[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [openbsd-france-misc]NAT et IPSEC

From: "brenda AT oreka POINT com" <brenda AT oreka POINT com>
To: "openbsd-france-misc" <openbsd-france-misc AT openbsd-france POINT org>
Subject: Re: [openbsd-france-misc]NAT et IPSEC
Date: Tue, 20 Jul 2004 12:30:18 +0200
Bonjour,


J'ai recupere les dernières sources d'isakmpd.

Je recompile dans /usr/src/sbin/isakmpd avec la commande "make obj && make depend && make".

La compilation s'arrête après avoir verbose ceci :

cert.o(.data+0x4): undefined reference to `x509_cert_init'
cert.o(.data+0x8): undefined reference to `x509_crl_init'
cert.o(.data+0xc): undefined reference to `x509_cert_get'
cert.o(.data+0x10): undefined reference to `x509_cert_validate'
cert.o(.data+0x14): undefined reference to `x509_cert_insert'
cert.o(.data+0x18): undefined reference to `x509_cert_free'
cert.o(.data+0x1c): undefined reference to `x509_certreq_validate'
cert.o(.data+0x20): undefined reference to `x509_certreq_decode'
cert.o(.data+0x24): undefined reference to `x509_free_aca'
cert.o(.data+0x28): undefined reference to `x509_cert_obtain'
cert.o(.data+0x2c): undefined reference to `x509_cert_get_key'
cert.o(.data+0x30): undefined reference to `x509_cert_get_subjects'
cert.o(.data+0x34): undefined reference to `x509_cert_dup'
cert.o(.data+0x38): undefined reference to `x509_serialize'
cert.o(.data+0x3c): undefined reference to `x509_printable'
cert.o(.data+0x40): undefined reference to `x509_from_printable'
cert.o(.data+0x48): undefined reference to `keynote_cert_init'
cert.o(.data+0x50): undefined reference to `keynote_cert_get'
cert.o(.data+0x54): undefined reference to `keynote_cert_validate'
cert.o(.data+0x58): undefined reference to `keynote_cert_insert'
cert.o(.data+0x5c): undefined reference to `keynote_cert_free'
cert.o(.data+0x60): undefined reference to `keynote_certreq_validate'
cert.o(.data+0x64): undefined reference to `keynote_certreq_decode'
cert.o(.data+0x68): undefined reference to `keynote_free_aca'
cert.o(.data+0x6c): undefined reference to `keynote_cert_obtain'
cert.o(.data+0x70): undefined reference to `keynote_cert_get_key'
cert.o(.data+0x74): undefined reference to `keynote_cert_get_subjects'
cert.o(.data+0x78): undefined reference to `keynote_cert_dup'
cert.o(.data+0x7c): undefined reference to `keynote_serialize'
cert.o(.data+0x80): undefined reference to `keynote_printable'
cert.o(.data+0x84): undefined reference to `keynote_from_printable'
conf.o: In function `conf_reinit':
conf.o(.text+0x11a6): undefined reference to `monitor_open'
exchange.o: In function `exchange_script':
exchange.o(.text+0x48): undefined reference to `script_transaction'
ike_auth.o: In function `ike_auth_get_key':
ike_auth.o(.text+0x1f6): undefined reference to `monitor_open'
ike_auth.o(.text+0x3a5): undefined reference to `monitor_open'
ike_auth.o: In function `rsa_sig_decode_hash':
ike_auth.o(.text+0xb8c): undefined reference to `x509_generate_kn'
ike_auth.o: In function `get_raw_key_from_file':
ike_auth.o(.text+0x1ac3): undefined reference to `monitor_fopen'
ike_phase_1.o: In function `ike_phase_1_initiator_send_SA':
ike_phase_1.o(.text+0x790): undefined reference to `nat_t_add_vendor_payloads'
ike_phase_1.o: In function `ike_phase_1_responder_send_SA':
ike_phase_1.o(.text+0xb6f): undefined reference to `nat_t_add_vendor_payloads'
ike_phase_1.o: In function `ike_phase_1_send_KE_NONCE':
ike_phase_1.o(.text+0xbd7): undefined reference to `nat_t_exchange_add_nat_d'
ike_phase_1.o: In function `ike_phase_1_recv_KE_NONCE':
ike_phase_1.o(.text+0xc3f): undefined reference to `nat_t_exchange_check_nat_d'
ike_quick_mode.o: In function `check_policy':
ike_quick_mode.o(.text+0x41): undefined reference to `ignore_policy'
ike_quick_mode.o(.text+0xb3): undefined reference to `policy_callback'
ike_quick_mode.o(.text+0xd5): undefined reference to `policy_callback'
ike_quick_mode.o(.text+0x105): undefined reference to `policy_asserts_num'
ike_quick_mode.o(.text+0x129): undefined reference to `policy_asserts_num'
ike_quick_mode.o(.text+0x14a): undefined reference to `policy_asserts_num'
ike_quick_mode.o(.text+0x154): undefined reference to `policy_asserts'
ike_quick_mode.o(.text+0x185): undefined reference to `policy_asserts_num'
ike_quick_mode.o(.text+0x18f): undefined reference to `policy_exchange'
ike_quick_mode.o(.text+0x198): undefined reference to `policy_sa'
ike_quick_mode.o(.text+0x1a1): undefined reference to `policy_isakmp_sa'
ike_quick_mode.o(.text+0x753): undefined reference to `policy_asserts_num'
ike_quick_mode.o(.text+0x780): undefined reference to `policy_asserts_num'
init.o: In function `init':
init.o(.text+0x43): undefined reference to `policy_init'
