Ipsec - Ip Saitic + Ip Dinamic

Rodrigo Faria Tavares rodrigofariatavares at bol.com.br
Sun Nov 6 02:14:05 UTC 2005 

Pessoal,

I´m configuring Ipsec.conf , with a ip static and a ip dinamic.
Some errors are happenned
 
# Try to up in ip dinamic 

[root at faria ~]# ipsec auto --up velox-to-intrace
104 "velox-to-intrace" #1: STATE_MAIN_I1: initiate
010 "velox-to-intrace" #1: STATE_MAIN_I1: retransmission; will wait 20s for
response
010 "velox-to-intrace" #1: STATE_MAIN_I1: retransmission; will wait 40s for
response

# Status do ip dinamic
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 192.168.0.1
000 interface eth1/eth1 192.168.100.1
000 interface ppp0/ppp0 201.19.126.39
000 %myid = (none)
000 debug dns
000
000 "velox-to-intrace":
192.168.1.0/24===201.19.126.39[@capelete.intrace.net,S=C]---200.217.72.40...200.167.245.71[@faria at home.net,S=C]===192.168.0.0/24;
unrouted; eroute owner: #0
000 "velox-to-intrace":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 0
000 "velox-to-intrace":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24;
interface: ppp0;
000 "velox-to-intrace":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 #1: "velox-to-intrace" STATE_MAIN_I1 (sent MI1, expecting MR1);
EVENT_RETRANSMIT in 17s
000 #1: pending Phase 2 for "velox-to-intrace" replacing #0
000

# secure logs of ip static

Nov  5 16:52:27 capelete pluto[8428]: loading secrets from
"/etc/ipsec.secrets"
Nov  5 16:52:38 capelete pluto[8428]: packet from 201.19.126.39:500: initial
Main Mode message received on 200.167.245.71:500 but no connection has been
authorized

# sattus ip static

000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 200.167.245.71
000 interface eth0:0/eth0:0 192.168.1.6
000 interface eth0:1/eth0:1 192.168.2.1
000 interface eth0:2/eth0:2 192.168.3.1
000 interface eth0:3/eth0:3 192.168.4.1
000 interface eth0:4/eth0:4 192.168.5.1
000 interface eth1/eth1 192.168.1.2
000 %myid = (none)
000 debug dns

# logs of ipsec look (dinamic e static come the messages below)

[root at capelete ~]# ipsec look
capelete.intrace.net Sat Nov  5 17:01:27 BRST 2005
cat: /proc/net/ipsec_spigrp: No such file or directory
cat: /proc/net/ipsec_eroute: No such file or directory
egrep: /proc/net/ipsec_tncfg: No such file or directory
sort: open failed: /proc/net/ipsec_spi: No such file or directory

I put in the firewall al rules, using 500 port, protocol 50 e 51, but nothing happen.

I'm a very confuse with all messages, how i can to up the ipsec ?

Bests regards,

Rodrigo Faria 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-install-list/attachments/20051106/9c7b4756/attachment.htm>

More information about the Redhat-install-list mailing list