Üdv<br><br>Következő a problémám:<br><br>Van egy gép amin szeretnék vpn-t üzemeltetni, hogy azon keresztül tudjak biztonságosan internetezni. Ennek a leírásnak megfelelően felconfigoltam az A gépet <a href="http://www.techbabu.com/2009/10/ipsec-freebsd/">http://www.techbabu.com/2009/10/ipsec-freebsd/</a> azonban amikor el akarom indítani a racoon-t ezt kapom:<br>
<br>2010-08-31 12:44:01: INFO: @(#)ipsec-tools 0.7.3 (<a href="http://ipsec-tools.sourceforge.net">http://ipsec-tools.sourceforge.net</a>)<br>2010-08-31 12:44:01: INFO: @(#)This product linked OpenSSL 0.9.8n 24 Mar 2010 (<a href="http://www.openssl.org/">http://www.openssl.org/</a>)<br>
2010-08-31 12:44:01: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf"<br>2010-08-31 12:44:01: DEBUG: hmac(modp1024)<br>2010-08-31 12:44:01: DEBUG: hmac(modp1024)<br>2010-08-31 12:44:01: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.<br>
2010-08-31 12:44:01: DEBUG: getsainfo params: loc='ANONYMOUS', rmt='ANONYMOUS', peer='NULL', id=0<br>2010-08-31 12:44:01: DEBUG: getsainfo pass #2<br>2010-08-31 12:44:01: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.<br>
2010-08-31 12:44:01: DEBUG: getsainfo params: loc='172.17.1.254', rmt='172.18.1.254', peer='NULL', id=0<br>2010-08-31 12:44:01: DEBUG: getsainfo pass #2<br>2010-08-31 12:44:01: DEBUG: evaluating sainfo: loc='ANONYMOUS', rmt='ANONYMOUS', peer='ANY', id=0<br>
2010-08-31 12:44:01: ERROR: failed to bind to address 172.17.1.254[500] (Can't assign requested address).<br>2010-08-31 12:44:01: ERROR: no address could be bound.<br><br>A setkey -DP parancsra pedig:<br><br><a href="http://10.0.0.0/24[any]">10.0.0.0/24[any]</a> <a href="http://10.246.38.0/24[any]">10.246.38.0/24[any]</a> any<br>
        in ipsec<br>        esp/tunnel/192.168.1.12-172.16.5.4/use<br>        spid=2 seq=1 pid=5187<br>        refcnt=1<br><a href="http://10.246.38.0/24[any]">10.246.38.0/24[any]</a> <a href="http://10.0.0.0/24[any]">10.0.0.0/24[any]</a> any<br>
        out ipsec<br>        esp/tunnel/172.16.5.4-192.168.1.12/use<br>        spid=1 seq=0 pid=5187<br>        refcnt=1<br><br>Ami nem jó, mert a setkey.conf-ban ez van:<br><br>flush;<br>spdflush;<br>spdadd <a href="http://172.17.1.254/32">172.17.1.254/32</a> <a href="http://172.18.1.254/32">172.18.1.254/32</a> ipencap -P out ipsec esp/tunnel/192.168.1.1-192.168.2.1/require;<br>
spdadd <a href="http://172.18.1.254/32">172.18.1.254/32</a> <a href="http://172.17.1.254/32">172.17.1.254/32</a> ipencap -P in ipsec esp/tunnel/192.168.2.1-192.168.1.1/require;<br><br>ifconfig gif0 kimenete:<br><br>gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280<br>
        tunnel inet 172.17.1.254 --> 172.18.1.254<br>        inet6 fe80::219:dbff:fe62:626a%gif0 prefixlen 64 scopeid 0x3<br>        inet 192.168.1.1 --> 192.168.2.1 netmask 0xffffff00<br>        nd6 options=3<PERFORMNUD,ACCEPT_RTADV><br>
        options=1<ACCEPT_REV_ETHIP_VER><br><br>racoon.conf tatalma:<br><br>path    pre_shared_key "/usr/local/etc/racoon/psk.txt";<br>log     debug;<br><br>padding<br>{<br>        maximum_length  20;<br>        randomize       off;<br>
        strict_check    off;<br>        exclusive_tail  off;<br>}<br>listen<br>{<br>        isakmp 172.17.1.254[500];<br>}<br>timer<br>{<br>        counter         5;<br>        interval        20 sec;<br>        persend         1;<br>
#       natt_keepalive  15 sec;<br>        phase1          30 sec;<br>        phase2          15 sec;<br>}<br><br>remote anonymous<br>{<br>        exchange_mode main,aggressive;<br>        doi ipsec_doi;<br>        situation identity_only;<br>
        my_identifier asn1dn;<br>        certificate_type x509 "my.cert.pem" "my.key.pem";<br>        nonce_size 16;<br>        initial_contact on;<br>        proposal_check obey;    # obey, strict, or claim<br>
        proposal {<br>                encryption_algorithm 3des;<br>                hash_algorithm sha1;<br>                authentication_method rsasig;<br>                dh_group 2;<br>        }<br>}<br><br>remote 172.18.1.254[500]<br>
{<br>        exchange_mode   main,aggressive;<br>        doi             ipsec_doi;<br>        situation       identity_only;<br>        my_identifier   address 172.16.5.4;<br>        peers_identifier        address 192.168.1.12;<br>
        lifetime        time 8 hour;<br>        passive         off;<br>        proposal_check  obey;<br>#       nat_traversal   off;<br>        generate_policy off;<br><br>                        proposal {<br>                                encryption_algorithm    blowfish;<br>
                                hash_algorithm          sha1;<br>                                authentication_method   pre_shared_key;<br>                                lifetime time           30 sec;<br>                                dh_group                2;<br>
                        }<br>}<br><br>sainfo anonymous<br>{<br>        pfs_group 2;<br>        encryption_algorithm 3des;<br>        authentication_algorithm hmac_sha1;<br>        compression_algorithm deflate;<br>}<br>sainfo address 172.17.1.254 any address 172.18.1.254 any<br>
{<br>        pfs_group 1;<br>        lifetime time 3600 sec;<br>        encryption_algorithm blowfish;<br>        authentication_algorithm hmac_md5;<br>        compression_algorithm deflate;<br>}<br><br><br>Több hónapja próbálok létrehozni egy VPN kapcsolatot de nem sikerül egyik leírás szerint sem. Ötlet?<br>