init.o(.text+0x66): undefined reference to `nat_t_init'
init.o(.text+0x6b): undefined reference to `udp_encap_init'
init.o(.text+0x70): undefined reference to `monitor_ui_init'
init.o: In function `reinit':
init.o(.text+0xb3): undefined reference to `policy_init'
ipsec.o: In function `ipsec_finalize_exchange':
ipsec.o(.text+0x392): undefined reference to `nat_t_setup_keepalive'
ipsec.o: In function `ipsec_exchange_script':
ipsec.o(.text+0xb88): undefined reference to `script_transaction'
ipsec.o: In function `ipsec_initiator':
ipsec.o(.text+0x1011): undefined reference to `ike_aggressive_initiator'
ipsec.o(.text+0x1018): undefined reference to `isakmp_cfg_initiator'
ipsec.o: In function `ipsec_responder':
ipsec.o(.text+0x11c1): undefined reference to `ike_aggressive_responder'
ipsec.o(.text+0x11c8): undefined reference to `isakmp_cfg_responder'
ipsec.o: In function `ipsec_decode_id':
ipsec.o(.text+0x234c): undefined reference to `x509_DN_string'
ipsec.o: In function `ipsec_id_string':
ipsec.o(.text+0x2e65): undefined reference to `x509_DN_string'
isakmpd.o: In function `parse_args':
isakmpd.o(.text+0x166): undefined reference to `ignore_policy'
isakmpd.o: In function `report':
isakmpd.o(.text+0x297): undefined reference to `monitor_fopen'
isakmpd.o: In function `write_pid_file':
isakmpd.o(.text+0x418): undefined reference to `monitor_fopen'
isakmpd.o: In function `main':
isakmpd.o(.text+0x5b9): undefined reference to `monitor_init'
isakmpd.o(.text+0x5ce): undefined reference to `monitor_loop'
isakmpd.o(.text+0x693): undefined reference to `monitor_init_done'
log.o: In function `log_fatal':
log.o(.text+0x6db): undefined reference to `monitor_exit'
log.o: In function `log_packet_init':
log.o(.text+0x78f): undefined reference to `monitor_stat'
log.o(.text+0x7fc): undefined reference to `monitor_fopen'
message.o: In function `message_validate_vendor':
message.o(.text+0x15e7): undefined reference to `nat_t_check_vendor_payload'
math_group.o: In function `ec2n_clone':
math_group.o(.text+0x3bc): undefined reference to `ec2ng_init'
math_group.o(.text+0x3c5): undefined reference to `ec2np_init'
math_group.o(.text+0x3d4): undefined reference to `ec2np_init'
math_group.o(.text+0x3e0): undefined reference to `ec2np_init'
math_group.o(.text+0x3ec): undefined reference to `ec2np_init'
math_group.o(.text+0x3ff): undefined reference to `ec2ng_set'
math_group.o(.text+0x41f): undefined reference to `ec2np_set'
math_group.o(.text+0x44f): undefined reference to `ec2ng_clear'
math_group.o(.text+0x458): undefined reference to `ec2np_clear'
math_group.o(.text+0x464): undefined reference to `ec2np_clear'
math_group.o(.text+0x46d): undefined reference to `ec2np_clear'
math_group.o(.text+0x476): undefined reference to `ec2np_clear'
math_group.o: In function `ec2n_free':
math_group.o(.text+0x4b1): undefined reference to `ec2ng_clear'
math_group.o(.text+0x4ba): undefined reference to `ec2np_clear'
math_group.o(.text+0x4c6): undefined reference to `ec2np_clear'
math_group.o(.text+0x4d2): undefined reference to `ec2np_clear'
math_group.o(.text+0x4de): undefined reference to `ec2np_clear'
math_group.o: In function `ec2n_init':
math_group.o(.text+0x53e): undefined reference to `ec2ng_init'
math_group.o(.text+0x547): undefined reference to `ec2np_init'
math_group.o(.text+0x556): undefined reference to `ec2np_init'
math_group.o(.text+0x565): undefined reference to `ec2np_init'
math_group.o(.text+0x574): undefined reference to `ec2np_init'
math_group.o(.text+0x5ee): undefined reference to `ec2np_find_y'
math_group.o(.text+0x602): undefined reference to `ec2np_ison'
math_group.o: In function `ec2n_operation':
math_group.o(.text+0x930): undefined reference to `ec2np_find_y'
math_group.o(.text+0x94c): undefined reference to `ec2np_mul'
sysdep.o: In function `sysdep_app_open':
sysdep.o(.text+0x3f): undefined reference to `monitor_pf_key_v2_open'
sysdep.o: In function `sysdep_cleartext':
sysdep.o(.text+0x145): undefined reference to `monitor_setsockopt'
sysdep.o(.text+0x17b): undefined reference to `monitor_setsockopt'
sysdep.o(.text+0x1b3): undefined reference to `monitor_setsockopt'
sysdep.o(.text+0x1eb): undefined reference to `monitor_setsockopt'
virtual.o: In function `virtual_bind':
virtual.o(.text+0x3a0): undefined reference to `udp_encap_default_port'
virtual.o(.text+0x412): undefined reference to `udp_encap_bind'
virtual.o: In function `virtual_clone':
virtual.o(.text+0x9a8): undefined reference to `udp_encap_default_port'
udp.o: In function `udp_make':
udp.o(.text+0x16d): undefined reference to `monitor_bind'
ui.o: In function `ui_open_result':
ui.o(.text+0xd39): undefined reference to `monitor_fopen'
collect2: ld returned 1 exit status
*** Error code 1

