vpn linux - nomade win

[kallagan]

bonjour tout le monde, <BR> <BR>petit probleme dans ma longue quete de mise en place d'un vpn entre un sreveur linux et des postes nomades windows XP... <BR> <BR>j'ai suivi mot pour mot la doc de Jacques Grillot (http://www.sinasina.com/linux/securite/ ... indows.php) (tres bien faite ceci dit...) <BR> <BR>alors freeswan est lancé. les certificats sont installés (sous linux et sur une MMC de windows XP) <BR>je lance la commande ipsec -debug, la connexion VPN semble demarrer. <BR>dans la MMC je vois que la stratégie de sécurité se met a jour et ajoute FreeSwan <BR>mais sous linux, la commande ipsec eroute ne m'affiche RIEN... <IMG SRC="images/smiles/icon_cussing.gif"> alors qu'elle devrait selon la doc me donner une liste des connexions VPN actives.... <IMG SRC="images/smiles/icon_confused.gif"> <BR> <BR>evidemment impossible de pinger puisque en plus, aucune IP correspondant au reseau de mon serveur VPN n'a été attribuée a mon nomade (alors que ca se faisait tres facilement avec une connexion VPN par PPTP) <IMG SRC="images/smiles/icon_mad.gif"> <BR> <BR>quelqu'un sait il comment avancer ? <BR> <IMG SRC="images/smiles/icon_help.gif"> <IMG SRC="images/smiles/icon_help.gif"> <IMG SRC="images/smiles/icon_help.gif"> <IMG SRC="images/smiles/icon_help.gif"> <BR> <BR>d'avance... merci <IMG SRC="images/smiles/icon_wink.gif">

[Kamel]

J'ai un problème aussi sous win xp alors que sous win 2000 ca fonctionne!! <BR>dans les logs (/var/log/secure), j ai un message du type: ignoring vendor id payload. <BR>Tu as le meme genre d'erreur?

[kallagan]

je n'ai pas le fichier /var/log/secure <BR> <BR>freeswan est lancé avec l'option -debug donc je crois que tous ses logs passent par /var/log/syslog <BR> <BR>Or, dans syslog, j'ai que dalle... ni message d'erreur, ni message sympa style "t'es vraiment un admin de $%#&!" ou "franchement, tu ferais mieux de passer ta certif MCP..." <IMG SRC="images/smiles/icon_eek.gif">

[Kamel]

essaille de retirer la ligne dans ipsec.conf "syslog=..." et redemare le service ipsec. <BR>Puis tu fait genre un truc "tail -f /var/log/secure", ca rafraichi automatique tes logs dans une fenetre. <BR>Moi je v chercher dans mon coin pour erreur, ca doit etre la meme je pense

[kallagan]

je n'ai pas de ligne syslog= truc bidule <BR> <BR>j'ai 2 lignes : <BR> <BR>klipsdebug=none <BR>plutodebug=none <BR> <BR>que j'ai mis a =all et là c'est le feu d'artifice dans syslog au redémarrage : <BR> <BR> <BR>

