Project

General

Profile

Tâche #24907

Scénario #24326: EOLE 2.7.0 : Gérer certaines exceptions de réseaux dans les tunnels directement dans la configuration ipsec et plus par le script ip_xfrm_policy

Agent RVP HS avec les nouvelles connexions passthrough

Added by Fabrice Barconnière over 4 years ago. Updated over 4 years ago.

Status:
Fermé
Priority:
Normal
Start date:
08/27/2018
Due date:
% Done:

100%

Estimated time:
6.00 h
Spent time:
Remaining (hours):
0.0

Description

2018-09-05T16:11:50.368838+02:00 amon.etb1.lan zephiragents[10970]: 2018-09-05T16:11:50+0200 [-] list index out of range                                       │-rw-rw-r--   1 barco barco 7064 juin  13 13:50 eole.mk
2018-09-05T16:11:50.369406+02:00 amon.etb1.lan zephiragents: [-] list index out of range                                                                       │drwxrwxr-x   8 barco barco 4096 sept.  4 14:35 .git/
2018-09-05T16:11:54.873940+02:00 amon.etb1.lan zephiragents[10970]: 2018-09-05T16:11:54+0200 [-] agent rvp : RVP relancé                                       │-rw-rw-r--   1 barco barco   36 mai   25  2016 .gitignore
2018-09-05T16:11:54.874294+02:00 amon.etb1.lan zephiragents: [-] agent rvp : RVP relancé

Les connexions apparaissent ainsi :

Connections:
passthrough-10.1.1.0/24-10.1.15.0/24:  %any...%any  IKEv1/2, dpddelay=120s
passthrough-10.1.1.0/24-10.1.15.0/24:   local:  uses public key authentication
passthrough-10.1.1.0/24-10.1.15.0/24:   remote: uses public key authentication
passthrough-10.1.1.0/24-10.1.15.0/24:   child:  10.1.1.0/24 === 10.1.15.0/24 PASS, dpdaction=restart
passthrough-10.1.1.0/24-10.1.16.0/24:   child:  10.1.1.0/24 === 10.1.16.0/24 PASS, dpdaction=restart
passthrough-10.1.1.0/24-10.1.2.0/24:   child:  10.1.1.0/24 === 10.1.2.0/24 PASS, dpdaction=restart
passthrough-10.1.1.0/24-10.1.21.0/24:   child:  10.1.1.0/24 === 10.1.21.0/24 PASS, dpdaction=restart
passthrough-10.1.1.0/24-10.1.22.0/24:   child:  10.1.1.0/24 === 10.1.22.0/24 PASS, dpdaction=restart
passthrough-10.1.1.0/24-10.1.3.0/24:   child:  10.1.1.0/24 === 10.1.3.0/24 PASS, dpdaction=restart
...
...
etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1:  192.168.0.31...%any  IKEv1/2, dpddelay=120s                                                                                                                                                                                                                     
etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1:   local:  [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr] uses public key authentication
etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1:    cert:  "C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr"                                                                                                                                                                      
etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1:   remote: [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=aca.eolebase.ac-test.fr] uses public key authentication
etb1.amon-default-2.7.0-aca.eolebase-default-2.7.0_1-RW1-T1:   child:  10.1.1.0/24 === dynamic TUNNEL, dpdaction=restart                                                                                                                                                                                                       
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4:  192.168.0.31...192.168.0.11  IKEv1/2, dpddelay=120s
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4:   local:  [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr] uses public key authentication                                                                                                                                          
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4:    cert:  "C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr" 
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4:   remote: [C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=sphynx] uses public key authentication                          
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4:   child:  10.1.15.0/24 10.1.16.0/24 === 10.0.0.0/8 TUNNEL, dpdaction=restart                           
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T2:   child:  10.1.3.0/24 === 172.30.101.0/24 TUNNEL, dpdaction=restart                                                                    
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T1:   child:  10.1.1.0/24 === 172.30.101.0/24 TUNNEL, dpdaction=restart                                                                                                 
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T3:   child:  10.1.1.0/24 === 10.0.0.0/8 TUNNEL, dpdaction=restart
...
...

Shunted Connections:
passthrough-10.1.1.0/24-10.1.15.0/24:  10.1.1.0/24 === 10.1.15.0/24 PASS
passthrough-10.1.1.0/24-10.1.16.0/24:  10.1.1.0/24 === 10.1.16.0/24 PASS
passthrough-10.1.1.0/24-10.1.2.0/24:  10.1.1.0/24 === 10.1.2.0/24 PASS
passthrough-10.1.1.0/24-10.1.21.0/24:  10.1.1.0/24 === 10.1.21.0/24 PASS
passthrough-10.1.1.0/24-10.1.22.0/24:  10.1.1.0/24 === 10.1.22.0/24 PASS
passthrough-10.1.1.0/24-10.1.3.0/24:  10.1.1.0/24 === 10.1.3.0/24 PASS
passthrough-10.1.1.0/24-10.1.17.0/24:  10.1.1.0/24 === 10.1.17.0/24 PASS
...
...
Security Associations (1 up, 0 connecting):
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4[1]: ESTABLISHED 13 seconds ago, 192.168.0.31[C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=etb1.amon.ac-test.fr]...192.168.0.11[C=FR, L=Dijon, O=Education Nationale, OU=0002 110043015, CN=sphynx]
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4[1]: IKEv2 SPIs: df488ae94af7ad3e_i* 67e08dea39f282ce_r, public key reauthentication in 2 hours
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4{1}:  INSTALLED, TUNNEL, reqid 1, ESP SPIs: cfef0a24_i c08f7b7a_o
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4{1}:  AES_GCM_16_128, 0 bytes_i, 0 bytes_o, rekeying in 46 minutes
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T4{1}:   10.1.15.0/24 10.1.16.0/24 === 10.0.0.0/8
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T2{2}:  INSTALLED, TUNNEL, reqid 2, ESP SPIs: c5f532ce_i c4c8a197_o
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T2{2}:  AES_GCM_16_128, 0 bytes_i, 0 bytes_o, rekeying in 42 minutes
etb1.amon-default-2.7.0-aca.sphynx-default-2.7.0_1-AS-T2{2}:   10.1.3.0/24 === 172.30.101.0/24
...
...

Associated revisions

Revision f34d67b8 (diff)
Added by Fabrice Barconnière over 4 years ago

The passthrough connections were not supervised in rvp agent

ref #24907

Revision 444ac366 (diff)
Added by Fabrice Barconnière over 4 years ago

Zéphir RVP Agent has chanded ip_dst and ip_src format in text file

ref #24907

History

#1 Updated by Fabrice Barconnière over 4 years ago

  • Subject changed from Avec les nouvelles connexions passthrough, l'agent rvp dysfonctionne to Agent RVP HS avec les nouvelles connexions passthrough

#2 Updated by Scrum Master over 4 years ago

  • Status changed from Nouveau to En cours

#3 Updated by Scrum Master over 4 years ago

  • Assigned To set to Fabrice Barconnière

#4 Updated by Fabrice Barconnière over 4 years ago

  • Remaining (hours) changed from 6.0 to 0.1

#5 Updated by Fabrice Barconnière over 4 years ago

  • % Done changed from 0 to 100

#6 Updated by Scrum Master over 4 years ago

  • Status changed from En cours to Résolu

#7 Updated by Gérald Schwartzmann over 4 years ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) changed from 0.1 to 0.0

Also available in: Atom PDF