From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user-br+bounces-9406-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1PLGx2-00060s-AG
	for garchives@archives.gentoo.org; Wed, 24 Nov 2010 15:08:04 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id C7C7DE07AA;
	Wed, 24 Nov 2010 15:08:02 +0000 (UTC)
Received: from peninha.viavale.com.br (peninha.viavale.com.br [200.143.116.3])
	by pigeon.gentoo.org (Postfix) with ESMTP id 611A2E07AA
	for <gentoo-user-br@lists.gentoo.org>; Wed, 24 Nov 2010 15:08:02 +0000 (UTC)
Received: from VIAREDES01 (gw01-redegazeta.viavale.com.br [200.143.116.14])
	by peninha.viavale.com.br (Postfix) with ESMTPA id 34EBA7414B
	for <gentoo-user-br@lists.gentoo.org>; Wed, 24 Nov 2010 13:06:51 -0200 (BRST)
From: "Eduardo Schoedler" <eschoedler@viavale.com.br>
To: <gentoo-user-br@lists.gentoo.org>
References: <AANLkTin7Kx3du8sX5pwUVRFDbu7wbTV+y9m6c_ozLLTP@mail.gmail.com>
In-Reply-To: <AANLkTin7Kx3du8sX5pwUVRFDbu7wbTV+y9m6c_ozLLTP@mail.gmail.com>
Subject: RES: [gentoo-user-br] VPN ipsec
Date: Wed, 24 Nov 2010 13:06:51 -0200
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAIuUu3nmKcFHrbjqCBaxr87CgAAAEAAAAJ+J4i0iM7ZBvmRO006tTsYBAAAAAA==@viavale.com.br>
Precedence: bulk
List-Post: <mailto:gentoo-user-br@lists.gentoo.org>
List-Help: <mailto:gentoo-user-br+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user-br+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user-br+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user-br.gentoo.org>
X-BeenThere: gentoo-user-br@lists.gentoo.org
Reply-to: gentoo-user-br@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain;
	charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcuL6Jbe9gs8ZFcnSmaafWWG663D3QAAIdjw
Content-Language: pt-br
X-Archives-Salt: 4eca9057-4bb3-4547-af27-b26a6262b4e8
X-Archives-Hash: e890d823c50546ef682deb66d811bce5

Talvez o pessoal do MASOCH-L conseguir=C3=A1 te ajudar melhor...
https://eng.registro.br/mailman/listinfo/masoch-l

Abra=C3=A7o,

--
Eduardo Schoedler



> -----Mensagem original-----
> De: Ricardo Felix [mailto:felix.ricardo@gmail.com]
> Enviada em: quarta-feira, 24 de novembro de 2010 13:02
> Para: gentoo-user-br@lists.gentoo.org
> Assunto: [gentoo-user-br] VPN ipsec
>=20
> Boa tarde galera, uma pergunta aqui que j=C3=A1 to suando.
> Algu=C3=A9m por aqui j=C3=A1 criou uma VPN Ipsec com openswan e um =
Juniper SSG520
> ?
>=20
> Consigo colocar a VPN no Ar, mas o tr=C3=A1fego n=C3=A3o passa de uma =
ponta a
> outra....
>=20
> meus arquivos de conf...
>=20
> ipsec.conf
>=20
> conn HQtoDC
>         type=3Dtunnel
>         left=3D189.38.x.x
>         leftsubnet=3D172.16.16.0/24
>         leftnexthop=3D200.160.x.x
>         right=3D200.160.x.x
>         rightsubnet=3D172.16.18.0/24
>         pfs=3Dyes
>         keyingtries=3D0
>         aggrmode=3Dno
>         auto=3Dstart
>         auth=3Desp
>         esp=3D3des-sha1-96
>         ike=3D3des-sha1-96
>         authby=3Dsecret
>=20
>=20
> minha tabela de rotas ap=C3=B3s subir o ipsec
>=20
> Kernel IP routing table
> Destination          Gateway         Genmask         Flags Metric Ref
>   Use Iface
> 201.6.249.136   189.38.250.1    255.255.255.255 UGH   0      0        =
0
> eth0
> 200.207.121.196 189.38.250.1    255.255.255.255 UGH   0      0        =
0
> eth0
> 200.204.154.71  189.38.250.1    255.255.255.255 UGH   0      0        =
0
> eth0
> 10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        =
0
> tun0
> 201.81.231.236  189.38.250.1    255.255.255.255 UGH   0      0        =
0
> eth0
> 74.125.93.121   189.38.250.1    255.255.255.255 UGH   0      0        =
0
> eth0
> 201.81.224.243  189.38.250.1    255.255.255.255 UGH   0      0        =
0
> eth0
> 200.171.213.106 189.38.250.1    255.255.255.255 UGH   0      0        =
0
> eth0
> 200.158.83.246  189.38.250.1    255.255.255.255 UGH   0      0        =
0
> eth0
> 200.160.255.48  189.38.250.1    255.255.255.240 UG    0      0        =
0
> eth0
> 172.16.18.0     0.0.0.0         255.255.255.0   U     0      0        =
0
> eth0
> 10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        =
0
> eth2
> 189.38.250.0    0.0.0.0         255.255.255.0   U     0      0        =
0
> eth0
> 10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        =
0
> tun0
> 172.16.16.0     0.0.0.0         255.255.255.0   U     0      0        =
0
> eth1
> 187.38.0.0      0.0.0.0         255.255.240.0   U     0      0        =
0
> eth3
> 10.0.0.0        10.0.0.1        255.255.0.0     UG    0      0        =
0
> eth2
> 74.125.0.0      189.38.250.1    255.255.0.0     UG    0      0        =
0
> eth0
> 0.0.0.0         187.38.0.1      0.0.0.0         UG    0      0        =
0
> eth3
>=20
>=20
> Comandos iptables para permitir o tr=C3=A1fego entre as redes.
>=20
> iptables -t nat -A POSTROUTING -o eth0 -s 172.16.16.0/24 -d !
> 172.16.18.0/24 -j MASQUERADE
> iptables -A FORWARD -p tcp -i eth0 -s 172.16.18.0/24 -o eth1 -d
> 172.16.16.0/24 -j ACCEPT
> iptables -A FORWARD -p tcp -i eth1 -s 172.16.16.0/24 -o eth0 -d
> 172.16.18.0/24 -j ACCEPT
>=20
>=20
> N=C3=A3o pego pacotes sendo dropados no linux.
> Alguma ideia iluminada...?
>=20
> Abra=C3=A7os
> Ricardo Felix do Nascimento