Weihnachtsmann
20.11.02, 09:27
Hallo
um unser WLAN zu schützen hab ich auf zwei Rechner jeweils eine Debian 3.0 mit aktuellem Kernel 2.4.19 und Freeswan 1.99 installiert. Die Konfiguration scheint zu Funktionieren, da die Verbindung hergestellt wird. Mein Problem ist jetzt, dass alle ausgehenden Pakete auf ipsec0 gedroppt werden
Hier die debug Meludungen:
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0.
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_tunnel_hard_header: Revectored 0x00000000->0xcf1e0228 len=84 type=2048 dev=ipsec0->eth1 dev_addr=00:50:ba:f2:ce:be ip=0a0a0001->c0a88487
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_tunnel_start_xmit: >>> skb->len=98 hard_header_len:14 00:50:ba:f2:ce:be:00:50:ba:f2:ce:be:08:00
Nov 19 15:45:59 vpn-kh kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:84 id:0 DF frag_off:0 ttl:64 proto:1 (ICMP) chk:60270 saddr:10.10.0.1 daddr:192.168.132.135 type:code=8:0
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_findroute: 10.10.0.1->192.168.132.135
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: * See if we match exactly as a host destination
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: ** try to match a leaf, t=0xceedf980
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: *** start searching up the tree, t=0xceedf980
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: **** t=0xceedf998
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: **** t=0xcea812c0
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: ***** cp2=0xcf253218 cp3=0xce7521b0
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: ***** not found.
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_tunnel_start_xmit: checking for local udp/500 IKE packet saddr=a0a0001, er=00000000, daddr=c0a88487, er_dst=0, proto=1 sport=0 dport=0
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_tunnel_start_xmit: Original head,tailroom: 2,28
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_tunnel_start_xmit: shunt SA of DROP or no eroute: dropping.
und hier noch die config:
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# basic configuration
config setup
interfaces="ipsec0=eth1"
klipsdebug=all
plutodebug=all
plutoload=%search
plutostart=%search
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%dnsondemand
rightrsasigkey=%dnsondemand
conn net-net
# Left security gateway, subnet behind it, next hop toward right.
left=10.10.0.1
leftid=@net1.domain.de
leftsubnet=192.168.122.0/24
leftrsasigkey=0sAQN......
# Right security gateway, subnet behind it, next hop toward left.
right=10.10.0.2
rightid=@net2.domain.de
rightsubnet=192.168.132.0/24
rightrsasigkey=0sAQN...
auto=start
um unser WLAN zu schützen hab ich auf zwei Rechner jeweils eine Debian 3.0 mit aktuellem Kernel 2.4.19 und Freeswan 1.99 installiert. Die Konfiguration scheint zu Funktionieren, da die Verbindung hergestellt wird. Mein Problem ist jetzt, dass alle ausgehenden Pakete auf ipsec0 gedroppt werden
Hier die debug Meludungen:
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0.
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_tunnel_hard_header: Revectored 0x00000000->0xcf1e0228 len=84 type=2048 dev=ipsec0->eth1 dev_addr=00:50:ba:f2:ce:be ip=0a0a0001->c0a88487
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_tunnel_start_xmit: >>> skb->len=98 hard_header_len:14 00:50:ba:f2:ce:be:00:50:ba:f2:ce:be:08:00
Nov 19 15:45:59 vpn-kh kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:84 id:0 DF frag_off:0 ttl:64 proto:1 (ICMP) chk:60270 saddr:10.10.0.1 daddr:192.168.132.135 type:code=8:0
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_findroute: 10.10.0.1->192.168.132.135
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: * See if we match exactly as a host destination
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: ** try to match a leaf, t=0xceedf980
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: *** start searching up the tree, t=0xceedf980
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: **** t=0xceedf998
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: **** t=0xcea812c0
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: ***** cp2=0xcf253218 cp3=0xce7521b0
Nov 19 15:45:59 vpn-kh kernel: klips_debug:rj_match: ***** not found.
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_tunnel_start_xmit: checking for local udp/500 IKE packet saddr=a0a0001, er=00000000, daddr=c0a88487, er_dst=0, proto=1 sport=0 dport=0
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_tunnel_start_xmit: Original head,tailroom: 2,28
Nov 19 15:45:59 vpn-kh kernel: klips_debug:ipsec_tunnel_start_xmit: shunt SA of DROP or no eroute: dropping.
und hier noch die config:
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# basic configuration
config setup
interfaces="ipsec0=eth1"
klipsdebug=all
plutodebug=all
plutoload=%search
plutostart=%search
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%dnsondemand
rightrsasigkey=%dnsondemand
conn net-net
# Left security gateway, subnet behind it, next hop toward right.
left=10.10.0.1
leftid=@net1.domain.de
leftsubnet=192.168.122.0/24
leftrsasigkey=0sAQN......
# Right security gateway, subnet behind it, next hop toward left.
right=10.10.0.2
rightid=@net2.domain.de
rightsubnet=192.168.132.0/24
rightrsasigkey=0sAQN...
auto=start