お世話様です。宜しくお願い致します。miwaYonedaと申します。
Win2k(192.168.2.102)
|
eth0(192.168.2.2)
RedHat9
ppp0
|
ADSLモデム
|(↑事務所側)
|
WAN
|
|(↓自宅側)
ADSLモデム
|
ppp0
RedHat9
eth0(192.168.0.1)
|
Win2k(192.168.0.89)
として"事務所⇔自宅"でipsecでのトンネリングを実験したく思って
freeswan-module-2.01_2.4.20_8-0.i386.rpm
freeswan-userland-2.01_2.4.20_8-0.i386.rpm
をダウンロード・インストールしました。
jitaku.ddyn.netのppp0のアドレス…hhh.hhh.hhh.hhh
jitaku.ddyn.netのP-t-Pアドレス…xxx.xxx.xxx.xxx
jimusho.ddyn.netのppp0のアドレス…ooo.ooo.ooo.ooo
jimusho.ddyn.netのP-t-Pアドレス…yyy.yyy.yyy.yyy
で表す事にします。
[root@xxxxxxxxxxxxxxx]# grep -v ^# /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces="ipsec0=ppp0"
klipsdebug=none
plutodebug=none
conn %default
type=tunnel
keyingtries=10
authby=rsasig
keylife=1h
pfs=yes
conn hh-to-oo
left=hhh.hhh.hhh.hhh
leftsubnet=192.168.0.0/24
leftid=@xxxxxxxxxxxxxxx
leftrsasigkey=0sAQP…pA9VU9
leftnexthop=xxx.xxx.xxx.xxx
right=ooo.ooo.ooo.ooo
rightsubnet=192.168.2.0/24
rightid=@xxxxxxxxxxxxxxxx
rightrsasigkey=0sAQN7…6IXIn
rightnexthop=yyy.yyy.yyy.yyy
auto=add
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
[root@xxxxxxxxxxxxxxx]# grep -v ^# /etc/ipsec.secrets
hhh.hhh.hhh.hhh ooo.ooo.ooo.ooo : PSK "password"
: RSA {
# RSA 2192 bits jitaku.ddyn.net Mon Sep 8 16:30:37 2003
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQ…A9VU9
:
(以下省略)
:
[root@xxxxxxxxxxxxxxxx]# grep -v ^# /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces="ipsec0=ppp0"
klipsdebug=none
plutodebug=none
conn %default
type=tunnel
keyingtries=0
authby=rsasig
keylife=1h
pfs=yes
conn hh-to-oo
left=ooo.ooo.ooo.ooo
leftsubnet=192.168.2.0/24
leftid=@xxxxxxxxxxxxxxxx
leftrsasigkey=0sAQN…6IXIn
leftnexthop=yyy.yyy.yyy.yyy
right=hhh.hhh.hhh.hhh
rightsubnet=192.168.0.0/24
rightid=@xxxxxxxxxxxxxxx
rightrsasigkey=0sAQP…9VU9
rightnexthop=xxx.xxx.xxx.xxx
auto=add
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
[root@xxxxxxxxxxxxxxxx]# grep -v ^# /etc/ipsec.secrets
ooo.ooo.ooo.ooo hhh.hhh.hhh.hhh : PSK "password"
: RSA {
# RSA 2192 bits jimusho.ddyn.net Thu Sep 4 21:06:29 2003
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=0sAQN…IXIn
:
(以下省略)
:
[root@xxxxxxxxxxxxxxx]# cat /etc/resolv.conf
domain jitaku.ddyn.net
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx
↑ISPのネームサーバ
と夫々記述してVPNが実現できてました。最近、ppp0のIPアドレスが変更になったの
でこれら
ファイルを修正して
再接続を試みてみましたら、
[root@xxxxxxxxxxxxxxxx]# service ipsec stop
ipsec_setup: Stopping FreeS/WAN IPsec...
