Problème configuration VPN IPsec avec Openswan

**blacko974** · 26/01/2011, 11h03

Bonjour,

Je suis actuellement en stage et j'ai à monter un tunnel IPSEC avec Openswan entre deux sites distants. Je dispose d'une machine Linux Debian (mon IPSEC) dérrière un routeur Zyxell d'un coté, et de l'autre côté j'ai un routeur Clavister qui gère les Vpn.

Voici ma config :

fichier ipsec.conf
conn srvfw-clavister
auth=esp
esp=aes128-sha1-96
keyexchange=ike
ike=aes128-sha1-modp1024
keyingtries=0
left=192.168.0.50
leftsubnet=192.168.0.0/24
leftnexthop=81.252.71.125
right=194.1.4.51
rightsubnet=194.1.4.0/23
rightnexthop=193.253.176.43
ikelifetime=86400
authby=secret
auto=start
pfs=no

mon fichier ipsec.secrets

RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005-09-28 13:59:14 paul Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "ipsec showhostkey".
194.1.4.51 192.168.0.50: PSK "caudan-colombes"

Mon problème est que lorsque je lance mon tunnel, il ne se passe rien.

ipsec auto -status
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 194.1.4.51
000 interface eth0/eth0 194.1.4.51
000 %myid = (none)
000 debug raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13, name=(null), ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=(null), ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,2,36} trans={0,2,540} attrs={0,2,360}
000
000 "srvfw-clavister": 194.1.4.0/23===194.1.4.51---193.253.176.43...81.252.71.125---192.168.0.50===192.168.0.0/24; prospective erouted; eroute owner: #0
000 "srvfw-clavister": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;
000 "srvfw-clavister": ike_life: 86400s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "srvfw-clavister": policy: PSK+ENCRYPT+TUNNEL+UP; prio: 24,23; interface: eth0; encap: esp;
000 "srvfw-clavister": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "srvfw-clavister": IKE algorithms wanted: AES_CBC(7)_128-SHA1(2)-MODP1024(2); flags=strict
000 "srvfw-clavister": IKE algorithms found: AES_CBC(7)_128-SHA1(2)_160-MODP1024(2)
000 "srvfw-clavister": ESP algorithms wanted: AES(12)_128-SHA1(2); flags=strict
000 "srvfw-clavister": ESP algorithms loaded: AES(12)_128-SHA1(2); flags=strict
000
000 #4: "srvfw-clavister":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 7s; nodpd
000 #4: pending Phase 2 for "srvfw-clavister" replacing #0
000
administrateur:/home/administrateur#

Pouvez-vous m'aider, le problème principal semble etre la dernière ligne
000 #4: pending Phase 2 for "srvfw-clavister" replacing #0

Je vous remercie par avance.

Problème configuration VPN IPsec avec Openswan

Réseau

Discussions similaires

Partager

Partager