1er problème : lorsqu'un client ce connecte j'ai ces messages dans les logs IPSEC d'ipcop :
- Code: Tout sélectionner
route-client output: shell-init: could not get cu rrent directory: getcwd: cannot access parent directories: No such file or direc tory
13:51:13 pluto[26435] "toto"[4] 62.147.9.xx #62: route-client output: shell-init: could not get cu rrent directory: getcwd: cannot access parent directories: No such file or direc tory
13:51:13 pluto[26435] "toto"[4] 62.147.9.xx #62: prepare-client output: shell-init: could not get current directory: getcwd: cannot access parent directories: No such file or dir ectory
13:51:13 pluto[26435] "toto"[4] 62.147.9.xx #62: prepare-client output: shell-init: could not get current directory: getcwd: cannot access parent directories: No such file or dir ectory
13:51:13 pluto[26435] "toto"[4] 62.147.9.xx #62: up-client output: shell-init: could not get curre nt directory: getcwd: cannot access parent directories: No such file or director y
13:51:13 pluto[26435] "toto"[4] 62.147.9.xx #62: up-client output: shell-init: could not get curre nt directory: getcwd: cannot access parent directories: No such file or director y
2eme problème : Dans ssh sentinel on peut imposer l'utilisation d'une ip, masque, dns, wins. Mais si je paramètre tout le bazar avec une ip qui correspond à mon réseau local, plus moyen de me connecter, mais si je désactive cette fonction... pouff ça marche. Avec le paramétrage d'ip j'ai le message suivant du côté client :
- Code: Tout sélectionner
The remote server 82.232.11.xx:500 is draft-ietf-ipsec-nat-t-ike-00
Received vendor id `af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00' from No Id
(server 82.232.11.xx:500)
0.0.0.0:500 (Initiator) <-> 82.232.11.xx:500 { 6a27888b 65000006 - 76557ef3
9eb2d3f5 [-1] / 0x00000000 } IP; Warning, junk after packet len = 316, decoded
= 314
SPD: Can not determine per-rule trusted CA root set for remote identity
der_asn1_dn(any:0,[0..69]=C=FR, O=toto s.a., CN=vpndistant.dyndns.org).
Using only globally trusted roots.
0.0.0.0:500 (Initiator) <-> 82.232.11.91:500 { 6a27888b 65000006 - 76557ef3
9eb2d3f5 [-1] / 0x00000000 } IP; MESSAGE: Phase 1 version = 1.0, auth_method =
RSA signatures, cipher = 3des-cbc, hash = md5, prf = hmac-md5, life = 0 kB /
14400 sec, key len = 0, group = 2
Phase-1 [initiator] between der_asn1_dn(udp:500,[0..76]=C=FR, O=toto s.a.,
OU=Direction, CN=toto) and der_asn1_dn(any:0,[0..69]=C=FR, O=toto s.a.,
CN=vpndistant.dyndns.org) done.
0.0.0.0:500 (Responder) <-> 82.232.11.xx:500 { 6a27888b 65000006 - 76557ef3
9eb2d3f5 [1] / 0x405fccbb } Info; Received notify err = Invalid ID information
(18) to isakmp sa, delete it
Phase-2 [initiator] for ipv4(icmp:0,[0..3]=192.168.5.100) and
ipv4(icmp:0,[0..3]=192.168.5.1) failed; Aborted notification.
Ce que je ne comprend pas c'est d'où sort ce 192.168.5.1, je n'ai aucune machine à cette adresse.
Coté IPcop j'ai :
- Code: Tout sélectionner
14:17:09 pluto[26435] "toto"[6] 62.147.9.xx #66: sending encrypted notification INVALID_ID_INFORMA TION to 62.147.9.xx:500
14:17:09 pluto[26435] "toto"[6] 62.147.9.xx #66: cannot respond to IPsec SA request because no con nection is known for 192.168.5.0/24===82.232.11.xx[C=FR, O=toto s.a., CN=hild istant.dyndns.org]...62.147.9.xx[C=FR, O=toto s.a., OU=Direction, CN=toto ]===192.168.5.100/32
14:17:08 pluto[26435] "toto"[6] 62.147.9.xx #66: sent MR3, ISAKMP SA established
14:17:08 pluto[26435] "toto"[6] 62.147.9.xx #66: transition from state STATE_MAIN_R2 to state STAT E_MAIN_R3
14:17:08 pluto[26435] "toto" #63: deleting state (STATE_MAIN_R3)
14:17:08 pluto[26435] "toto" #64: deleting state (STATE_MAIN_R3)
14:17:08 pluto[26435] "toto" #65: deleting state (STATE_MAIN_R3)
14:17:08 pluto[26435] "toto"[6] 62.147.9.xx #66: deleting connection "toto" instance with peer 62.147.9.xx