[root@xxxxxxxxxxxxxxxx]# service ipsec start
ipsec_setup: Starting FreeS/WAN IPsec 2.01...
ipsec_setup: Using /lib/modules/2.4.20-8/kernel/net/ipsec/ipsec.o
[root@xxxxxxxxxxxxxxx]# service ipsec stop
ipsec_setup: Stopping FreeS/WAN IPsec...
[root@xxxxxxxxxxxxxxx]# service ipsec start
ipsec_setup: Starting FreeS/WAN IPsec 2.01...
ipsec_setup: Using /lib/modules/2.4.20-8/kernel/net/ipsec/ipsec.o
とすると
[root@xxxxxxxxxxxxxxx]# tail -f /var/log/secure
Dec 2 16:37:22 jitaku ipsec__plutorun: Starting Pluto subsystem...
Dec 2 16:37:22 jitaku pluto[29211]: Starting Pluto (FreeS/WAN Version 2.01
PLUTO_USES_KEYRR)
Dec 2 16:37:23 jitaku pluto[29211]: added connection description "hh-to-oo"
Dec 2 16:37:23 jitaku pluto[29211]: listening for IKE messages
Dec 2 16:37:23 jitaku pluto[29211]: adding interface ipsec0/ppp0
hhh.hhh.hhh.hhh
Dec 2 16:37:23 jitaku pluto[29211]: loading secrets from
"/etc/ipsec.secrets"
Dec 2 16:37:23 jitaku pluto[29211]: "/etc/ipsec.secrets" line 6: premature
end of RSA key
Dec 2 16:37:23 jitaku pluto[29211]: "/etc/ipsec.secrets" line 6:
unrecognized key format:
0xd46e963686e3f6c35239fec4c7a022231880e861193a672baf6b76908a3169c1fed4dbce01
972cd6035bf0457e288521bd376bf8e21982ae421aab50a167fc6112b01a55a106a3aa2c8d54
aa5135fd96529428d10f10c663667071643bbaef8bc2c5ae775efaecf9b7f4e75d6b34cbcd53
bf9157aef0ff34da1317cb453cb2fdc92b72ed3f52bdf1bd601a657dc964fed2d5722ad10999
25acf7af10eb44f6c4442ad4d7229474b599923210e9e8d0e24c32a2a481b262e1072782c34c
715795f043d593008e5f3a7ae744586644e3c46d952e2fb915a5889e62bb04b8ee79ce27c76e
ba959007b0595a9bb5900454997b947a86c249f9e70cda9fb884c54429087cce545c3b963246
c4aa5dd14a40f5553d
Dec 2 16:37:23 jitaku pluto[29211]: "/etc/ipsec.secrets" line 7:
unrecognized key format: 0x03
Dec 2 16:37:23 jitaku pluto[29211]: "/etc/ipsec.secrets" line 9:
unrecognized key format:
0x2367c3b3c125fe75e309aa7621455b05d96ad1658434668747e73e6d6c5d91a0552379f7aa
ee8779008f52b63fb16b859f893ca97b0440726059c7381ae6aa102dc804639ad6709c5cc238
c70d88ff990dc35c22d7d821109112bd90b49f27eca07647be8fd47cd449537be4e733774ce3
4a983947d2d53379add94c8b8a1dd4f6dc93278a8dca52f4979cecac118b2bca49beea22081b
dd06bad17154dea5c79f777a1aed11acd467e5dc9764577a10060fe471fd928e955f8fd8a91c
a7c0aa05106c2bf06cdd806dc64badc8fd3948729cb2440507a0a97e4bb12367892b2316f5b8
ca6450e992bdf525a304064641c984e340c811c3b6fb0a140b9f220840864d56de2569dbeef2
2791ce112896a52775
Dec 2 16:37:24 jitaku pluto[29211]: "/etc/ipsec.secrets" line 10:
unrecognized key format:
0xeb9059077381f9e49d56ad9892719250d0fbf5e9213b30536b34497aa6c1c93cdd2cf56ec9