Code: Tout sélectionner

  <BR>May 12 14:19:50 testserveur kernel: klips_debug:pfkey_release: sock=c07e5700 sk=c36af560 <BR>May 12 14:19:50 testserveur kernel: klips_debug:pfkey_destroy_socket: . <BR>May 12 14:19:50 testserveur kernel: klips_debug:pfkey_remove_socket: . <BR>May 12 14:19:50 testserveur kernel: klips_debug:pfkey_remove_socket: succeeded. <BR>May 12 14:19:50 testserveur kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called. <BR>May 12 14:19:50 testserveur kernel: klips_debug:pfkey_destroy_socket: sk(c36af560)->(&c36af5b4)receive_queue.{next=c36af5b4,prev=c36af5b4}. <BR>May 12 14:19:50 testserveur kernel: klips_debug:pfkey_destroy_socket: destroyed. <BR>May 12 14:19:50 testserveur kernel: klips_debug:pfkey_list_remove_socket: removing sock=c07e5700 <BR>May 12 14:19:50 testserveur last message repeated 12 times <BR>May 12 14:19:50 testserveur kernel: klips_debug:pfkey_release: succeeded. <BR>May 12 14:19:51 testserveur kernel: klips_debug:ipsec_device_event: NETDEV_GOING_DOWN dev=ipsec0 <BR>May 12 14:19:51 testserveur kernel: klips_debug:ipsec_device_event: NETDEV_DOWN dev=ipsec0 flags=80 <BR>May 12 14:19:51 testserveur kernel: IPSEC EVENT: KLIPS device ipsec0 shut down. <BR>May 12 14:19:51 testserveur kernel: klips_debug:ipsec_tunnel_ioctl: tncfg service call #35313 for dev=ipsec0 <BR>May 12 14:19:51 testserveur kernel: klips_debug:ipsec_tunnel_ioctl: calling ipsec_tunnel_detatch. <BR>May 12 14:19:51 testserveur kernel: klips_debug:ipsec_tunnel_detach: physical device eth1 being detached from virtual device ipsec0 <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_create: sock=c15c07a0 type:3 state:1 flags:0 protocol:2 <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_create: sock->fasync_list=00000000 sk->sleep=c15c07bc. <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_insert_socket: sk=c2a591e0 <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_list_insert_socket: socketp=c15c07a0 <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_create: Socket sock=c15c07a0 sk=c2a591e0 initialised. <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_sendmsg: . <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=16, errno=0, satype=0(UNKNOWN), len=9, res=0, seq=1, pid=15385. <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c5ef5e88. <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=c4a0fa00. <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_msg_interp: processing ext 25 c2d471b0 with processor c0265728. <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_x_debug_process: . <BR>May 12 14:19:51 testserveur kernel: klips_debug:pfkey_x_debug_process: unset <BR>May 12 14:19:51 testserveur ipsec_setup: ...FreeS/WAN IPsec stopped <BR>May 12 14:19:52 testserveur ipsec_setup: Starting FreeS/WAN IPsec 1.96... <BR>May 12 14:19:52 testserveur ipsec_setup: KLIPS debug `all' <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_x_debug_process: set <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message type 16 with msg_parser c0269ea0. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_x_msg_debug_parse: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_release: sock=c42a1760 sk=c2a591e0 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_remove_socket: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_remove_socket: succeeded. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: sk(c2a591e0)->(&c2a59234)receive_queue.{next=c2a59234,prev=c2a59234}. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: destroyed. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_list_remove_socket: removing sock=c42a1760 <BR>May 12 14:19:52 testserveur last message repeated 12 times <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_release: succeeded. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_create: sock=c42a1760 type:3 state:1 flags:0 protocol:2 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_create: sock->fasync_list=00000000 sk->sleep=c42a177c. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_insert_socket: sk=c2a591e0 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_list_insert_socket: socketp=c42a1760 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_create: Socket sock=c42a1760 sk=c2a591e0 initialised. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_sendmsg: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=15, errno=0, satype=0(UNKNOWN), len=4, res=0, seq=1, pid=15436. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c755fe88. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=c4a0fa00. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: processing ext 1 c758d310 with processor c0264b30. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_sa_process: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message type 15 with msg_parser c02698f8. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_x_delflow_parse: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_x_delflow_parse: CLEARFLOW flag set, calling cleareroutes. <BR>May 12 14:19:52 testserveur kernel: klips_debug:rj_walktree: for: rn=c13cfa48 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000 <BR>May 12 14:19:52 testserveur kernel: klips_debug:rj_walktree: processing leaves, rn=c13cfa78 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff <BR>May 12 14:19:52 testserveur kernel: klips_debug:rj_walktree: while: base=00000000 rn=c13cfa48 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_release: sock=c42a1760 sk=c2a591e0 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_remove_socket: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_remove_socket: succeeded. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: sk(c2a591e0)->(&c2a59234)receive_queue.{next=c2a59234,prev=c2a59234}. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: destroyed. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_list_remove_socket: removing sock=c42a1760 <BR>May 12 14:19:52 testserveur last message repeated 12 times <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_release: succeeded. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_create: sock=c42a1760 type:3 state:1 flags:0 protocol:2 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_create: sock->fasync_list=00000000 sk->sleep=c42a177c. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_insert_socket: sk=c2a591e0 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_list_insert_socket: socketp=c42a1760 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_create: Socket sock=c42a1760 sk=c2a591e0 initialised. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_sendmsg: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=9, errno=0, satype=0(UNKNOWN), len=2, res=0, seq=1, pid=15438. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c755fe88. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=c4a0fa00. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message type 9 with msg_parser c0268984. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_flush_parse: flushing type 0 SAs <BR>May 12 14:19:52 testserveur kernel: klips_debug:ipsec_tdbcleanup: cleaning up proto=0. