VPN

Forums: 

Hola A todos

Estoy en un proyecto en la empresa en la que me encargaron unir dos sucursales UIO y GYE
lo mas conveniente me parece hacer una VPN . Queria preguntarles cual seria la mejor opcion para hacer esto o si alguien ya tuyo alguna experiencia haciendo VPN en LINUX y que programa utilizo entre los que estoy investigando esta el FreeS/WAN y OpenVpn. Voy a utilizar CentOS 4.2 para este proyecto.Desearia saber sus comentarios y suguerencias

Gracias por su Ayuda

Unidos por el Software Libre

could not route conn "tbs"

Despues de mucho leer y un poco de ayuda sobre linux,he conseguido llegar a mi maquina destino,el problema es que su firewall no me deja entrar, segun ellos por problemas con el certificado....

Alguien sabe donde esta mi fallo????

xxxxxxxx:/etc # vi ipsec.conf
#
# Workaround to setup all tunnels immediately, since the new default
# of "plutowait=no" causes "Resource temporarily unavailable" errors
# for the first connect attempt over each tunnel, that is delayed to
# be established later / on demand.
#
plutowait=yes

# default settings for connections
conn %default
# keyingtries default to %forever
keyingtries=0
# Sig keys (default: %dnsondemand)
#leftrsasigkey=%cert
#rightrsasigkey=%cert
# Lifetimes, defaults are 1h/8hrs
#ikelifetime=20m
#keylife=1h
#rekeymargin=8m
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

# Add connections here

# sample VPN connection
conn tbs
keyexchange=ike
esp=aes-sha1-256
ike=aes
#Ipsec=aes-md5-128
# Left security gateway, subnet behind it, nexthop toward right.
left=xxx.xxx.xxx.xxx #maquina local
leftsubnet=xxx.xxx.xxx.xxx /22 #red local
leftnexthop=xxx.xxx.xxx.xxx #maquina que se conecta a internet
# Right security gateway, subnet behind it, nexthop toward left.
right=xxx.xxx.xxx.xxx
rightsubnet=xxx.xxx.xxx.xxx /24
rightcert=certclient.pem
#rightnexthop=
# To authorize this connection, but not actually start it,
# at startup, uncomment this.
auto=start

May 19 00:28:36 zaz-sis-vpn01 pluto[26480]: Starting Pluto (Openswan Version 2.4.0rc5 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEgwPv\177f_a[B)
May 19 00:28:36 zaz-sis-vpn01 pluto[26480]: Setting NAT-Traversal port-4500 floating to off
May 19 00:28:36 zaz-sis-vpn01 pluto[26480]: port floating activation criteria nat_t=0/port_fload=1
May 19 00:28:36 zaz-sis-vpn01 pluto[26480]: including NAT-Traversal patch (Version 0.6c) [disabled]
May 19 00:28:36 zaz-sis-vpn01 pluto[26480]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
May 19 00:28:36 zaz-sis-vpn01 pluto[26480]: starting up 1 cryptographic helpers
May 19 00:28:36 zaz-sis-vpn01 pluto[26480]: started helper pid=26481 (fd:6)
May 19 00:28:36 zaz-sis-vpn01 pluto[26480]: Using Linux 2.6 IPsec interface code on 2.6.13-15-default
May 19 00:28:37 zaz-sis-vpn01 pluto[26480]: Changing to directory '/etc/ipsec.d/cacerts'
May 19 00:28:37 zaz-sis-vpn01 pluto[26480]: loaded CA cert file 'cacert.pem' (1076 bytes)
May 19 00:28:37 zaz-sis-vpn01 pluto[26480]: Changing to directory '/etc/ipsec.d/aacerts'
May 19 00:28:37 zaz-sis-vpn01 pluto[26480]: Changing to directory '/etc/ipsec.d/ocspcerts'
May 19 00:28:37 zaz-sis-vpn01 pluto[26480]: Changing to directory '/etc/ipsec.d/crls'
May 19 00:28:37 zaz-sis-vpn01 pluto[26480]: Warning: empty directory
May 19 00:28:37 zaz-sis-vpn01 ipsec_setup: Starting Openswan IPsec 2.4.0rc5...
May 19 00:28:37 zaz-sis-vpn01 ipsec_setup: insmod /lib/modules/2.6.13-15-default/kernel/net/key/af_key.ko
May 19 00:28:37 zaz-sis-vpn01 ipsec_setup: insmod /lib/modules/2.6.13-15-default/kernel/net/ipv4/xfrm4_tunnel.ko
May 19 00:28:37 zaz-sis-vpn01 ipsec_setup: insmod /lib/modules/2.6.13-15-default/kernel/net/xfrm/xfrm_user.ko
May 19 00:28:37 zaz-sis-vpn01 pluto[26480]: loaded host cert file '/etc/ipsec.d/certs/certclient.pem' (1104 bytes)
May 19 00:28:37 zaz-sis-vpn01 pluto[26480]: added connection description "tbs"
May 19 00:28:38 zaz-sis-vpn01 pluto[26480]: listening for IKE messages
May 19 00:28:38 zaz-sis-vpn01 pluto[26480]: adding interface eth0/eth0 10.50.128.248:500
May 19 00:28:38 zaz-sis-vpn01 pluto[26480]: adding interface lo/lo 127.0.0.1:500
May 19 00:28:38 zaz-sis-vpn01 pluto[26480]: adding interface lo/lo ::1:500
May 19 00:28:38 zaz-sis-vpn01 pluto[26480]: loading secrets from "/etc/ipsec.secrets"
May 19 00:28:38 zaz-sis-vpn01 pluto[26480]: "tbs" #1: initiating Main Mode
May 19 00:28:38 zaz-sis-vpn01 pluto[26480]: "tbs" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
May 19 00:28:38 zaz-sis-vpn01 pluto[26480]: "tbs" #1: received and ignored informational message

Páginas