On Thu, Mar 05, 2009 at 02:32:36PM -0700, Cameron Schaus wrote:
I recently configured an IPSEC tunnel between OpenBSD 4.4 machine and a Cisco
gateway. I had trouble during the key exchange because I had configured DH
group 2. The Cisco sent a proposal for DH group 5 with a lifetime of 7800
Hi,
On Mon, Jan 19, 2009 at 04:56:25PM +0100, Christoph Leser wrote:
I noticed that the cisco end of a VPN I configured on my openBSD sends a
DELETE message after a certain amount of idle time.
Which SAs get deleted? isakmp, ipsec or both?
HJ.
Support for specifying aes key sizes was added february 2008, thus 4.2
does not provide this.
On Wed, Nov 12, 2008 at 03:17:17PM +, Joe Warren-Meeks wrote:
On Wed, Nov 12, 2008 at 02:35:35PM +0100, Claer wrote:
Hey there,
OK, so I've switched to ipsec.conf and it is alot easier!
On Mon, Nov 19, 2007 at 12:26:16PM +0100, Mitja Mu?eni? wrote:
As far as I can tell, currently in ipsec.conf there is no way to use AES
with KEY_LENGHT=256. Is anybody working on adding this? Otherwise I might
try it when the time permits.
I'm thinking that isakmpd should first learn about
Just use a recent snapshot. Support for names instead of ip addresses has
been added, mh, at least a year ago.
HJ.
On Tue, Sep 04, 2007 at 12:32:55PM +0200, * VLGroup Forums wrote:
Hello everyone,
I have several VPN tunnels between OBSD 3.8 systems (LAN to LAN via
VPN). These all have
Hi,
could you try the attached diff, please?
Index: message.c
===
RCS file: /cvs/src/sbin/isakmpd/message.c,v
retrieving revision 1.126
diff -u -p -r1.126 message.c
--- message.c 2 Jun 2007 01:29:11 - 1.126
+++ message.c
Hi,
On Mon, Sep 03, 2007 at 12:59:48PM +0100, Josi Costa wrote:
Sep 3 13:49:55 obsd1 isakmpd[1074]: dropped message from 172.26.10.83
port 500 due to notification type NO_PROPOSAL_CHOSEN
Sep 3 13:49:55 obsd1 isakmpd[1074]: responder_recv_HASH_SA_NONCE:
KEY_EXCH payload without a group
Hi,
which transforms are configured on the ISA server for phase 2?
On Mon, Sep 03, 2007 at 02:21:24PM +0100, Josi Costa wrote:
How can I solve this? Any docs about it? Debugging?
On 9/3/07, Hans-Joerg Hoexer [EMAIL PROTECTED] wrote:
Hi,
On Mon, Sep 03, 2007 at 12:59:48PM +0100, JosC
On Mon, Sep 03, 2007 at 02:45:46PM +0100, Josi Costa wrote:
3des, sha1, PFS disabled.
ok, then enable pfs, use modp1024
Hi,
On Mon, Sep 03, 2007 at 03:11:35PM +0100, Josi Costa wrote:
Sep 3 15:05:16 obsd1 isakmpd[25239]: dropped message from
172.26.10.83 port 500 due to notification type NO_PROPOSAL_CHOSEN
Sep 3 15:05:16 obsd1 isakmpd[25239]: responder_recv_HASH_SA_NONCE:
KEY_EXCH payload without a group
On Thu, Aug 16, 2007 at 06:43:34PM -0700, Steve B wrote:
I made a few changes and did some more testing this evening.
1. I changed the /etc/ipsec.conf to bring it in line with the Greenbow
default transforms that Hans-Joerg recommened.
# cat /etc/ipsec.conf
ike dynamic esp tunnel from any
+0200, Hans-Joerg Hoexer wrote:
On Mon, Aug 13, 2007 at 01:30:11AM +0300, Sergey Prysiazhnyi wrote:
ike dynamic from any to any \
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha1 enc aes psk secret
; ike passive, ike passive esp, ike esp, etc
On Thu, Aug 09, 2007 at 02:22:31AM +0200, James Lepthien wrote:
Hi,
I have set up a vpn from my OpenBSD Box (4.1-current) to our company
WatchGuard X700. My problem is that the re-keying
isn't always working and my tunnel does not come up if I send traffic to
the destination network. I
On Mon, Aug 13, 2007 at 01:30:11AM +0300, Sergey Prysiazhnyi wrote:
ike dynamic from any to any \
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha1 enc aes psk secret
; ike passive, ike passive esp, ike esp, etc - no results.
On the openbsd gateway you need
Hi,
On Thu, Aug 02, 2007 at 09:23:59PM +0200, Sven Ulland wrote:
I am running OpenBSD 4.0 on amd64, and I'm seeing that isakmpd builds
up a large amount of redundant phase 1 tunnels for one of our peers.
It will only report these when prompted with 'echo r \
isakmpd.fifo', it's not shown in
On Thu, Aug 02, 2007 at 10:23:59PM +0200, Sven Ulland wrote:
I'm very (that's putting it mildly) interested in the issues with 4.0
that you mention. Would you be able to shed some more light on which
issues they were, or point me to references? It would be most
interesting.
