> Uhm... qui la sintassi dovrebbe essere: (nota il ":" e il "PSK")
>
> 200.0.0.111 82.x.x.x: PSK "chiave"
Ok aggiunto punto e PSK
> Uhm... occorre dire a ipsec di usate il nat traversal? (non l'ho mai
> fatto con il nat traversal)
Il nat cè solo da uno dei due lati esattamente da quello del portatile/woody
Ho provato ad immetterlo in entrambi gli ipsec.conf ma nada.
Purtroppo non son riuscito a trovare degli esempi illuminanti su
nat-traversal.
Oltretutto ho trovato questo sulla mailing list di freeswan:
The "no connection has been authorized" means that there is no connection
description in Linux FreeS/WAN's internal database that can be used to
link your ipsec interface with that peer.
The only parameters that are relevant in this decision are left= and right=
.
Local and remote ports are also taken into account -- we see that the port
is printed in the message above -- but there is no way to control these
in ipsec.conf.
Ho praticamente provato tutte le possibili varianti ma resto perennemente
bloccato al punto di partenza.
Posto ulteriori info non si sà mai.
ipsec auto --status
000 interface ipsec0/eth0 82.88.146.3
000 interface ipsec0/eth0 82.88.146.3
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=168,
keysizemax=168
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000
000 algorithm IKE encrypt: id=65289, name=OAKLEY_SSH_PRIVATE_65289,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=6, name=OAKLEY_CAST_CBC, blocksize=8,
keydeflen=128
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8,
keydeflen=128
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=2, name=OAKLEY_SHA, hashsize=20
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE dh group: id=1, name=OAKLEY_GROUP_MODP768, bits=768
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,1,36}
trans={0,1,96} attrs={0,1,160}
000
000 "portatile":
192.168.1.0/24===82.88.146.3---82.88.146.4...200.0.0.101---200.0.0.111
000 "portatile": CAs: '%any'...'%any'
000 "portatile": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "portatile": policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth0; trap
erouted
000 "portatile": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner:
#0
000 "portatile": IKE algorithms wanted: 5_000-1-5, 5_000-2-5, 5_000-1-2,
5_000-2-2, 5_000-1-1, 5_000-2-1, flags=-strict
000 "portatile": IKE algorithms found: 5_192-1_128-5, 5_192-2_160-5,
5_192-1_128-2, 5_192-2_160-2, 5_192-1_128-1, 5_192-2_160-1,
000 "portatile": ESP algorithms wanted: 3_000-1, 3_000-2, flags=-strict
000 "portatile": ESP algorithms loaded: 3_168-1_128, 3_168-2_160,
000
000 #1: "portatile" STATE_MAIN_I1 (sent MI1, expecting MR1);
EVENT_RETRANSMIT in 27s
000
|