ecdbec5edab00f1efc08100444618fe2e434500629dd5e355e2ff8f0b502646d858dc6766a66
9303c99955b2fe242302ac4595d06f8e1b228215a553b87ac52ee767301299bc310db93f9565
48d482fc8ee7961711fc74c4fbe291abaeb4d442f6ec48d3
Dec 2 16:37:24 jitaku pluto[29211]: "/etc/ipsec.secrets" line 11:
unrecognized key format:
0xe6dc806dec9ffe307da2006c46806533c5ca7304ebd8e633f2c3ec1983a5f1ed51d98f2112
07a63b746d4881240f58b9c42a6b109fef6581db22adffcbd007ef50c9434be80683f7729631
07e417f652e9960c28b4cab60834aa6e20880c2a40480168b2afc7a792648d45e0d1aa5d9538
de9e46fc83be4c95b32306fb72b6082b90d49613c22a1faf
Dec 2 16:37:24 jitaku pluto[29211]: "/etc/ipsec.secrets" line 12:
unrecognized key format:
0x9d0ae604f7abfbedbe39c91061a10c35e0a7f9461627758cf222dba719d6862893734e49db
f33d483f3c755f69fd5ab5582d965fec9822e0041be8e978e97550a078ac42f3ae5e844ef199
b757dbbb8e77541817571d83b9359fb412170163c38d25a72e1f44ef7561bbd2cb5e7b7fb8ee
308daca85f450eba0bfda32dfd41b67274788d81f9f2db37
Dec 2 16:37:25 jitaku pluto[29211]: "/etc/ipsec.secrets" line 13:
unrecognized key format:
0x99e8559e9dbffecafe6c00482f004377d931a20347e5eecd4c829d6657c3f69e36910a160c
05197cf848db00c2b4e5d12d719cb5bff4ee5692171eaa87e0054a35db82329aaf02a4f70ecb
5a980ff98c9bb95d707887240578719ec05ab2c6d5855645cc752fc50c4308d9408bc6e90e25
e9bed9fdad298863ccc204a7a1ceb01d0b38640d2c1c151f
Dec 2 16:37:25 jitaku pluto[29211]: "/etc/ipsec.secrets" line 14:
unrecognized key format:
0xbda1bd952405a2f43ae479628f4237ea034fd056c9a37dc5fca5ab28f7fda49d7ce345ff47
940aa7bb75efcbe555b6bff3fd3769c0d78d984399be5b4b872719978f336cd485581b1907d1
8eeaf64fa29e382451ca0135fe23b68dd10b94365687edbfa0d6ad28e4f15e4f2fd51bbcfa5e
2504e320b55ec4a774a6eb291695ef7b94392fe8ffef5d6b
Dec 2 16:37:25 jitaku pluto[29211]: ERROR "/etc/ipsec.secrets" line 15:
index "}" illegal (non-DNS-name) character in name
更には
[root@xxxxxxxxxxxxxxx]# ipsec auto --up hh-to-oo
104 "hh-to-oo" #1: STATE_MAIN_I1: initiate
106 "hh-to-oo" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "hh-to-oo" #1: unable to locate my private key for RSA Signature
224 "hh-to-oo" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED
003 "hh-to-oo" #1: unable to locate my private key for RSA Signature
224 "hh-to-oo" #1: STATE_MAIN_I2: AUTHENTICATION_FAILED
010 "hh-to-oo" #1: STATE_MAIN_I2: retransmission; will wait 20s for response
となってしまいました。
知らない内に/etc/ipsec.secretsを変な風にいじってしまったのかもしれません。
それぞれのleftrsasigkey=、rightrsasigkey=、pubkey=をdiffコマンドを用いて
チェックしてみましたが完全に一致していて問題無いことを確認しました。
/etc/ipsec.secretsをどのようにすればエラーが失くなるのでしょうか?