vpn et oui encore des soucis

[milo_guy]

Bonjour a tous. <BR> <BR>Voila alors je suis en train de monter un vpn <IMG SRC="images/smiles/icon_cussing.gif"> entre un client xp et un serveur ipcop 1.3 fix 7. <BR>et je rencontre un petit probleme car je n'arrive pas a ouvrir le port 500 en udp sur la machine ipcop pour l'authentification, je l'ai pourtant ouvert dans le menu service de l'interface web. <BR>dois- modifier le fichier rc.firewall de l'ipcop? et si oui quel est la syntaxe a utiliser? <BR> <BR>voila merci d'avance a vous si vous pouvait me debloquer.

[tomtom]

Heuuu... <BR> <BR>Si tu actives le vpn avec le menu, je pense que tu n'as rien à faire à la main dans les fichiers de config... <BR> <BR>cela devrait ouvrir le port 500 de lui-même... <BR> <BR>Donne nous plsu de details sur ta conifg ... <BR> <BR>t.

[milo_guy]

voici la config de l'ipcop <BR> <BR>config setup <BR> interfaces=%defaultroute <BR> klipsdebug=none <BR> plutodebug=none <BR> plutoload=%search <BR> plutostart=%search <BR> uniqueids=yes <BR> <BR>conn %default <BR> keyingtries=0 <BR> <BR>conn vpnnetinfo <BR> left=@IPCOP <BR> compress=no <BR> leftsubnet=192.168.1.1/24 <BR> leftnexthop=%defaultroute <BR> right=@WIN <BR> rightsubnet=192.168.2.1/24 <BR> rightnexthop=%defaultroute <BR> auto=start <BR> <BR>le fichier ipsec.secrets: <BR>@IPCOP @WIN : PSK "0x96f3c5a2000899bc1e3efb3ddbf6c64e" <BR> <BR>voici la config du windows <BR> <BR>config setup <BR> interfaces=%defaultroute <BR> klipsdebug=none <BR> plutodebug=none <BR> plutoload=%search <BR> plutostart=%search <BR> uniqueids=yes <BR> <BR> <BR>conn linux <BR> left=@IPCOP <BR> leftsubnet=192.168.1.1/30 <BR> leftids=@serveur <BR> right=@WIN <BR> rightsubnet=192.168.2.1/32 <BR> rightids=@client <BR> presharedkey=0x96f3c5a2000899bc1e3efb3ddbf6c64e <BR> network=auto <BR> auto=start <BR> pfs=yes <BR> compress=no <BR> <BR>le fichiers ipsec.secrets <BR>@WIN @IPCOP : PSK "0x96f3c5a2000899bc1e3efb3ddbf6c64e" <BR> <BR>voici c'est une installation de test avant deploiement reel. j'ai suivi pas mal de HOWTO, de tuto et autres mais la je seche. <BR>quand je fais un scan des port ouvert sur mon ipcop il me dit que le port 500 n'est pas ouvert, alors que pour la verif des prepartage il devrait etre ouvert. <BR> <BR>si ces infos peuvent vous aidez a eclairé ma lanterne.<IMG SRC="images/smiles/icon_find.gif"> <BR> <BR>@micalement

[milo_guy]

j'ai regarder les log d'ipcop et voici ce qu'il me sort: <BR> <BR>Jan 20 17:10:55 ipcop ipsec__plutorun: Starting Pluto subsystem... <BR>Jan 20 17:10:55 ipcop pluto[1534]: Starting Pluto (FreeS/WAN Version super-freeswan-1.99_kb2c) <BR>Jan 20 17:10:55 ipcop pluto[1534]: including X.509 patch (Version 0.9.15) <BR>Jan 20 17:10:55 ipcop pluto[1534]: including NAT-Traversal patch (Version 0.5a) [disabled] <BR>Jan 20 17:10:55 ipcop pluto[1534]: ike_alg_register_enc: Activating OAKLEY_AES_CBC: Ok (ret=0) <BR>Jan 20 17:10:55 ipcop pluto[1534]: ike_alg_register_enc: Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) <BR>Jan 20 17:10:55 ipcop pluto[1534]: ike_alg_register_enc: Activating OAKLEY_CAST_CBC: Ok (ret=0) <BR>Jan 20 17:10:55 ipcop pluto[1534]: ike_alg_register_enc: Activating OAKLEY_SERPENT_CBC: Ok (ret=0) <BR>Jan 20 17:10:55 ipcop pluto[1534]: ike_alg_register_hash: Activating OAKLEY_SHA2_256: Ok (ret=0) <BR>Jan 20 17:10:55 ipcop pluto[1534]: ike_alg_register_hash: Activating OAKLEY_SHA2_512: Ok (ret=0) <BR>Jan 20 17:10:55 ipcop pluto[1534]: ike_alg_register_enc: Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) <BR>Jan 20 17:10:55 ipcop pluto[1534]: ike_alg_register_enc: Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0) <BR>Jan 20 17:10:55 ipcop pluto[1534]: Changing to directory '/etc/ipsec.d/cacerts' <BR>Jan 20 17:10:55 ipcop pluto[1534]: Warning: empty directory <BR>Jan 20 17:10:55 ipcop pluto[1534]: Changing to directory '/etc/ipsec.d/crls' <BR>Jan 20 17:10:55 ipcop pluto[1534]: Warning: empty directory <BR>Jan 20 17:10:55 ipcop pluto[1534]: could not open my default X.509 cert file '/etc/x509cert.der' <BR>Jan 20 17:10:55 ipcop pluto[1534]: OpenPGP certificate file '/etc/pgpcert.pgp' not found <BR>Jan 20 17:10:56 ipcop pluto[1534]: | from whack: got --esp=3des <BR>Jan 20 17:10:56 ipcop pluto[1534]: | from whack: got --ike=3des <BR>Jan 20 17:10:56 ipcop pluto[1534]: added connection description "vpnnetinfo" <BR>Jan 20 17:10:56 ipcop pluto[1534]: listening for IKE messages <BR>Jan 20 17:10:56 ipcop pluto[1534]: adding interface ipsec0/eth1 195.242.162.5 <BR>Jan 20 17:10:56 ipcop pluto[1534]: loading secrets from "/etc/ipsec.secrets" <BR>Jan 20 17:10:57 ipcop pluto[1534]: "vpnnetinfo" #1: initiating Main Mode <BR>Jan 20 17:10:57 ipcop pluto[1534]: "vpnnetinfo" #1: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000003] <BR>Jan 20 17:10:57 ipcop pluto[1534]: "vpnnetinfo" #1: Peer ID is ID_IPV4_ADDR: '195.242.162.6' <BR>Jan 20 17:10:57 ipcop pluto[1534]: "vpnnetinfo" #1: ISAKMP SA established <BR>Jan 20 17:10:57 ipcop pluto[1534]: "vpnnetinfo" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK <BR>Jan 20 17:10:57 ipcop pluto[1534]: "vpnnetinfo" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN <BR>Jan 20 17:10:57 ipcop pluto[1534]: "vpnnetinfo" #1: received Delete SA payload: deleting ISAKMP State #1 <BR>Jan 20 17:11:07 ipcop pluto[1534]: packet from 195.242.162.6:500: ignoring informational payload, type INVALID_COOKIE <BR> <BR> <BR>donc si je comprend bien le log, il m'identifie correctement "ISAKMP SA established" mais au moment d'ouvrir le tunnel, il stop tout. <BR> <BR>si vous avez deja vu ce prob quelque part. <BR>