Page -> IPSEC-Ubuntu Vistas :  Página  Discusión  Ver fuente  Historial 

De DIT-CDC

Instalación del paquete vpnc

root@flant:~# apt-get install vpnc

Creación de la configuración de vpnc

root@flant:~# cat /etc/vpnc/vpnc.conf
IPSec gateway 138.4.5.199
IPSec ID <usuario_grupo>
IPSec secret <passwd_grupo>
Xauth username <usuario>
#Xauth <password>
IKE DH Group dh2
root@flant:~#

Comprobación del funcionamiento en modo debug (usar cuando hay problemas)

root@flant:~# vpnc --debug 2 /etc/vpnc/vpnc.conf
Enter password for usuario@138.4.5.199:

vpnc version 0.5.3

S1 init_sockaddr
 [2012-05-14 18:59:19]

S2 make_socket
 [2012-05-14 18:59:19]

S3 setup_tunnel
 [2012-05-14 18:59:19]
   using interface tun0

S4 do_phase1_am
 [2012-05-14 18:59:19]

S4.1 create_nonce
 [2012-05-14 18:59:19]

S4.2 dh setup
 [2012-05-14 18:59:19]

S4.3 AM packet_1
 [2012-05-14 18:59:19]

S4.4 AM_packet2
 [2012-05-14 18:59:19]
   (Cisco Unity)
   (DPD)
   (unknown)
   (Xauth)
   (Nat-T 02N)
   got ike lifetime attributes: 2147483 seconds
   IKE SA selected psk+xauth-3des-sha1
   peer is DPD capable (RFC3706)
   peer is NAT-T capable (draft-02)\n
   peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery 
payloads
   peer is using type 130 (ISAKMP_PAYLOAD_NAT_D_OLD) for NAT-Discovery 
payloads
   NAT status: NAT-T VID seen, no NAT device detected

S4.5 AM_packet3
 [2012-05-14 18:59:19]

S4.6 cleanup
 [2012-05-14 18:59:19]

S5 do_phase2_xauth
 [2012-05-14 18:59:19]

S5.1 xauth_request
 [2012-05-14 18:59:19]

S5.2 notice_check
 [2012-05-14 18:59:19]
   got ike lifetime attributes: 86400 seconds

S5.3 type-is-xauth check
 [2012-05-14 18:59:19]

S5.4 xauth type check
 [2012-05-14 18:59:19]

S5.5 do xauth reply
 [2012-05-14 18:59:19]

S5.2 notice_check
 [2012-05-14 18:59:19]

S5.3 type-is-xauth check
 [2012-05-14 18:59:19]

S5.6 process xauth set
 [2012-05-14 18:59:19]

S5.7 send xauth ack
 [2012-05-14 18:59:19]

S5.8 xauth done
 [2012-05-14 18:59:19]

S6 do_phase2_config
 [2012-05-14 18:59:19]

S6.1 phase2_config send modecfg
 [2012-05-14 18:59:19]

S6.2 phase2_config receive modecfg
 [2012-05-14 18:59:19]
   got save password setting: 0
   got 1 acls for split include
   acl 0:    addr: 138.4.0.0/   255.255.0.0    (16),    protocol: 0,    
sport: 0,    dport: 0
   Remote Application Version:    Cisco IOS Software, 2800 Software 
(C2800NM-ADVIPSERVICESK9-M), Version 12.4(18), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Fri 30-Nov-07 16:36 by prod_rel_team
   got address 138.4.6.9

S7 setup_link (phase 2 + main_loop)
 [2012-05-14 18:59:19]

S7.0 run interface setup script
 [2012-05-14 18:59:19]

S7.1 QM_packet1
 [2012-05-14 18:59:19]

S7.2 QM_packet2 send_receive
 [2012-05-14 18:59:19]

S7.3 QM_packet2 validate type
 [2012-05-14 18:59:19]

S7.5 QM_packet2 check reject offer
 [2012-05-14 18:59:19]

S7.6 QM_packet2 check and process proposal
 [2012-05-14 18:59:19]
   got ipsec lifetime attributes: 2147483 seconds
   IPSEC SA selected 3des-md5
   got ipsec lifetime attributes: 86400 seconds
   got ipsec lifetime attributes: 4608000 kilobyte

S7.7 QM_packet3 sent
 [2012-05-14 18:59:19]

S7.8 setup ipsec tunnel
 [2012-05-14 18:59:19]

S7.9 main loop (receive and transmit ipsec packets)
 [2012-05-14 18:59:19]
   remote -> local spi: 0x4562f047
   local -> remote spi: 0x4356aedd
VPNC started in background (pid: 12525)...

Cerrar el túnel

root@flant:~# killall vpnc
root@flant:~# ifconfig gre0 down
root@flant:~#



Navegación
Herramientas personales