Problema VPN IPSec com túnel [fechado]

Navegue suas respostas
2

Minha conexão IPSec tem problema. Este é o meu diagrama.

ConectarVPNnãoestáOKdeveserreiniciadoIPsec==>OKedepoisdissonãoOK

root@vungtau:~#telnet10.225.198.33900Trying10.225.198.3...telnet:Unabletoconnecttoremotehost:Connectiontimedoutroot@vungtau:~#/etc/init.d/ipsecrestartipsec_setup:StoppingOpenswanIPsec...ipsec_setup:StartingOpenswanIPsecU2.6.38/K3.19.0-25-generic...root@vungtau:~#telnet10.225.198.33900Trying10.225.198.3...Escapecharacteris'^]'.^[$^]telnet>qConnectionclosed.

Epor5mdepois,nãoépossívelfazertelnetpara10.225.198.33900(aVPNdetúnelcontinuaativa)

root@vungtau:~#telnet10.225.198.33900Trying10.225.198.3...telnet:Unabletoconnecttoremotehost:Connectiontimedoutroot@vungtau:~#telnet10.225.198.33900Trying10.225.198.3...telnet:Unabletoconnecttoremotehost:Connectiontimedout

VPNdestatus

IPsecrunning-plutopid:11088plutopid110881tunnelsupsomeeroutesexist

Algumtempodestatusé2ou3ou4ou5ou0túnelUP

IPsecrunning-plutopid:11088plutopid110883tunnelsupsomeeroutesexist

=>OqueaconteceucomminhaconexãoVPNeporquê?Oquepossofazer?

Estaéminhaconfiguração

#/etc/ipsec.conf-OpenswanIPsecconfigurationfile#Thisfile:/usr/share/doc/openswan/ipsec.conf-sample##Manual:ipsec.conf.5version2.0#conformstosecondversionofipsec.confspecification#basicconfigurationconfigsetup#Donotsetdebugoptionstodebugconfigurationissues!#plutodebug/klipsdebug="all", "none" or a combation from below:
    # "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
    # eg:
    # plutodebug="control parsing"
    # Again: only enable plutodebug or klipsdebug when asked by a developer
    #
    # enable to get logs per-peer
    # plutoopts="--perpeerlog"
    #
    # Enable core dumps (might require system changes, like ulimit -C)
    # This is required for abrtd to work properly
    # Note: incorrect SElinux policies might prevent pluto writing the core
    dumpdir=/var/run/pluto/
    #
    # NAT-TRAVERSAL support, see README.NAT-Traversal
    nat_traversal=yes
    # exclude networks used on server side by adding %v4:!a.b.c.0/24
    # It seems that T-Mobile in the US and Rogers/Fido in Canada are
    # using 25/8 as "private" address space on their 3G network.
    # This range has not been announced via BGP (at least upto 2010-12-21)
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
    # OE is now off by default. Uncomment and change to on, to enable.
    oe=off
    # which IPsec stack to use. auto will try netkey, then klips then mast


    #protostack=auto
    protostack=netkey

    # Use this to log to a file, or disable logging on embedded systems (like openwrt)
    #plutostderrlog=/dev/null


conn vpntanza
        authby=secret
        auto=start
        ike=aes128-sha1;modp1024
        ## phase 1 ##
        keyexchange=ike
        ## phase 2 ##
        phase2=esp
        phase2alg=3des,aes
        compress=no
        pfs=yes
        type=tunnel

        #FROM TTV
        left=125.X.X.X.X
        leftsourceip=10.58.82.179
#        leftsourceip=125.X.X.X
        leftsubnet=10.58.82.0/24

        ## for direct routing ##
        leftnexthop=%defaultroute
        rightnexthop=%defaultroute

        #TO 
        right=169.255.X.X
        rightsubnet=10.225.196.0/22


#include /etc/ipsec.d/*.conf
    
por Uncelvel 04.03.2016 / 09:21

0 respostas

Tags

Capture o conteúdo da barra de status do tmux o dispositivo de rede macvlan não se comunica fora do host de dentro de um contêiner