Openswan conexão Banco do Brasil

1. Openswan conexão Banco do Brasil

Teodoro Elias Yemal
teoyemal61

(usa Debian)

Enviado em 29/10/2013 - 14:26h

Boa tarde,

Preciso de ajuda para uma conexão VPN IPSec com o Banco do Brasil, usando Debian Squeeze e Openswan. Alguém já fez essa conexão ou outra parecida para me ajudar.


  


2. Re: Openswan conexão Banco do Brasil

Estefanio Brunhara
stefaniobrunhara

(usa CentOS)

Enviado em 29/10/2013 - 17:03h

Nunca fiz, mas como seria a ponta do lado do banco é maquina com Linux ou roteador?


3. Openswan conexão Banco do Brasil

Teodoro Elias Yemal
teoyemal61

(usa Debian)

Enviado em 29/10/2013 - 20:12h

Do outro lado é um roteador Cisco


4. Re: Openswan conexão Banco do Brasil

euteste da silva
foxbit3r

(usa Solaris)

Enviado em 29/10/2013 - 20:19h

Vc vai precisar do endereço Ip para conectar que está na outra ponta e provavelmente vc deve configurar um a Pre-SharedKey ( PSK ) para fechar a VPN.


5. Openswan conexão Banco do Brasil

Teodoro Elias Yemal
teoyemal61

(usa Debian)

Enviado em 05/11/2013 - 14:04h

Boa tarde, fiz as configurações do openswan mas ainda ficou erros, segue a baixo o log,
por favor que puder me ajudar agradeço

Plutorun started on Tue Nov 5 13:59:16 BRST 2013
adjusting ipsec.d to /etc/ipsec.d
Starting Pluto (Openswan Version 2.6.28; Vendor ID OEQ{O\177nez{CQ) pid:19600
SAref support [disabled]: Protocol not available
SAbind support [disabled]: Protocol not available
Setting NAT-Traversal port-4500 floating to on
port floating activation criteria nat_t=1/port_float=1
NAT-Traversal support [enabled]
using /dev/urandom as source of random entropy
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
no helpers will be started, all cryptographic operations will be done inline
Using Linux 2.6 IPsec interface code on 2.6.32-5-amd64 (experimental code)
ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
ike_alg_add(): ERROR: Algorithm already exists
ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
ike_alg_add(): ERROR: Algorithm already exists
ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
ike_alg_add(): ERROR: Algorithm already exists
ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
ike_alg_add(): ERROR: Algorithm already exists
ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
ike_alg_add(): ERROR: Algorithm already exists
ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
Changed path to directory '/etc/ipsec.d/cacerts'
Changed path to directory '/etc/ipsec.d/aacerts'
Changed path to directory '/etc/ipsec.d/ocspcerts'
Changing to directory '/etc/ipsec.d/crls'
Warning: empty directory
added connection description "bbrasil"
listening for IKE messages
NAT-Traversal: Trying new style NAT-T
NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19)
NAT-Traversal: Trying old style NAT-T
adding interface eth1/eth1 189.19.84.251:500
adding interface eth1/eth1 189.19.84.251:4500
adding interface eth0/eth0 10.25.51.250:500
adding interface eth0/eth0 10.25.51.250:4500
adding interface lo/lo 127.0.0.1:500
adding interface lo/lo 127.0.0.1:4500
adding interface lo/lo ::1:500
loading secrets from "/etc/ipsec.secrets"
loading secrets from "/var/lib/openswan/ipsec.secrets.inc"
"bbrasil" #1: initiating Main Mode
"bbrasil" #1: ignoring unknown Vendor ID payload [0516dc8a882c54a56690dc05bdda3b9ec805e586120000001e060000]
"bbrasil" #1: received Vendor ID payload [Dead Peer Detection]
"bbrasil" #1: ignoring Vendor ID payload [HeartBeat Notify 386b0100]
"bbrasil" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"bbrasil" #1: STATE_MAIN_I2: sent MI2, expecting MR2
"bbrasil" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"bbrasil" #1: STATE_MAIN_I3: sent MI3, expecting MR3
"bbrasil" #1: Main mode peer ID is ID_IPV4_ADDR: '170.66.6.34'
"bbrasil" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
"bbrasil" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}
"bbrasil" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:01fb6169 proposal=3DES(3)_192-MD5(1)_128 pfsgroup=OAKLEY_GROUP_MODP1024}







Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts