From: Igor Solovyov <gosha@zkb.ru>
To: Community <community@altlinux.ru>
Subject: [Comm] IPSec help need
Date: Sat, 12 Jul 2003 13:51:49 +0600
Message-ID: <20030712135149.71cdf32b.gosha@zkb.ru> (raw)
Hi All!
Возникли некотрые вопросы:
Пытаюсь поднять ipsec, прописал /etc/ipsec.conf:
# basic configuration
config setup
interfaces="ipsec0=eth2:0"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn My_Conn
type=tunnel
left=xxx.xxx.xxx.2
leftsubnet=192.168.63.0/24
leftnexthop=xxx.xxx.xxx.1
right=yyy.yyy.yyy.2
rightsubnet=192.168.31.0/24
rightnexthop=yyy.yyy.yyy.1
auth=esp
spibase=0x200
esp=3des-md5-96
keyexchange=ike
keylife=8h
keyingtries=0
auto=add
А в /etc/ipsec.conf:
xxx.xxx.xxx.2 yyy.yyy.yyy.2: PSK "My_Very_Secure_Key"
стартую - service ipsec start, а в логах вижу:
WARNING: ipsec0 has route filtering turned on, KLIPS
may not work (/proc/sys/net/ipv4/conf/ipsec0/rp_filter = `1',
should be 0)
Вопрос 1:
Интересно как это я должен сделать
/proc/sys/net/ipv4/conf/ipsec0/rp_filter=0
если интерфейс ipsec0 до старта ipsec еще не существует?
Я закинул туда 0 уже после поднятия ipsec0, это правильно?
далее делаю:
# ipsec manual --up My_Conn
получаю:
/usr/lib/ipsec/spi --label My_Conn: Trouble building key_a
extension, error=-22.
Вопрос 2: что я сделал неправильно?
--
Best regards!
Igor Solovyov
System/network administrator
JSC CB "Zlatkombank"
next reply other threads:[~2003-07-12 7:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-12 7:51 Igor Solovyov [this message]
2003-07-15 8:06 ` svgol
2003-07-15 17:02 ` Igor Solovyov
2003-07-16 9:56 ` svgol
2003-07-16 10:53 ` Dmitriy Gnidchenko
2003-07-16 11:18 ` Igor Solovyov
2003-07-16 11:44 ` Dmitriy Gnidchenko
2003-07-16 15:56 ` Igor Solovyov
2003-07-16 16:23 ` Dmitriy Gnidchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030712135149.71cdf32b.gosha@zkb.ru \
--to=gosha@zkb.ru \
--cc=community@altlinux.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git