Stop in /usr/src/sbin/isakmpd (line 122 of /usr/share/mk/bsd.prog.mk).


QUESTION : est-ce que cela parle à quelqu'un ces erreurs ?

Merci d'avance.

---------- Initial Header -----------

From      : Laurent Cheylus <foxy AT free POINT fr>
To          : openbsd-france-misc AT openbsd-france POINT org
Cc          : 
Date      : Fri, 16 Jul 2004 00:54:53 +0200
Subject : Re: [openbsd-france-misc]NAT et IPSEC

Bonsoir,

On Thu, Jul 15, 2004 at 06:52:54PM +0200, brenda AT oreka POINT com wrote:

> Si j'ai bien compris, NAT et IPSEC étant incompatibles, il faut faire du NAT-Transversal.
> QUESTION: OpenNSD 3.x supporte t-il le NAT-Transversal ?

Hakan Olson a commité récemment le support du NAT-Traversal pour
OpenBSD, lors du Hackaton 2004 : voir ma news sur OpenBSD Journal à ce
sujet --> http://undeadly.org/cgi?action=article&sid=20040621042723

Pour utiliser le NAT-T avec IPsec (nécessaire si le tunnel VPN transite
via un équipement faisant de la translation), il faut :

- recuperer les dernières sources d'isakmpd (démon IKE d'OpenBSD) pour
  avoir le support du NAT-T
- recuperer les dernières sources du kernel pour le support d' udpencap
  (encapsulation du protocole ESP dans UDP)
- recompiler le tout : isakmpd supporte NAT-T par défaut

==> en clair, passer en OpenBSD-current pour isakmpd et le kernel.

D'après la mailing openbsd-ipsec-clients, cela fonctionne bien entre 2
gateways OpenBSD qui utilisent NAT-T et entre un OpenBSD (+ NAT-T) et un
FreeBSD / racoon (+ patch NAT-T).

Je n'ai pas encore eu l'occasion de tester mais je compte le faire
bientôt avec un Freeswan / Linux 2.6 et avec un client VPN Nomade SSH
Sentinel 1.4.1.

A++ Foxy.

---------------------------------------------------------------------
To unsubscribe, e-mail: openbsd-france-misc-unsubscribe AT openbsd-france POINT org
For additional commands, e-mail: openbsd-france-misc-help AT openbsd-france POINT org



////////////////////////////////////////////////////////////
// Webmail Oreka : http://www.oreka.com
////////////////////////////////////////////////////////////
Prev by Date: RE: [openbsd-france-misc] choix entre Cyrus et Courrier Imap
Next by Date: 3.5 + IBM X305 + Adaptec SCSI Card 29160LP (fwd)
Previous by thread: Re: [openbsd-france-misc]NAT et IPSEC
Next by thread: 3.5 + IBM X305 + Adaptec SCSI Card 29160LP (fwd)
Index(es):
- Date
- Thread