|
Titel: HOWTO: ipsec road warrior LINUX CLIENT configuratie Bericht door: edwin op Januari 25, 2008, 03:03:51 Om een linux machine te laten connecten via openswan ipsec en NETKEY is de volgende configuratie nodig. (KLIPS werkt wellicht ook in plaats van NETKEY)
Toevoegen aan /etc/ipsec/ipsec.conf: Citaat conn kantoor left=%defaultroute right=kantoor.uwbedrijf.nl rightsubnet=192.168.0.0/24 rightid=192.168.101.250? keyingtries=%forever authby=secret auto=start dpdaction=restart dpddelay=30 Toevoegen aan /etc/ipsec/ipsec.secrets: Citaat : PSK "uwsharedkey" Om te starten: Citaat localhost psy # ipsec setup restart * Starting IPSEC ... ... ipsec_setup: Starting Openswan IPsec U2.4.9/K2.6.23-gentoo-r3..[ ok ] Controleren kan met "ipsec auto --status" en debuggen van fouten kan zo: Citaat localhost psy # ipsec auto --down kantoor localhost psy # ipsec auto --up kantoor 104 "kantoor" #3: STATE_MAIN_I1: initiate 003 "kantoor" #3: ignoring unknown Vendor ID payload [4f3212121434323242] 003 "kantoor" #3: received Vendor ID payload [Dead Peer Detection] 003 "kantoor" #3: received Vendor ID payload [RFC 3947] method set to=110 106 "kantoor" #3: STATE_MAIN_I2: sent MI2, expecting MR2 003 "kantoor" #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed 108 "kantoor" #3: STATE_MAIN_I3: sent MI3, expecting MR3 004 "kantoor" #3: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} 117 "kantoor" #4: STATE_QUICK_I1: initiate 004 "kantoor" #4: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xfe257bc4 <0x5034223 xfrm=AES_0-HMAC_SHA1 NATD=12.13.14.15:4500 DPD=none} |