- - PR -
ipsecで一つのコネクションが切れると他のコネクションも切れます
1
| 投稿者 | 投稿内容 |
|---|---|
|
投稿日時: 2004-04-30 21:31
こんにちは。
hostA.dyndns.net─Win2k │ WAN─hostB.dyndns.com─Win2k │ hostC.dyndns.co.jp─Win2k の3マシン(RedHat9)をVPN接続しています。 各ホストでは下記のように設定ファイルを記述しています。 # rpm -qa |grep freeswan freeswan-userland-2.01_2.4.20_8-0 freeswan-module-2.01_2.4.20_8-0 # cat /etc/ipsec.conf | grep -v ^# | grep -v ^$ version 2.0 # conforms to second version of ipsec.conf specification config setup interfaces="ipsec0=ppp0" klipsdebug=none plutodebug=none conn %default type=tunnel keyingtries=10 authby=rsasig keylife=1h pfs=yes conn aa-to-bb left=aaa.aaa.aaa.aaa leftsubnet=192.168.0.0/24 leftid=@hostA.dyndns.net leftrsasigkey=0sAQPUbp…9VU9 leftnexthop=AAA.AAA.AAA.AAA right=bbb.bbb.bbb.bbb rightsubnet=192.168.2.0/24 rightid=@hostB.dyndns.com rightrsasigkey=0sAQN7m…S6IXIn rightnexthop=BBB.BBB.BBB.BBB auto=add conn aa-to-cc left=aaa.aaa.aaa.aaa leftsubnet=192.168.0.0/24 leftid=@hostA.dyndns.net leftrsasigkey=0sAQPUbp…9VU9 leftnexthop=AAA.AAA.AAA.AAA right=ccc.ccc.ccc.ccc rightsubnet=192.168.3.0/24 rightid=@hostC.dyndns.co.jp rightrsasigkey=0sAQOa…UjSRYiap rightnexthop=CCC.CCC.CCC.CCC auto=add conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore この状況下で # ipsec auto --up aa-to-bb # ipsec auto --up aa-to-cc としてhostA⇔hostB、hostA⇔hostC のVPN接続完了後、hostBが落ちた場合に勿論、hostA⇔hostBは切断されてしまいます が hostA⇔hostCに於いても切断されてしまいます。 hostAに繋がっているWin2kで 「X:\\にアクセスできません。ネットワークパスが見付かりません。」となってしま い気づきました。 /var/log/secureには下記のようにログられていました。 Apr 20 00:51:57 hostA pluto[17955]: "aa-to-cc" #5: received and ignored informational message Apr 20 00:57:14 hostA pluto[17955]: "aa-to-bb" #8: received Delete SA payload: replace IPSEC State #7 in 10 seconds Apr 20 00:57:14 hostA pluto[17955]: "aa-to-bb" #8: received and ignored informational message Apr 20 00:57:14 hostA pluto[17955]: "aa-to-bb" #8: received Delete SA payload: deleting IPSEC State #4 Apr 20 00:57:14 hostA pluto[17955]: "aa-to-bb" #8: received and ignored informational message Apr 20 00:57:14 hostA pluto[17955]: "aa-to-bb" #3: received Delete SA payload: deleting ISAKMP State #3 Apr 20 00:57:14 hostA pluto[17955]: packet from bbb.bbb.bbb.bbb:500: received and ignored informational message Apr 20 00:57:14 hostA pluto[17955]: "aa-to-bb" #8: received Delete SA payload: deleting ISAKMP State #8 Apr 20 00:57:14 hostA pluto[17955]: packet from bbb.bbb.bbb.bbb:500: received and ignored informational message Apr 20 00:57:24 hostA pluto[17955]: "aa-to-bb" #9: initiating Main Mode Apr 20 00:57:34 hostA pluto[17955]: "aa-to-bb" #7: IPsec SA expired (LATEST!) Apr 20 00:58:34 hostA pluto[17955]: "aa-to-bb" #9: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message Apr 20 00:58:34 hostA pluto[17955]: "aa-to-bb" #9: starting keying attempt 2 of at most 10 Apr 20 00:58:34 hostA pluto[17955]: "aa-to-bb" #10: initiating Main Mode to replace #9 Apr 20 00:59:44 hostA pluto[17955]: "aa-to-bb" #10: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message Apr 20 00:59:44 hostA pluto[17955]: "aa-to-bb" #10: starting keying attempt 3 of at most 10 Apr 20 00:59:44 hostA pluto[17955]: "aa-to-bb" #11: initiating Main Mode to replace #10 Apr 20 01:00:41 hostA pluto[17955]: "aa-to-cc" #5: received Delete SA payload: deleting IPSEC State #6 Apr 20 01:00:41 hostA pluto[17955]: "aa-to-cc" #5: received and ignored informational message Apr 20 01:00:41 hostA pluto[17955]: "aa-to-cc" #5: received Delete SA payload: deleting ISAKMP State #5 Apr 20 01:00:41 hostA pluto[17955]: packet from ccc.ccc.ccc.ccc:500: received and ignored informational message Apr 20 01:00:55 hostA pluto[17955]: "aa-to-bb" #11: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message Apr 20 01:00:55 hostA pluto[17955]: "aa-to-bb" #11: starting keying attempt 4 of at most 10 Apr 20 01:00:55 hostA pluto[17955]: "aa-to-bb" #12: initiating Main Mode to replace #11 Apr 20 01:00:56 hostA pluto[17955]: ERROR: asynchronous network error report on ppp0 for message to bbb.bbb.bbb.bbb port 500, complainant BBB.BBB.BBB.BBB: No route to host [errno 113, origin ICMP type 11 code 0 (not authenticated)] Apr 20 01:00:58 hostA pluto[17955]: shutting down Apr 20 01:00:58 hostA pluto[17955]: forgetting secrets Apr 20 01:00:58 hostA pluto[17955]: "aa-to-bb": deleting connection Apr 20 01:00:58 hostA pluto[17955]: "aa-to-bb" #12: deleting state (STATE_MAIN_I1) Apr 20 01:00:58 hostA pluto[17955]: "aa-to-cc": deleting connection Apr 20 01:00:58 hostA pluto[17955]: shutting down interface ipsec0/ppp0 aaa.aaa.aaa.aaa Apr 20 01:01:02 hostA ipsec__plutorun: Starting Pluto subsystem... Apr 20 01:01:03 hostA pluto[1211]: Starting Pluto (FreeS/WAN Version 2.01 PLUTO_USES_KEYRR) Apr 20 01:01:03 hostA pluto[1211]: added connection description "aa-to-bb" Apr 20 01:01:03 hostA pluto[1211]: added connection description "aa-to-cc" Apr 20 01:01:03 hostA pluto[1211]: listening for IKE messages Apr 20 01:01:03 hostA pluto[1211]: adding interface ipsec0/ppp0 aaa.aaa.aaa.aaa Apr 20 01:01:03 hostA pluto[1211]: loading secrets from "/etc/ipsec.secrets" たとえ、hostBが落ちてもhostA⇔hostCには影響を受けないようにする方法は無いの でしょうか? [ メッセージ編集済み 編集者: Yuka 編集日時 2004-05-02 12:04 ] |
1
スキルアップ/キャリアアップ(JOB@IT)
Copyright © ITmedia, Inc. All Rights Reserved.
著作権はアイティメディア株式会社またはその記事の筆者に属します。
当サイトに掲載されている記事や画像などの無断転載を禁止します。
著作権はアイティメディア株式会社またはその記事の筆者に属します。
当サイトに掲載されている記事や画像などの無断転載を禁止します。