VPN IPSEC, erro: multiple ip addresses, using on eth1

1. VPN IPSEC, erro: multiple ip addresses, using on eth1

samuelmiquelino
(usa Ubuntu)

Enviado em 27/08/2015 - 17:57h

Preciso configurar uma vpn com o Banco do Brasil
Configurei o arquivo ipsec.conf assim:





config setup

        nat_traversal=yes

        virtual_private=%v4:170.66.50.0/24,%v4:192.168.0.0/24

        oe=off

        plutodebug=all

        plutostderrlog=/var/log/pluto.log

        interfaces=%defaultroute

        protostack=netkey



conn BancoBrasil

        keyexchange=ike

        auth=esp

        authby=secret

        pfs=yes

        auto=start

        keyingtries=0

        type=tunnel

        ike=aes128-sha1;modp1024!

        ikelifetime=86400s

        phase2alg=aes128-sha1;modp1024

        keylife=4608000s



#MY ADDRS

#       left=192.168.0.1

        left=189.109.x.x

        leftsubnet=192.168.0.0/24

 

#BB ADDRS

        right=170.66.6.31

        rightsubnet=170.66.50.0/24

meu ipsec.secrets está assim:





# This file holds shared secrets or RSA private keys for inter-Pluto

# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.



# RSA private key for this host, authenticating it to any other host

# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,

# or configuration of other implementations, can be extracted conveniently

# with "ipsec showhostkey".



# this file is managed with debconf and will contain the automatically created RSA keys

include /var/lib/openswan/ipsec.secrets.inc

189.109.x.x 170.66.6.31 : PSK "teste123"

As interfaces de redes estão assim:



eth0      Link encap:Ethernet  HWaddr 00:22:b0:52:b7:7f

          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fe80::222:b0ff:fe52:b77f/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:162314025 errors:0 dropped:29272 overruns:0 frame:0

          TX packets:170319155 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:67579190241 (67.5 GB)  TX bytes:151750725196 (151.7 GB)

          Interrupt:17



eth1      Link encap:Ethernet  HWaddr 00:1c:c0:75:e2:cc

          inet addr:189.109.x.x  Bcast:189.109.x.x  Mask:255.255.255.248

          inet6 addr: fe80::21c:c0ff:fe75:e2cc/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:157513976 errors:0 dropped:0 overruns:0 frame:0

          TX packets:136980175 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:140306291791 (140.3 GB)  TX bytes:56195318033 (56.1 GB)

          Interrupt:20 Memory:50300000-50320000



eth1:1    Link encap:Ethernet  HWaddr 00:1c:c0:75:e2:cc

          inet addr:189.109.x.x  Bcast:189.109.x.x  Mask:255.255.255.248

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          Interrupt:20 Memory:50300000-50320000



lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:65536  Metric:1

          RX packets:1646 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1646 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:250240 (250.2 KB)  TX bytes:250240 (250.2 KB)



tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00                                                                                        -00

          inet addr:10.0.0.2  P-t-P:10.0.0.1  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:136731 errors:0 dropped:0 overruns:0 frame:0

          TX packets:121103 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100

          RX bytes:36289019 (36.2 MB)  TX bytes:36279677 (36.2 MB)

Quando vou subir o serviço, aparece:



ipsec_setup: Starting Openswan IPsec U2.6.38/K3.13.0-57-generic...

ipsec_setup: multiple ip addresses, using  189.109.x.x on eth1

Dou um ipsec verify e aparece isto:



Checking your system to see if IPsec got installed and started correctly:

Version check and ipsec on-path                                 [OK]

Linux Openswan U2.6.38/K3.13.0-57-generic (netkey)

Checking for IPsec support in kernel                            [OK]

 SAref kernel support                                           [N/A]

 NETKEY:  Testing XFRM related proc values                      [OK]

        [OK]

        [OK]

Checking that pluto is running                                  [OK]

 Pluto listening for IKE on udp 500                             [OK]

 Pluto listening for NAT-T on udp 4500                          [OK]

Two or more interfaces found, checking IP forwarding            [FAILED]

Checking NAT and MASQUERADEing                                  [OK]

Checking for 'ip' command                                       [OK]

Checking /bin/sh is not /bin/dash                               [WARNING]

Checking for 'iptables' command                                 [OK]

Opportunistic Encryption Support                                [DISABLED]

Tenho uma vpn já rodando com o openvpn, isto influencia?
Desde já agradeço, obrigado.

0 0

Quote

2. Re: VPN IPSEC, erro: multiple ip addresses, using on eth1

stefaniobrunhara
(usa CentOS)

Enviado em 27/08/2015 - 18:30h

Ola

Amigo também estou com dificuldades em subir um túnel, ipsec site to site, se você quiser me chamar no Skype para fazermos teste juntos estou a disposição brunhara(Arroba)msn.com

meu post
http://www.vivaolinux.com.br/topico/servidores-VPN/Centos-63-ipsec-site-to-site-aguardando-fase-2-ph...

0 0

Quote