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_upmsg: allocating 16 bytes... <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_upmsg: ...allocated at c12e1120. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_flush_parse: sending up flush reply message for satype=0(UNKNOWN) to socket=c42a1760 succeeded. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_release: sock=c42a1760 sk=c2a591e0 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_remove_socket: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_remove_socket: succeeded. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: pfkey_remove_socket called. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: sk(c2a591e0)->(&c2a59234)receive_queue.{next=c12e1120,prev=c12e1120}. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: skb=c12e1120 freed. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_destroy_socket: destroyed. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_list_remove_socket: removing sock=c42a1760 <BR>May 12 14:19:52 testserveur last message repeated 12 times <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_release: succeeded. <BR>May 12 14:19:52 testserveur ipsec_setup: KLIPS ipsec0 on eth1 192.1.0.141/255.255.255.0 broadcast 192.1.0.255 <BR>May 12 14:19:52 testserveur kernel: klips_debug:ipsec_tunnel_ioctl: tncfg service call #35312 for dev=ipsec0 <BR>May 12 14:19:52 testserveur kernel: klips_debug:ipsec_tunnel_ioctl: calling ipsec_tunnel_attatch... <BR>May 12 14:19:52 testserveur kernel: klips_debug:ipsec_tunnel_attach: physical device eth1 being attached has HW address:  0:80:c8:d5:64:c3 <BR>May 12 14:19:52 testserveur kernel: klips_debug:ipsec_tunnel_open: dev = ipsec0, prv->dev = eth1 <BR>May 12 14:19:52 testserveur kernel: klips_debug:ipsec_device_event: NETDEV_UP dev=ipsec0 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_create: sock=c07e5700 type:3 state:1 flags:0 protocol:2 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_create: sock->fasync_list=00000000 sk->sleep=c07e571c. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_insert_socket: sk=c36ae520 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_list_insert_socket: socketp=c07e5700 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_create: Socket sock=c07e5700 sk=c36ae520 initialised. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_sendmsg: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=2(AH), len=2, res=0, seq=1, pid=15473. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c51a5e88. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=c4a0fa00. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message type 7 with msg_parser c0268368. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_parse: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_list_insert_socket: socketp=c07e5700 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_parse: SATYPE=02(AH) successfully registered by KMd (pid=15473). <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: pfkey_supported_list[2]=c120b760 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: checking supported=c120b760 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: adding auth alg. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: checking supported=c120b780 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: adding auth alg. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: adding auth=c7fa7780 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: found satype=2(AH) exttype=14 id=3 ivlen=0 minbits=160 maxbits=160. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: adding auth=c7fa7788 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: found satype=2(AH) exttype=14 id=2 ivlen=0 minbits=128 maxbits=128. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_hdr_build: <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=c51a5da4 pfkey_ext=c51a5de8 *pfkey_ext=00000000. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=c51a5da4 pfkey_ext=c51a5de8 *pfkey_ext=c758df40. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_safe_build: error=0 <BR>May 12 14:19:52 testserveur ipsec_setup: ...FreeS/WAN IPsec started <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_safe_build:success. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_safe_build: error=0 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_safe_build:success. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_build: pfkey_msg=c33154a0 allocated 40 bytes, &(extensions[0])=c51a5de8 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[14]=c399f520 to=c33154b0 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00004001, required=00000001. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_upmsg: allocating 40 bytes... <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_upmsg: ...allocated at c12e1120. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: sending up register message for satype=2(AH) to socket=c07e5700 succeeded. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_recvmsg: sock=c07e5700 sk=c36ae520 msg=c51a5f80 size=4096. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_sendmsg: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=3(ESP), len=2, res=0, seq=2, pid=15473. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c51a5e88. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=c4a0fa00. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message type 7 with msg_parser c0268368. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_parse: . <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_list_insert_socket: socketp=c07e5700 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_parse: SATYPE=03(ESP) successfully registered by KMd (pid=15473). <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: pfkey_supported_list[3]=c120b700 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: checking supported=c120b700 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: adding encrypt alg. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: checking supported=c120b720 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: adding auth alg. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: checking supported=c120b740 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: adding auth alg. <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: adding encrypt=c758dde0 <BR>May 12 14:19:52 testserveur kernel: klips_debug:pfkey_register_reply: found satype=3(ESP) exttype=15 id=3 ivlen=64 minbits=168 maxbits=168. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: adding auth=c7fa7780 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: found satype=3(ESP) exttype=14 id=3 ivlen=0 minbits=160 maxbits=160. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: adding auth=c7fa7788 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: found satype=3(ESP) exttype=14 id=2 ivlen=0 minbits=128 maxbits=128. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_hdr_build: <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=c51a5da4 pfkey_ext=c51a5de8 *pfkey_ext=00000000. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=c51a5da4 pfkey_ext=c51a5de8 *pfkey_ext=c758dfc0. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build: error=0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build:success. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build: error=0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build:success. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build: error=0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build:success. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_build: pfkey_msg=c3315ae0 allocated 56 bytes, &(extensions[0])=c51a5de8 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_build: copying 24 bytes from extensions[14]=c758de00 to=c3315af0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=c758ddc0 to=c3315b08 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=0000c001, required=00000001. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_upmsg: allocating 56 bytes... <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_upmsg: ...allocated at c791dca0. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: sending up register message for satype=3(ESP) to socket=c07e5700 succeeded. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_recvmsg: sock=c07e5700 sk=c36ae520 msg=c51a5f80 size=4096. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_sendmsg: . <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=10(COMP), len=2, res=0, seq=3, pid=15473. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c51a5e88. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=c4a0fa00. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message type 7 with msg_parser c0268368. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_parse: . <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_list_insert_socket: socketp=c07e5700 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_parse: SATYPE=10(COMP) successfully registered by KMd (pid=15473). <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: pfkey_supported_list[10]=c120b6e0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: checking supported=c120b6e0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: adding encrypt alg. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: adding encrypt=c758ddc0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: found satype=10(COMP) exttype=15 id=2 ivlen=0 minbits=1 maxbits=1. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_hdr_build: <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=c51a5da4 pfkey_ext=c51a5de8 *pfkey_ext=00000000. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=c51a5da4 pfkey_ext=c51a5de8 *pfkey_ext=c758de00. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build: error=0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build:success. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build: error=0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build:success. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_build: pfkey_msg=c758dde0 allocated 32 bytes, &(extensions[0])=c51a5de8 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=c758dfc0 to=c758ddf0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00008001, required=00000001. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_upmsg: allocating 32 bytes... <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_upmsg: ...allocated at c5077a20. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: sending up register message for satype=10(COMP) to socket=c07e5700 succeeded. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_recvmsg: sock=c07e5700 sk=c36ae520 msg=c51a5f80 size=4096. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_sendmsg: . <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_sendmsg: msg sent for parsing. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message ver=2, type=7, errno=0, satype=9(IPIP), len=2, res=0, seq=4, pid=15473. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_alloc_ipsec_sa: allocated tdb struct=c51a5e88. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_interp: allocated extr->tdb=c4a0fa00. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_interp: parsing message type 7 with msg_parser c0268368. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_parse: . <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_list_insert_socket: socketp=c07e5700 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_parse: SATYPE=09(IPIP) successfully registered by KMd (pid=15473). <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: pfkey_supported_list[9]=c120b6c0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: checking supported=c120b6c0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: adding encrypt alg. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: adding encrypt=c758de00 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: found satype=9(IPIP) exttype=15 id=1 ivlen=0 minbits=32 maxbits=32. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_hdr_build: <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=c51a5da4 pfkey_ext=c51a5de8 *pfkey_ext=00000000. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=c51a5da4 pfkey_ext=c51a5de8 *pfkey_ext=c758dde0. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build: error=0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build:success. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build: error=0 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_safe_build:success. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_build: pfkey_msg=c7fa7780 allocated 32 bytes, &(extensions[0])=c51a5de8 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=c758ddc0 to=c7fa7790 <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00008001, required=00000001. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_upmsg: allocating 32 bytes... <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_upmsg: ...allocated at c5077a20. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_register_reply: sending up register message for satype=9(IPIP) to socket=c07e5700 succeeded. <BR>May 12 14:19:53 testserveur kernel: klips_debug:pfkey_recvmsg: sock=c07e5700 sk=c36ae520 msg=c51a5f80 size=4096. <BR> <BR> <BR>

[kallagan]

ah ba oui ca calme... <IMG SRC="images/smiles/icon_eek.gif">

[Kamel]

c quoi comme distribution de linux que tu as?

[kallagan]

debian 3.0 kernel 2.4.18

[FJ]

Hello <BR> <BR>Repondre esseye avec un clt 2K si tu peux et si cela marche il doit s'agir du "firewall" Windows XP un clasique de bug signé Billou (ps marche pas trop mal peut etre un peu trop quand on ne sait pas qu'il est active par defaut.) <BR> <BR>@+

[kallagan]

j'ai malheureusement que du windows XP sous la main... <BR>bref. y'en qui y sont arrivé, y'a pas d'raison ! <BR> <BR>quid du port 500 sur le serveur ? <BR> <BR>je m'explique, quand je veux lancer une connexion VPN, ca tente de se connecter et ethereal voit une requete vers le serveur sur le port 500 protocol ISAKMP qui semble ne pas aboutir. <BR> <BR>Sur le serveur un nmap localhost ne montre pas le port 500 et un netstat -atn non plus. normal ? <BR>avant d'arriver sur le serveur la requete passe par un routeur (IP publique) qui renvoie ensuite en interne vers mon serveur VPN. c'est pas ca qui bloquerait par hasard ???