IPSec Помогите разобраться в чем ошибка :-(

System admin · Отправлено: **20:02, 25-03-2007** | #13

must die Я таки добился хождения пакетов из одной сетки в другую..
Но ошибка осталась :-(

root@grandgw:~# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan cvs2002Mar11_15:19:03 (klips)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking tun0x1002@89.209.82.10 from 192.168.1.0/24 to 192.168.0.0/24 [FAILED]
MASQUERADE from 192.168.1.0/24 to 0.0.0.0/0 kills tunnel 192.168.1.0/24 -> 192
.168.0.0/24
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]

Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: grandgw [MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse dns zone: 182.94.138.195.in-addr.arpa. [MISSING
]

И насколько я понял по пингу...пакеты не шифруются :-((

root@anteygw:~# tcpdump -i ipsec0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipsec0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
21:01:30.871088 IP 192.168.1.1 > 192.168.0.191: ICMP echo request, id 512, seq 37480, length 40
21:01:30.871406 IP 192.168.0.191 > 192.168.1.1: ICMP echo reply, id 512, seq 37480, length 40
21:01:31.865940 IP 192.168.1.1 > 192.168.0.191: ICMP echo request, id 512, seq 37992, length 40
21:01:31.866327 IP 192.168.0.191 > 192.168.1.1: ICMP echo reply, id 512, seq 37992, length 40

root@anteygw:~# tcpdump -i ipsec0 -vv
tcpdump: listening on ipsec0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
20:59:33.655635 IP (tos 0x0, ttl 127, id 4592, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.1.1 > 192.168.0.191: ICMP echo request, id 512, seq 36967, length 40
20:59:33.656023 IP (tos 0x0, ttl 127, id 9017, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.191 > 192.168.1.1: ICMP echo reply, id 512, seq 36967, length 40

Есть у тебя какие то еще соображения по этому поводу ? Если тебе моя проблема еще не надоела.... :-/

Спасиб... :-)