Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
trouble with ipsec kame kernel 2.6.7
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Russian
View previous topic :: View next topic  
Author Message
GOROD
n00b
n00b


Joined: 25 Jun 2004
Posts: 12

PostPosted: Wed Mar 16, 2005 10:52 am    Post subject: trouble with ipsec kame kernel 2.6.7 Reply with quote

Добрый день.
вот пытаюсь настроить тестовый стенд

есть два компа
1. комп 1 - admin
eth0 192.168.14.63/24
dummy0 192.168.4.1/29

2. комп 2 - dell
eth0 192.168.14.8/24
dummy0 192.168.5.1/29

нужно чтобы с dummy интерфейсов можно было пинговать другой dummy интерфейс.

но что то не работает никак.
вот пример /etc/setkey.conf

Quote:

#!/usr/sbin/setkey -f

flush;
spdflush;


add 192.168.14.63 192.168.14.8 esp 0x201 -m tunnel -E 3des-cbc 0xbc1cb5bbe4f475ebaf447b35efc2c1e81e5b11ca5958b103 -A hmac-md5 0x5ebb974ffd20c53a8a4e1038c926b4ba;

add 192.168.14.8 192.168.14.63 esp 0x301 -m tunnel -E 3des-cbc 0x13dbd62e6b1860051ec1bd8606f7814da00a9f52f6ae4399 -A hmac-md5 0xb3f8dfb67fac473c794e3bb6510edd91;

spdadd 192.168.4.0/29 192.168.5.0/29 any -P out ipsec
esp/tunnel/192.168.14.63-192.168.14.8/require;

spdadd 192.168.5.0/29 192.168.4.0/29 any -P in ipsec
esp/tunnel/192.168.14.8-192.168.14.63/require;




конфиг одинаковый на обоих машинах за исключением правил ipsec
в делле поменял in/out на out/in

на админе
setkey -D
Quote:

192.168.14.8 192.168.14.63
esp mode=tunnel spi=769(0x00000301) reqid=0(0x00000000)
E: 3des-cbc 13dbd62e 6b186005 1ec1bd86 06f7814d a00a9f52 f6ae4399
A: hmac-md5 b3f8dfb6 7fac473c 794e3bb6 510edd91
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Mar 16 10:17:12 2005 current: Mar 16 15:40:20 2005
diff: 19388(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=4714 refcnt=0
192.168.14.63 192.168.14.8
esp mode=tunnel spi=513(0x00000201) reqid=0(0x00000000)
E: 3des-cbc bc1cb5bb e4f475eb af447b35 efc2c1e8 1e5b11ca 5958b103
A: hmac-md5 5ebb974f fd20c53a 8a4e1038 c926b4ba
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Mar 16 10:17:12 2005 current: Mar 16 15:40:20 2005
diff: 19388(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=4714 refcnt=0



setkey -DP
Quote:


192.168.5.0/29[any] 192.168.4.0/29[any] any
in ipsec
esp/tunnel/192.168.14.8-192.168.14.63/require
created: Mar 16 10:17:12 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=8 seq=1 pid=4716
refcnt=1
192.168.4.0/29[any] 192.168.5.0/29[any] any
out ipsec
esp/tunnel/192.168.14.63-192.168.14.8/require
created: Mar 16 10:17:12 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1 seq=0 pid=4716
refcnt=1


на делле
setkey -D
Quote:

192.168.14.8 192.168.14.63
esp mode=tunnel spi=769(0x00000301) reqid=0(0x00000000)
E: 3des-cbc 13dbd62e 6b186005 1ec1bd86 06f7814d a00a9f52 f6ae4399
A: hmac-md5 b3f8dfb6 7fac473c 794e3bb6 510edd91
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Feb 28 17:51:03 2005 current: Feb 28 23:16:40 2005
diff: 19537(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=16506 refcnt=0
192.168.14.63 192.168.14.8
esp mode=tunnel spi=513(0x00000201) reqid=0(0x00000000)
E: 3des-cbc bc1cb5bb e4f475eb af447b35 efc2c1e8 1e5b11ca 5958b103
A: hmac-md5 5ebb974f fd20c53a 8a4e1038 c926b4ba
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Feb 28 17:51:03 2005 current: Feb 28 23:16:40 2005
diff: 19537(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=16506 refcnt=0


setkey -DP
Quote:

192.168.5.0/29[any] 192.168.4.0/29[any] any
in ipsec
esp/tunnel/192.168.14.8-192.168.14.63/require
created: Feb 28 17:51:03 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=584 seq=7 pid=16507
refcnt=1
192.168.4.0/29[any] 192.168.5.0/29[any] any
out ipsec
esp/tunnel/192.168.14.63-192.168.14.8/require
created: Feb 28 17:51:03 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=577 seq=6 pid=16507
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: Feb 28 23:05:11 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=899 seq=5 pid=16507
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: Feb 28 23:05:11 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=867 seq=4 pid=16507
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
in none
created: Feb 28 23:05:11 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=851 seq=3 pid=16507
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: Feb 28 23:05:11 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=908 seq=2 pid=16507
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: Feb 28 23:05:11 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=876 seq=1 pid=16507
refcnt=1
0.0.0.0/0[any] 0.0.0.0/0[any] any
out none
created: Feb 28 23:05:11 2005 lastused:
lifetime: 0(s) validtime: 0(s)
spid=860 seq=0 pid=16507
refcnt=1



ну и на последок
lsmod на админе
Quote:


Module Size Used by
iptable_filter 2688 0
ip_tables 17024 1 iptable_filter
dummy 2564 0
esp4 6912 2
deflate 3200 0
zlib_deflate 22296 1 deflate
twofish 38784 0
serpent 13696 0
blowfish 10112 0
des 11904 2
sha256 9856 0
sha1 8704 0
crypto_null 2432 0
af_key 28688 0
floppy 55376 0
snd_mixer_oss 18432 2
nvidia 4818868 12
snd_emu10k1 92808 6
snd_rawmidi 21028 1 snd_emu10k1
snd_pcm 87304 2 snd_emu10k1
snd_timer 22148 1 snd_pcm
snd_seq_device 7176 2 snd_emu10k1,snd_rawmidi
snd_ac97_codec 66820 1 snd_emu10k1
snd_page_alloc 9480 2 snd_emu10k1,snd_pcm
snd_util_mem 3840 1 snd_emu10k1
snd_hwdep 7812 1 snd_emu10k1
snd 48612 16 snd_mixer_oss,snd_emu10k1,snd_rawmidi,snd_pcm,snd_timer,snd_seq_device,snd_ac97_codec,snd_util_mem,snd_hwdep
vmmon 48952 0
soundcore 7776 3 snd
parport_pc 22848 1
lp 9900 0
parport 35912 2 parport_pc,lp
Win4Lin 289768 1
mki_adapter 40036 1 Win4Lin
nfs 182080 2
lockd 58440 2 nfs
sunrpc 132324 5 nfs,lockd
8139too 21504 0
mii 4480 1 8139too
nls_koi8_r 5248 2
ntfs 147736 2
dm_mod 53116 0
uhci_hcd 30096 0
ehci_hcd 29060 0
button 5144 0
battery 7692 0
asus_acpi 9624 0
ac 3724 0
xfs 579544 2
sd_mod 18688 7
sata_sil 5508 5
libata 34436 1 sata_sil
scsi_mod 105164 2 sd_mod,libata


и lsmod на делле
Quote:

dummy 1864 -
ipip 8228 -
ipcomp 5796 -
ip_gre 10976 -
esp4 7972 -
ah4 5636 -
twofish 38148 -
tcrypt 57264 -
sha512 9348 -
sha256 9188 -
sha1 8100 -
serpent 13124 -
michael_mic 2052 -
md5 3428 -
md4 3012 -
des 11236 -
deflate 2564 -
zlib_deflate 21752 -
zlib_inflate 21060 -
crypto_null 1764 -
crc32c 1316 -
libcrc32c 2148 -
cast6 20804 -
cast5 15812 -
blowfish 9508 -
arc4 1316 -
aes 32128 -
sd_mod 16352 -
sg 29636 -
usb_storage 95312 -
pegasus 20940 -
usbnet 27532 -
uhci_hcd 29392 -
ohci_hcd 31272 -
ehci_hcd 40968 -
usbcore 110080 -

Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Russian All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum