From: Peter Teslenko <inkyspot@home.ru> To: Peter Teslenko <community@altlinux.ru> Subject: Re[5]: [Comm] FreeS/WAN Date: Thu, 29 Jul 2004 17:36:56 +0400 Message-ID: <53244741296.20040729173656@home.ru> (raw) In-Reply-To: <151229866437.20040729132830@home.ru> Hello Peter, Может кто-то все-таки в курсе... После всех мытарств имею это. На одной стороне root@relay:/etc# ipsec auto --status 000 interface ipsec0/eth0 81.23.107.58 000 %myid = (none) 000 debug none 000 000 "mcicb-to-kirza": 192.168.1.0/24===81.23.107.58[@relay.mcbfa.ru]---81.23.107.57...82.140.78.49---82.140.78.50[@kirza]===192.168.4.0/24; erouted; eroute owner: #3 000 "mcicb-to-kirza": ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "mcicb-to-kirza": policy: RSASIG+ENCRYPT+PFS+UP; prio: 24,24; interface: eth0; 000 "mcicb-to-kirza": newest ISAKMP SA: #1; newest IPsec SA: #3; 000 000 #3: "mcicb-to-kirza" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 2227s; newest IPSEC; eroute owner 000 #3: "mcicb-to-kirza" esp.839d3fe5@82.140.78.50 esp.f3d562a@81.23.107.58 tun.1004@82.140.78.50 tun.1003@81.23.107.58 000 #2: "mcicb-to-kirza" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 1915s 000 #2: "mcicb-to-kirza" esp.839d3fe4@82.140.78.50 esp.f3d5629@81.23.107.58 tun.1002@82.140.78.50 tun.1001@81.23.107.58 000 #1: "mcicb-to-kirza" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 1913s; newest ISAKMP 000 root@relay:/etc# ipsec look relay Thu Jul 29 17:32:29 MSD 2004 192.168.1.0/24 -> 192.168.4.0/24 => tun0x1004@82.140.78.50 esp0x839d3fe5@82.140.78.50 (0) ipsec0->eth0 mtu=16260(1500)->1500 esp0x839d3fe4@82.140.78.50 ESP_3DES_HMAC_MD5: dir=out src=81.23.107.58 iv_bits=64bits iv=0xdba4202aa496401e ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(1149,0,0) refcount=4 ref=12 esp0x839d3fe5@82.140.78.50 ESP_3DES_HMAC_MD5: dir=out src=81.23.107.58 iv_bits=64bits iv=0x24ee0969fa54db40 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(1121,0,0) refcount=4 ref=22 esp0xf3d5629@81.23.107.58 ESP_3DES_HMAC_MD5: dir=in src=82.140.78.50 iv_bits=64bits iv=0x6c1971b7b874ec50 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(1149,0,0) refcount=4 ref=7 esp0xf3d562a@81.23.107.58 ESP_3DES_HMAC_MD5: dir=in src=82.140.78.50 iv_bits=64bits iv=0x0acc4398258c1634 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(1121,0,0) refcount=4 ref=17 tun0x1001@81.23.107.58 IPIP: dir=in src=82.140.78.50 policy=192.168.4.0/24->192.168.1.0/24 flags=0x8<> life(c,s,h)=addtime(1149,0,0) refcount=4 ref=6 tun0x1002@82.140.78.50 IPIP: dir=out src=81.23.107.58 life(c,s,h)=addtime(1149,0,0) refcount=4 ref=11 tun0x1003@81.23.107.58 IPIP: dir=in src=82.140.78.50 policy=192.168.4.0/24->192.168.1.0/24 flags=0x8<> life(c,s,h)=addtime(1121,0,0) refcount=4 ref=16 tun0x1004@82.140.78.50 IPIP: dir=out src=81.23.107.58 life(c,s,h)=addtime(1121,0,0) refcount=4 ref=21 Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 81.23.107.57 0.0.0.0 UG 0 0 0 eth0 192.168.4.0 81.23.107.57 255.255.255.0 UG 0 0 0 ipsec0 81.23.107.56 0.0.0.0 255.255.255.248 U 0 0 0 eth0 81.23.107.56 0.0.0.0 255.255.255.248 U 0 0 0 ipsec0 root@relay:/etc# ip route ls 81.23.107.56/29 dev eth0 proto kernel scope link src 81.23.107.58 81.23.107.56/29 dev ipsec0 proto kernel scope link src 81.23.107.58 192.168.4.0/24 via 81.23.107.57 dev ipsec0 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1 127.0.0.0/8 dev lo scope link default via 81.23.107.57 dev eth0 metric 1 root@relay:/etc# ip link ls 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:04:75:d6:af:97 brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:04:75:86:b7:9b brd ff:ff:ff:ff:ff:ff 165: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10 link/ether 00:04:75:d6:af:97 brd ff:ff:ff:ff:ff:ff 166: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10 link/void 167: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10 link/void 168: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10 link/void на другой стороне root@kirza-gw:/etc# ipsec auto --status 000 interface ipsec0/eth0 82.140.78.50 000 %myid = (none) 000 debug none 000 000 "mcicb-to-kirza": 192.168.4.0/24===82.140.78.50[@kirza]---82.140.78.49...81.23.107.57---81.23.107.58[@relay.mcbfa.ru]===192.168.1.0/24; erouted; eroute owner: #3 000 "mcicb-to-kirza": ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "mcicb-to-kirza": policy: RSASIG+ENCRYPT+PFS+UP; prio: 24,24; interface: eth0; 000 "mcicb-to-kirza": newest ISAKMP SA: #1; newest IPsec SA: #3; 000 000 #3: "mcicb-to-kirza" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2015s; newest IPSEC; eroute owner 000 #3: "mcicb-to-kirza" esp.f3d562a@81.23.107.58 esp.839d3fe5@82.140.78.50 tun.1004@81.23.107.58 tun.1003@82.140.78.50 000 #2: "mcicb-to-kirza" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 2593s 000 #2: "mcicb-to-kirza" esp.f3d5629@81.23.107.58 esp.839d3fe4@82.140.78.50 tun.1002@81.23.107.58 tun.1001@82.140.78.50 000 #1: "mcicb-to-kirza" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 2592s; newest ISAKMP 000 root@kirza-gw:/etc# ipsec look kirza-gw Thu Jul 29 17:33:33 MSD 2004 192.168.4.0/24 -> 192.168.1.0/24 => tun0x1004@81.23.107.58 esp0xf3d562a@81.23.107.58 (0) ipsec0->eth0 mtu=16260(1500)->1500 esp0x839d3fe4@82.140.78.50 ESP_3DES_HMAC_MD5: dir=in src=81.23.107.58 iv_bits=64bits iv=0x2f15d51807468f83 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(1232,0,0) refcount=4 ref=7 esp0x839d3fe5@82.140.78.50 ESP_3DES_HMAC_MD5: dir=in src=81.23.107.58 iv_bits=64bits iv=0x7db1c68d6b4f0293 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(1204,0,0) refcount=4 ref=17 esp0xf3d5629@81.23.107.58 ESP_3DES_HMAC_MD5: dir=out src=82.140.78.50 iv_bits=64bits iv=0x9c76bb93305216de ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(1232,0,0) refcount=4 ref=12 esp0xf3d562a@81.23.107.58 ESP_3DES_HMAC_MD5: dir=out src=82.140.78.50 iv_bits=64bits iv=0x8d21300139aa0ee0 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(1204,0,0) refcount=4 ref=22 tun0x1001@82.140.78.50 IPIP: dir=in src=81.23.107.58 policy=192.168.1.0/24->192.168.4.0/24 flags=0x8<> life(c,s,h)=addtime(1232,0,0) refcount=4 ref=6 tun0x1002@81.23.107.58 IPIP: dir=out src=82.140.78.50 life(c,s,h)=addtime(1232,0,0) refcount=4 ref=11 tun0x1003@82.140.78.50 IPIP: dir=in src=81.23.107.58 policy=192.168.1.0/24->192.168.4.0/24 flags=0x8<> life(c,s,h)=addtime(1204,0,0) refcount=4 ref=16 tun0x1004@81.23.107.58 IPIP: dir=out src=82.140.78.50 life(c,s,h)=addtime(1204,0,0) refcount=4 ref=21 Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 82.140.78.49 0.0.0.0 UG 0 0 0 eth0 192.168.1.0 82.140.78.49 255.255.255.0 UG 0 0 0 ipsec0 82.140.78.48 0.0.0.0 255.255.255.252 U 0 0 0 eth0 82.140.78.48 0.0.0.0 255.255.255.252 U 0 0 0 ipsec0 root@kirza-gw:/etc# ip route ls 82.140.78.48/30 dev eth0 proto kernel scope link src 82.140.78.50 82.140.78.48/30 dev ipsec0 proto kernel scope link src 82.140.78.50 192.168.4.0/24 dev eth1 proto kernel scope link src 192.168.4.1 192.168.1.0/24 via 82.140.78.49 dev ipsec0 127.0.0.0/8 dev lo scope link default via 82.140.78.49 dev eth0 metric 1 root@kirza-gw:/etc# ip link ls 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:e0:7d:8f:93:3a brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:30:84:3c:54:2f brd ff:ff:ff:ff:ff:ff 12: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10 link/ether 00:e0:7d:8f:93:3a brd ff:ff:ff:ff:ff:ff 13: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10 link/void 14: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10 link/void 15: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10 link/void ping'и не ходят :( Скоро заработаю вывих мозга. -- Peter Teslenko
next prev parent reply other threads:[~2004-07-29 13:36 UTC|newest] Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top 2004-07-20 9:14 [Comm] Создание всех jabber-пользователей скопом community 2004-07-20 9:22 ` Mike Lykov 2004-07-20 9:38 ` community 2004-07-26 14:12 ` [Comm] FreeS/WAN Peter Teslenko 2004-07-26 14:57 ` Maxim Tyurin 2004-07-26 17:34 ` Re[2]: " Peter Teslenko 2004-07-27 2:16 ` Igor Solovyov 2004-07-27 7:54 ` Re[4]: " Peter Teslenko 2004-07-29 9:28 ` Peter Teslenko 2004-07-29 11:35 ` Igor Solovyov 2004-08-08 12:44 ` Maxim Tyurin 2004-08-08 14:57 ` Igor Solovyov 2004-07-29 13:36 ` Peter Teslenko [this message] 2004-07-31 5:04 ` Re[6]: " Dmitry Vodennikov 2004-07-27 3:37 ` Re[3]: " Dmitry Vodennikov
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=53244741296.20040729173656@home.ru \ --to=inkyspot@home.ru \ --cc=community@altlinux.ru \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Community general discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 community community/ http://lore.altlinux.org/community \ mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com public-inbox-index community Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.community AGPL code for this site: git clone https://public-inbox.org/public-inbox.git