freeswan in OE

Gregor Malensek gregor.malensek at abakus.si
Fri Aug 6 09:17:47 CEST 2004 

Zdravo.

Nikakor mi ni jasno, kaj moram narediti, da bi delal freeswan z
opportunistic encryption. Imam inštaliran freeswan 2.01 in sem sledil
navodilom na freeswanovi strani "Quickstart guide to Opportunistic
Encryption - Initiate-only", pa mi vendarle ne dela. Nekaj iz moje
konfiguracije :

# ipsec verify
Version check and ipsec on-path                             [OK]
Checking for KLIPS support in kernel                        [OK]
Checking for RSA private key (/etc/ipsec.secrets)           [OK]
Checking that pluto is running                              [OK]
DNS checks.
Looking for TXT in forward map: gw                          [MISSING]
Does the machine have at least one non-private address      [OK]
Two or more interfaces found, checking IP forwarding        [OK]
Checking NAT and MASQUERADING


# ipsec showhostkey --txt @xyz.fdns.net
; RSA 2192 bits   BSN-xx-xx-xx.dsl.siol.net   Tue Jul 29 14:55:38 2003
        IN      TXT     IN      TXT     "X-IPsec-Server(10)=@xyz.fdns.net" "
AQPH1810be...OYSsJhG/uBE8" "YbeJ...B/T7"

Na strani fdns.net sem rigistriral forward TXT record.

# dig xyz.fdns.net any
; <<>> DiG 9.2.2 <<>> xyz.fdns.net any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52425
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 0

;; QUESTION SECTION:
;xyz.fdns.net.                 IN      ANY

;; ANSWER SECTION:
xyz.fdns.net.          7200    IN      TXT
"X-IPsec-Server(10)=@BSN-xx-xx-xx.dsl.siol.net"
xyz.fdns.net.          7200    IN      A       193.xx.xx.xx

;; AUTHORITY SECTION:
fdns.net.               7200    IN      NS      ns1.dreamwerx.net.
fdns.net.               7200    IN      NS      ns2.dreamwerx.net.
fdns.net.               7200    IN      NS      icmp.vpsn.net.

;; Query time: 239 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Fri Aug  6 09:02:00 2004
;; MSG SIZE  rcvd: 175


root at gw:~# ipsec verify --host doma.fdns.net
Looking for TXT in forward map: xyz.fdns.net               [OK]
Looking for TXT in reverse map: xx.xx.xx.193.in-addr.arpa   [MISSING]

Skonfigurural sem /etc/ipsec.conf

# cat /etc/ipsec.conf
version 2.0
config setup
conn iprivate-or-clear
        leftid=@doma.fdns.net
        also=private-or-clear

# cat /etc/ipsec.d/policies/iprivate-or-clear
0.0.0.0/0

# cat /etc/ipsec.d/policies/private-or-clear
#0.0.0.0/0

Ko poskusim stestirati zadevo : lynx oetest.freeswan.org pa ne dela.

A ima kdo kakšne nasvete izkušnje?

More information about the lugos-list mailing list