID_INFORMATION
Oct 21 13:09:29 gwce pluto[15135]: "vpncreaweb" #3: received and ignored informational message
Oct 21 13:10:08 gwce pluto[15135]: "vpncreaweb" #3: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message

[PatHbt]

Cote client je dois passer par un routeur france telecom qui laiise tout passer, MAIS:
L'adressage entre le routeur et IPCop est 10.0.0.1 pour IPCop et 10.0.0.138 pur le routeur.
QUESTION :
Que dois je mettre à "Nom d'hôte ou IP locale du RPV:" 10.0.0.1 ou l'IP internet (fixe) ?

Coté SERVEUR j'ai un modem ADSL avec une IP Dyndns.org, si bien que lle Nom d'hôte ou IP locale du RPV: est l'IP INTERNET.

[PatHbt]

Voila les logs cote serveur, il doit y avoir une incompatibile avec le routeur cote client:
l'adresse 10.0.0.1
un vieux tail -f /var/log/messages:

Oct 21 13:42:19 gw pluto[5361]: "vpncreaweb" #41: Main mode peer ID is ID_IPV4_ADDR: '10.0.0.1'
Oct 21 13:42:19 gw pluto[5361]: "vpncreaweb" #41: no suitable connection for peer '10.0.0.1'
Oct 21 13:42:19 gw pluto[5361]: "vpncreaweb" #41: sending notification INVALID_ID_INFORMATION to 213.56.47.90:500
Oct 21 13:42:36 gw kernel: INPUT IN=ppp0 OUT= MAC= SRC=213.56.47.90 DST=81.250.125.70 LEN=56 TOS=0x00 PREC=0x00 TTL=248 ID=407 DF PROTO=ICMP TYPE=3 CODE=3 [SRC=81.250.125.70 DST=213.56.47.90 LEN=368 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=500 DPT=45353 LEN=328 ]
Oct 21 13:42:39 gw pluto[5361]: "vpncreaweb" #41: Main mode peer ID is ID_IPV4_ADDR: '10.0.0.1'
Oct 21 13:42:39 gw pluto[5361]: "vpncreaweb" #41: no suitable connection for peer '10.0.0.1'
Oct 21 13:42:39 gw pluto[5361]: "vpncreaweb" #41: sending notification INVALID_ID_INFORMATION to 213.56.47.90:500
Oct 21 13:43:16 gw kernel: INPUT IN=ppp0 OUT= MAC= SRC=213.56.47.90 DST=81.250.125.70 LEN=56 TOS=0x00 PREC=0x00 TTL=248 ID=408 DF PROTO=ICMP TYPE=3 CODE=3 [SRC=81.250.125.70 DST=213.56.47.90 LEN=368 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=500 DPT=45353 LEN=328 ]
Oct 21 13:43:19 gw pluto[5361]: "vpncreaweb" #41: max number of retransmissions (2) reached STATE_MAIN_R2
Oct 21 13:43:19 gw pluto[5361]: packet from 213.56.47.90:45358: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Oct 21 13:43:19 gw pluto[5361]: packet from 213.56.47.90:45358: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Oct 21 13:43:19 gw pluto[5361]: packet from 213.56.47.90:45358: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 21 13:43:19 gw pluto[5361]: packet from 213.56.47.90:45358: received Vendor ID payload [Dead Peer Detection]
Oct 21 13:43:19 gw pluto[5361]: packet from 213.56.47.90:45358: initial Main Mode message received on 81.250.125.70:4500 but no connection has been authorized with policy=PSK


Y a ty qqu'un qui comprend et qui pourrait m'eclairer un peu....

@+Pat