VPN IPCOP 1.3 + 2 routeurs Dlink DI804V
Modérateur: modos Ixus
2 messages
• Page 1 sur 1
par lfraison » 14 Nov 2003 16:19
Salut à tous,
<BR>
<BR>J'ai configuré mon IPCop pour accepter 2 connexions VPN depuis nos deux bureaux externes. Chaque routeur à un adresse WAN fixe et un sous réseau différent :
<BR>Ipcop : Wan 213.XX.XX.43
<BR>Lan 192.168.0.1/24
<BR>
<BR>Bureau A : Wan 213.XX.XX.181
<BR>Lan 10.6.2.0/24
<BR>
<BR>Bureau B : Wab 213.XX.XX.182
<BR>Lan 10.6.3.0/24
<BR>
<BR>J'ai modifié mon /etc/rc.d/rc.firewall en lui ajoutant :
<BR># VPN
<BR>iptables -I INPUT -i ipsec0 -j ACCEPT
<BR>iptables -I OUPUT -o ipsec0 -j ACCEPT
<BR>comme indiqué dans certains post.
<BR>
<BR>Maintenant j'ai bien une connexion VPN entre le bureau A et IpCop ainsi qu'entre le bureau B et IpCop mais les pings ne passent pas ni dans un sens ni dans l'autre.
<BR>
<BR>Voici les logs de /var/log/secure :
<BR>
<BR>Nov 14 15:04:29 achille ipsec__plutorun: Starting Pluto subsystem...
<BR>Nov 14 15:04:29 achille pluto[2645]: Starting Pluto (FreeS/WAN Version super-freeswan-1.99_kb2c)
<BR>Nov 14 15:04:29 achille pluto[2645]: including X.509 patch (Version 0.9.15)
<BR>Nov 14 15:04:29 achille pluto[2645]: including NAT-Traversal patch (Version 0.5a) [disabled]
<BR>Nov 14 15:04:29 achille pluto[2645]: ike_alg_register_enc: Activating OAKLEY_AES_CBC: Ok (ret=0)
<BR>Nov 14 15:04:29 achille pluto[2645]: ike_alg_register_enc: Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
<BR>Nov 14 15:04:29 achille pluto[2645]: ike_alg_register_enc: Activating OAKLEY_CAST_CBC: Ok (ret=0)
<BR>Nov 14 15:04:29 achille pluto[2645]: ike_alg_register_enc: Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
<BR>Nov 14 15:04:29 achille pluto[2645]: ike_alg_register_hash: Activating OAKLEY_SHA2_256: Ok (ret=0)
<BR>Nov 14 15:04:29 achille pluto[2645]: ike_alg_register_hash: Activating OAKLEY_SHA2_512: Ok (ret=0)
<BR>Nov 14 15:04:29 achille pluto[2645]: ike_alg_register_enc: Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
<BR>Nov 14 15:04:29 achille pluto[2645]: ike_alg_register_enc: Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
<BR>Nov 14 15:04:29 achille pluto[2645]: Changing to directory '/etc/ipsec.d/cacerts'
<BR>Nov 14 15:04:29 achille pluto[2645]: Warning: empty directory
<BR>Nov 14 15:04:29 achille pluto[2645]: Changing to directory '/etc/ipsec.d/crls'
<BR>Nov 14 15:04:29 achille pluto[2645]: Warning: empty directory
<BR>Nov 14 15:04:29 achille pluto[2645]: could not open my default X.509 cert file '/etc/x509cert.der'
<BR>Nov 14 15:04:29 achille pluto[2645]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
<BR>Nov 14 15:04:30 achille pluto[2645]: | from whack: got --esp=3des
<BR>Nov 14 15:04:30 achille pluto[2645]: | from whack: got --ike=3des
<BR>Nov 14 15:04:30 achille pluto[2645]: added connection description "vpnjc"
<BR>Nov 14 15:04:30 achille pluto[2645]: | from whack: got --esp=3des
<BR>Nov 14 15:04:30 achille pluto[2645]: | from whack: got --ike=3des
<BR>Nov 14 15:04:30 achille pluto[2645]: added connection description "villef"
<BR>Nov 14 15:04:30 achille pluto[2645]: listening for IKE messages
<BR>Nov 14 15:04:30 achille pluto[2645]: adding interface ipsec0/ppp0 213.41.129.93
<BR>Nov 14 15:04:30 achille pluto[2645]: loading secrets from "/etc/ipsec.secrets"
<BR>Nov 14 15:04:30 achille pluto[2645]: "vpnjc" #1: initiating Main Mode
<BR>Nov 14 15:05:01 achille pluto[2645]: "vpnjc" #1: Peer ID is ID_IPV4_ADDR: '213.41.158.181'
<BR>Nov 14 15:05:01 achille pluto[2645]: "vpnjc" #1: ISAKMP SA established
<BR>Nov 14 15:05:01 achille pluto[2645]: "vpnjc" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK
<BR>Nov 14 15:05:07 achille pluto[2645]: "vpnjc" #2: sent QI2, IPsec SA established
<BR>Nov 14 15:05:07 achille pluto[2645]: "villef" #3: initiating Main Mode
<BR>Nov 14 15:05:15 achille pluto[2645]: "villef" #3: Peer ID is ID_IPV4_ADDR: '213.41.158.182'
<BR>Nov 14 15:05:15 achille pluto[2645]: "villef" #3: ISAKMP SA established
<BR>Nov 14 15:05:15 achille pluto[2645]: "villef" #4: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK
<BR>Nov 14 15:05:21 achille pluto[2645]: "villef" #4: sent QI2, IPsec SA established
<BR>
<BR>Quelqu'un a'til une idée ?
<BR>
<BR>Merci d'avance
<BR>
<BR>LF <IMG SRC="images/smiles/icon_confused.gif">
-
lfraison - Second Maître
- Messages: 28
- Inscrit le: 10 Sep 2003 00:00
2 messages
• Page 1 sur 1
Qui est en ligne ?
Utilisateur(s) parcourant actuellement ce forum : Aucun utilisateur inscrit et 1 invité