Cliente VPN no Ubuntu para SonicWALL

1. Cliente VPN no Ubuntu para SonicWALL

Sadrake Gabriel Silva
sadrake

(usa Ubuntu)

Enviado em 17/04/2015 - 11:17h

Olá pessoal,

Estou tentando conectar em VPN da SonicWALL utilizando openswan, mas não estou conseguindo.

obs.: Segui um tutorial colocado no final do tópico.

Esse é o meu arquivo /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file

# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5


version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
# Do not set debug options to debug configuration issues!
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
# eg:
# plutodebug="control parsing"
# Again: only enable plutodebug or klipsdebug when asked by a developer
#
# enable to get logs per-peer
# plutoopts="--perpeerlog"
#
# Enable core dumps (might require system changes, like ulimit -C)
# This is required for abrtd to work properly
# Note: incorrect SElinux policies might prevent pluto writing the core
dumpdir=/var/run/pluto/
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
# exclude networks used on server side by adding %v4:!a.b.c.0/24
# It seems that T-Mobile in the US and Rogers/Fido in Canada are
# using 25/8 as "private" address space on their 3G network.
# This range has not been announced via BGP (at least upto 2010-12-21)
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
# OE is now off by default. Uncomment and change to on, to enable.
oe=off
# which IPsec stack to use. auto will try netkey, then klips then mast
protostack=netkey
# Use this to log to a file, or disable logging on embedded systems (like openwrt)
#plutostderrlog=/dev/null

# Add connections here

# sample VPN connection
# for more examples, see /etc/ipsec.d/examples/
#conn sample
# # Left security gateway, subnet behind it, nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it,
# # at startup, uncomment this.
# #auto=add

conn <MINHA_VPN>
type=tunnel
leftid=@GroupVPN
left=<MEU_IP>
leftxauthclient=yes
right=<IP_CLIENTE>
rightsubnet=10.100.100.0/24
rightxauthserver=yes
rightid=<IP_CLIENTE>
authby=secret
auto=add
auth=esp
esp=3des-sha1
ike=3des-sha1-modp1024
pfs=yes
keyingtries=0
keyexchange=ike


Esse é o meu arquivo /etc/ipsec.secrets:
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".

# this file is managed with debconf and will contain the automatically created RSA keys
include /var/lib/openswan/ipsec.secrets.inc
@GroupVPN <IP_CLIENTE> : PSK <CHAVE_VPN>


Quando tento conectar:
sadrake@ubuntu:~$ sudo ipsec whack --name <MINHA_VPN> --initiate
sadrake@ubuntu:~$ sudo ipsec whack --name <MINHA_VPN> --initiate
002 "<MINHA_VPN>" #1: initiating Main Mode
104 "<MINHA_VPN>" #1: STATE_MAIN_I1: initiate
003 "<MINHA_VPN>" #1: ignoring unknown Vendor ID payload [5b362bc820f60007]
003 "<MINHA_VPN>" #1: received Vendor ID payload [RFC 3947] method set to=115
002 "<MINHA_VPN>" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
002 "<MINHA_VPN>" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "<MINHA_VPN>" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "<MINHA_VPN>" #1: ignoring Vendor ID payload [Sonicwall 1 (TZ 170 Standard?)]
003 "<MINHA_VPN>" #1: received Vendor ID payload [XAUTH]
003 "<MINHA_VPN>" #1: received Vendor ID payload [Dead Peer Detection]
003 "<MINHA_VPN>" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): i am NATed
002 "<MINHA_VPN>" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "<MINHA_VPN>" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "<MINHA_VPN>" #1: received 1 malformed payload notifies
003 "<MINHA_VPN>" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "<MINHA_VPN>" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
002 "<MINHA_VPN>" #1: received 2 malformed payload notifies
003 "<MINHA_VPN>" #1: discarding duplicate packet; already STATE_MAIN_I3
010 "<MINHA_VPN>" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
002 "<MINHA_VPN>" #1: received 3 malformed payload notifies
003 "<MINHA_VPN>" #1: discarding duplicate packet; already STATE_MAIN_I3
031 "<MINHA_VPN>" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
000 "<MINHA_VPN>" #1: starting keying attempt 2 of an unlimited number, but releasing whack


Acredito que estou configurando alguma coisa errada.
Alguém tem experiência com isto e pode me ajudar?

Obrigado.

Links: http://www.mastercssa.com.br/cliente-vpn-no-linux-para-sonicwall/
http://www.pelagodesign.com/blog/2009/05/18/ubuntu-linux-how-to-setup-a-vpn-connection-to-a-sonicwal...


  






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts