[BSD] ipsec + route

Gabor HALASZ halasz.g at freemail.hu
2012. Feb. 19., V, 14:21:37 CET 

Helo!

Ugyes voltam, csinaltam egy olyan asszimetrikus vpn-t, hogy azt sem 
ertem, mit rontottam el :) Igy nez ki:

lanA: 192.168.33.0
FreeBSD9A: 192.168.33.5 es 89.133.8.240 (dinamikus)
FreeBSD9B: w.x.y.z (statikus public) es 192.168.192.168
LanB: 192.168.192.0

Lan A-n levo windows kezdemenyezi a kapcsolatot, FreeBSD9A 
osszekapcsolodik a FreeBSD9B-vel, Lan A gepei mountolni tudjak a 
FreeBSD9B samba megosztasait. A LanA-rol lehet pingelni a FreeBSD9B-t:

Z:\>ping 192.168.192.168

Pinging 192.168.192.168 with 32 bytes of data:
Request timed out.
Reply from 192.168.192.168: bytes=32 time=21ms TTL=63
Reply from 192.168.192.168: bytes=32 time=21ms TTL=63
Reply from 192.168.192.168: bytes=32 time=18ms TTL=63

Ping statistics for 192.168.192.168:
     Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
     Minimum = 18ms, Maximum = 21ms, Average = 20ms

A FreeBSD9A-rol lehet pingelin a FreeBSD9B-t.

[FreeBSD9A]/root# ping -c2 192.168.192.168
PING 192.168.192.168 (192.168.192.168): 56 data bytes
64 bytes from 192.168.192.168: icmp_seq=0 ttl=64 time=44.569 ms
64 bytes from 192.168.192.168: icmp_seq=1 ttl=64 time=17.190 ms

--- 192.168.192.168 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 17.190/30.880/44.569/13.690 ms

Na de FreeBSD9B-rol nem lehet pingelni a FreeBSD9A-t:

[FreeBSD9B]/root# ping -c2 192.168.33.5
PING 192.168.33.5 (192.168.33.5): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host

--- 192.168.33.5 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss

A LanB-n nincs gep jelenleg, onnan nem tudom kiprobalni.

A route a ket FreeBSD gepen szimmetrikus:

[FreeBSD9A]/root# netstat -rn | grep 192.168.192
192.168.192.0/24   192.168.33.5       US          0       49    re0

[FreeBSD9B]/root# netstat -rn | grep 192.168.33
192.168.33.0/24    192.168.192.168    US          0        0   nfe0

A ket SP db is szimmetrikus:

[FreeBSD9A]/root# setkey -DP
192.168.192.0/24[any] 192.168.33.0/24[any] any
         in ipsec
         esp/tunnel/w.x.y.z.134-89.133.8.240/require
         spid=2 seq=1 pid=3180
         refcnt=1
192.168.33.0/24[any] 192.168.192.0/24[any] any
         out ipsec
         esp/tunnel/89.133.8.240-w.x.y.z/require
         spid=1 seq=0 pid=3180
         refcnt=1

[FreeBSD9B]/root# setkey -DP
192.168.33.0/24[any] 192.168.192.0/24[any] any
         in ipsec
         esp/tunnel/89.133.8.240-w.x.y.z/require
         spid=50 seq=1 pid=38964
         refcnt=1
192.168.192.0/24[any] 192.168.33.0/24[any] any
         out ipsec
         esp/tunnel/w.x.y.z-89.133.8.240/require
         spid=49 seq=0 pid=38964
         refcnt=1


Szoval valami otlet kellene, mit is neztem el ennyire?! Foleg a no route 
to host gyanus nekem.


-- 
Gabor HALASZ <halasz.g at freemail.hu>

További információk a(z) BSD levelezőlistáról