<font size="1">Buenas a todos tengo el siguiente problemita y es que trate de configurar una VPN, el servidor es un OpenBSD 3.9 amd64 los archivos de configuracion son los siguientes el cual copie de <a href="http://allar.nu" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
allar.nu</a><br><br>El servidor tiene una IP publica y una privada <a href="http://192.168.1.3" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.3</a> y deseo que un cliente windows se conecte a mi, cuando corro el script en el windows
<br>este me funciona pero al hacer ping a una ip interna que esta comprendida
<a href="http://192.168.1.0" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.0</a> / <a href="http://255.255.255.0" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
255.255.255.0</a> no me responde Ej. ping dedes el window a <a href="http://192.168.1.1" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.1</a>. <br>Yo creo que tengo un error en la configuracion del pf pero no se cual es?
<br><br>pf.conf <br><br><br>ext_if="sis0"<br>int_if="sis3"<br>ext_ip="200.XX.XX.XX"<br><br><br>servicios_tcp = "{ ssh, smtp, domain, pop3, https, www, 2095, 2082, 5011, 5001, 2084, 8083, 8880, 7978 }"
<br>servicios_udp = "domain"<br><br>set loginterface $ext_if<br>set block-policy drop<br><br><br>scrub in on ALL from any to any<br><br><br><br><br>pass in on $ext_if proto udp from any port = 500 to $ext_ip port = 500 keep state
<br>pass in on $ext_if proto esp from any to $ext_ip keep state<br><br>pass proto tcp from any to any port $servicios_tcp keep state<br>pass proto udp from any to any port $servicios_udp keep state<br><br>pass from any to
<a href="http://200.31.195.157" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">200.31.195.157</a> keep state<br><br><br>isakmpd.conf<br><br>#<br># PGPnet - OpenBSD isakmpd configuration file.<br>#
<br># This is a configuration file that will get a PGPnet (a part of PGP
<br># version 6.5 and later) and OpenBSD to interoperate.<br>#<br># This file works with OpenBSD 3.2 and later. In earlier versions of<br># OpenBSD you need to add a lifetime description as well.<br>#<br># The only thing that needs editing is the pre shared secret
<br># 'mekmitasdigoat'. The setting allows everyone who knows the correct<br># pre shared secret to connect.<br>#<br># Please mail me if you have any comments or bug-reports.<br>#<br># Johan Allard <<a href="mailto:johan@allard.nu" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
johan@allard.nu</a>><br>#<br><br># ----------------<br># Defaults section<br># ----------------<br><br>[General]<br>Default-phase-1-lifetime= 3600,60:86400<br>Default-phase-2-lifetime= 3600,60:86400<br><br>
# -----------<br># Connections<br># -----------<br><br>[Phase 1]<br>Default= ISAKMP-clients<br><br>[Phase 2]<br>Passive-Connections= IPsec-clients<br><br># ---------------------<br># Phase 1 peer sections
<br># ---------------------<br><br>[ISAKMP-clients]<br>Phase= 1<br>Transport= udp<br>Configuration= PGP-main-mode<br>Authentication= hello-world<br><br># ----------------
<br># Phase 2 sections<br># ----------------<br><br>[IPsec-clients]<br>Phase= 2<br>Configuration= PGP-quick-mode<br>Local-ID= default-route<br>Remote-ID= dummy-remote<br><br>
# ------------------<br># Client ID sections<br># ------------------<br><br>[default-route]<br>ID-type= IPV4_ADDR_SUBNET<br>Network= <a href="http://0.0.0.0" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
0.0.0.0</a><br>Netmask= <a href="http://0.0.0.0" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
0.0.0.0</a><br><br>[dummy-remote]<br>ID-type= IPV4_ADDR<br>Address= <a href="http://0.0.0.0" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">0.0.0.0</a><br><br># ----------------------
<br># Transform descriptions<br># ----------------------<br># Some predefined section names are recognized by the daemon, voiding the
<br># need to fully specify the Main Mode transforms and Quick Mode suites,<br># protocols and transforms.<br>#<br># For Main Mode:<br># {DES,BLF,3DES,CAST}-{MD5,SHA}[-GRP{1,2,5}][-{DSS,RSA_SIG}]<br>#<br># For Quick Mode:
<br># QM-{ESP,AH}[-TRP]-{DES,3DES,CAST,BLF,AES}[-{MD5,SHA,RIPEMD}][-PFS[-{GRP{1,2,5}}]]-SUITE<br><br># -------------------------------------------------------------------------<br># PGPnet note:<br>#<br># The Transform values are the default values in PGPnet, if you change them
<br># you might have to change in all your clients aswell.<br># -------------------------------------------------------------------------<br><br>[PGP-main-mode]<br>DOI= IPSEC<br>EXCHANGE_TYPE= ID_PROT
<br>
Transforms= 3DES-SHA-GRP2<br><br>[PGP-quick-mode]<br>DOI= IPSEC<br>EXCHANGE_TYPE= QUICK_MODE<br>Suites= QM-ESP-3DES-SHA-SUITE<br><br># -----------<br># End of file<br># -----------
<br><br>isakmpd.policy <br><br>Comment: This policy accepts ESP SAs from a remote that uses the rigth password.<br>Authorizer: "POLICY"<br>Conditions: app_domain == "IPsec policy" &&<br> esp_present == "yes" &&
<br> esp_enc_alg != "null" -> "true";<br><br><br>Config windows<br><br><br>ipseccmd.exe -f 0=* -n ESP[3DES,SHA] -t ipPublicaServidor -a PRESHARE:"hello-world" -1s 3DES-SHA-2
<br>ipseccmd.exe -f *=0 -n ESP[3DES,SHA] -t ipPublicaClientewindows -a PRESHARE:"hello-world" -1s 3DES-SHA-2</font><br><br> <br>