Page -> Diferencia entre revisiones de «IPSEC-Ubuntu» | Vistas : Página Discusión Ver fuente Historial |
De DIT-CDC
Línea 1: | Línea 1: | ||
+ | |||
+ | == Instalación del paquete vpnc == | ||
+ | |||
+ | <pre> | ||
+ | root@flant:~# apt-get install vpnc | ||
+ | </pre> | ||
+ | |||
+ | == Creación de la configuración de vpnc == | ||
<pre> | <pre> | ||
root@flant:~# cat /etc/vpnc/vpnc.conf | root@flant:~# cat /etc/vpnc/vpnc.conf | ||
IPSec gateway 138.4.5.199 | IPSec gateway 138.4.5.199 | ||
− | IPSec ID usuario_comun | + | IPSec ID <usuario_comun> |
− | IPSec secret passwd_comun | + | IPSec secret <passwd_comun> |
− | Xauth username | + | Xauth username <usuario> |
− | #Xauth password | + | #Xauth <password> |
IKE DH Group dh2 | IKE DH Group dh2 | ||
root@flant:~# | root@flant:~# | ||
+ | </pre> | ||
+ | == Comprobación del funcionamiento en modo debug (usar cuando hay problemas) == | ||
+ | <pre> | ||
root@flant:~# vpnc --debug 2 /etc/vpnc/vpnc.conf | root@flant:~# vpnc --debug 2 /etc/vpnc/vpnc.conf | ||
Enter password for omar@138.4.5.199: | Enter password for omar@138.4.5.199: |
Revisión de 12:57 22 mayo 2012
Instalación del paquete vpnc
root@flant:~# apt-get install vpnc
Creación de la configuración de vpnc
root@flant:~# cat /etc/vpnc/vpnc.conf IPSec gateway 138.4.5.199 IPSec ID <usuario_comun> IPSec secret <passwd_comun> Xauth username <usuario> #Xauth <password> IKE DH Group dh2 root@flant:~#
Comprobación del funcionamiento en modo debug (usar cuando hay problemas)
root@flant:~# vpnc --debug 2 /etc/vpnc/vpnc.conf Enter password for omar@138.4.5.199: vpnc version 0.5.3 S1 init_sockaddr [2012-05-14 18:59:19] S2 make_socket [2012-05-14 18:59:19] S3 setup_tunnel [2012-05-14 18:59:19] using interface tun0 S4 do_phase1_am [2012-05-14 18:59:19] S4.1 create_nonce [2012-05-14 18:59:19] S4.2 dh setup [2012-05-14 18:59:19] S4.3 AM packet_1 [2012-05-14 18:59:19] S4.4 AM_packet2 [2012-05-14 18:59:19] (Cisco Unity) (DPD) (unknown) (Xauth) (Nat-T 02N) got ike lifetime attributes: 2147483 seconds IKE SA selected psk+xauth-3des-sha1 peer is DPD capable (RFC3706) peer is NAT-T capable (draft-02)\n peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery payloads NAT status: NAT-T VID seen, no NAT device detected S4.5 AM_packet3 [2012-05-14 18:59:19] S4.6 cleanup [2012-05-14 18:59:19] S5 do_phase2_xauth [2012-05-14 18:59:19] S5.1 xauth_request [2012-05-14 18:59:19] S5.2 notice_check [2012-05-14 18:59:19] got ike lifetime attributes: 86400 seconds S5.3 type-is-xauth check [2012-05-14 18:59:19] S5.4 xauth type check [2012-05-14 18:59:19] S5.5 do xauth reply [2012-05-14 18:59:19] S5.2 notice_check [2012-05-14 18:59:19] S5.3 type-is-xauth check [2012-05-14 18:59:19] S5.6 process xauth set [2012-05-14 18:59:19] S5.7 send xauth ack [2012-05-14 18:59:19] S5.8 xauth done [2012-05-14 18:59:19] S6 do_phase2_config [2012-05-14 18:59:19] S6.1 phase2_config send modecfg [2012-05-14 18:59:19] S6.2 phase2_config receive modecfg [2012-05-14 18:59:19] got save password setting: 0 got 1 acls for split include acl 0: addr: 138.4.0.0/ 255.255.0.0 (16), protocol: 0, sport: 0, dport: 0 Remote Application Version: Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(18), RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Fri 30-Nov-07 16:36 by prod_rel_team got address 138.4.6.9 S7 setup_link (phase 2 + main_loop) [2012-05-14 18:59:19] S7.0 run interface setup script [2012-05-14 18:59:19] S7.1 QM_packet1 [2012-05-14 18:59:19] S7.2 QM_packet2 send_receive [2012-05-14 18:59:19] S7.3 QM_packet2 validate type [2012-05-14 18:59:19] S7.5 QM_packet2 check reject offer [2012-05-14 18:59:19] S7.6 QM_packet2 check and process proposal [2012-05-14 18:59:19] got ipsec lifetime attributes: 2147483 seconds IPSEC SA selected 3des-md5 got ipsec lifetime attributes: 86400 seconds got ipsec lifetime attributes: 4608000 kilobyte S7.7 QM_packet3 sent [2012-05-14 18:59:19] S7.8 setup ipsec tunnel [2012-05-14 18:59:19] S7.9 main loop (receive and transmit ipsec packets) [2012-05-14 18:59:19] remote -> local spi: 0x4562f047 local -> remote spi: 0x4356aedd VPNC started in background (pid: 12525)... root@flant:~# killall vpnc root@flant:~# ifconfig gre0 down root@flant:~#