I'm not sure, but
Hi,
On Thu, Jul 26, 2007 at 10:04:31AM +0200, [EMAIL PROTECTED] wrote:
Hi,
I am using ipsecctl and /etc/ipsec.conf to create an IPSec tunnel to a
WatchGuard Firebox X700 in my company. It works fine, but the
re-keying always makes some trouble, it does not always work. My
question
Hi,
the Subject Alternative Name of your certificate will be used as phase 2
IDs, ie. that's what is sent. If you want to use the Subject Canonical
Name, you have to additionlly provide an isakmpd.policy file and you have
to run isakmpd without the -K option. See isakpmd.policy(5).
On Fri, Jul
Hi,
On Thu, Jul 12, 2007 at 05:38:47PM -0800, eric wrote:
I have an OpenBSD 4.1 (OpenBSD snip 4.1 GENERIC#1435 i386) acting
as a PPPoE NAT router firewall to my ISP. I'd like to replace my OS
X 10.4 Server IPSEC VPN with the OpenBSD system. My road warrior
clients are all OS X 10.4.10.
On Mon, May 28, 2007 at 07:02:39PM +0930, Damon McMahon wrote:
Greetings,
How would I specify that blowfish, AES and 3DES should be accepted -
in that order - in ipsec.conf(5) to configure isakmpd(8)?
this is not supported by ipsec.conf(5).
In the deprecated isakmpd.conf(5) for Main
configuration?
yes.
Anyone?
Thanks,
Tim
Hans-Joerg Hoexer wrote:
On Thu, Apr 12, 2007 at 11:25:49AM -0600, Tim Pushor wrote:
Hi friends,
I'm looking to add another IPSEC connection to my openbsd 3.9 firewall.
All examples I've seen are a single connection (phase 1
On Sun, Apr 15, 2007 at 05:26:11PM +0200, Markus Wernig wrote:
/etc/rc.conf.local
ipsec=YES
isakmpd_flags=-K -f /var/run/isakmpd.fifo
why the -f ...? isakmpd takes care of the fifo itself. You only need
-K, nothing else.
On Thu, Apr 12, 2007 at 11:25:49AM -0600, Tim Pushor wrote:
Hi friends,
I'm looking to add another IPSEC connection to my openbsd 3.9 firewall.
All examples I've seen are a single connection (phase 1). To support
multiple vpn's tunnels, is it as simple as adding additional lines under
On Wed, Apr 11, 2007 at 01:28:28PM -0600, Roy Kim wrote:
I'm trying to setup an ipsec tunnel between an openbsd and a windows
box using X.509 certificates. Phase 1 gets successfully negotiated but
then things crap out at step 1 of phase 2 and I don't have a clue
what's wrong. Any thoughts?
Hi,
On Fri, Nov 24, 2006 at 09:45:45AM +, Brian Candler wrote:
I'm trying to set up multiple transport mode SAs between an OpenBSD 4.0 box
and a Cisco 7301 running IOS [ultimate reason is to load test multiple L2TP
over IPSEC tunnels].
Each SA is between the same two IP endpoints but
more correct diff:
Index: ike.c
===
RCS file: /cvs/src/sbin/ipsecctl/ike.c,v
retrieving revision 1.54
diff -u -p -r1.54 ike.c
--- ike.c 24 Nov 2006 08:07:18 - 1.54
+++ ike.c 24 Nov 2006 10:46:19 -
@@ -38,17
your tunnel is between 193.189.180.192/28 and 193.189.180.208/28
On Thu, Nov 23, 2006 at 01:10:13PM +0100, Mitja wrote:
...
OpenBSD1
# ipsecctl -s all
FLOWS:
flow esp in from 193.189.180.208/28 to 193.189.180.192/28 peer
172.16.16.6 type require
flow esp out from 193.189.180.192/28 to
Hi,
On Wed, Oct 11, 2006 at 02:17:42PM -0700, Prabhu Gurumurthy wrote:
pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
10.200.0.46: [579]$ cat ipsec.conf
remote_gw = 192.168.0.1
remote_net = { 10.0.100.0/22, 10.0.2/24 }
local_net = { 172.16.18.0/26 }
ike esp from $local_net
please provide all information.
On Tue, Sep 05, 2006 at 02:50:12PM -0400, John Ruff wrote:
I'm trying implement a IPSec/VPN tunnel and phase-II of the IKE
negotiation is failing with the following errors seen from 'isakmpd -
dKL -D A=90':
110340.763012 Default pf_key_v2_get_spi: GETSPI:
what ipsec software is running on the clients? What does your
ipsec.conf on the firewall look like?
On Sat, Sep 02, 2006 at 04:01:51PM -0400, Axton Grams wrote:
Hoping someone can point me in the right direction to get isakmpd working.
The scenario:
- the router drops all traffic directed
On Tue, Aug 08, 2006 at 08:23:39PM +0200, Floroiu, John Williams wrote:
does sasyncd enable the IPsec failover gateways to also share the ISAKMP SA
(so that DPD exchanges can proceed despite failures)? the ISAKMP SA is not
explicitly mentioned in the help page (and is actually distinct from
this is on -current?
On Tue, Aug 15, 2006 at 10:46:37PM -0400, Stefan wrote:
Can someone explain why this is giving a syntax error?
ike esp from 10.0.0.0/24 to 10.1.0.0/24 peer (remote IP CIDR) \
main auth hmac-md5 enc 3des group modp1024 \
Hi,
On Wed, Aug 16, 2006 at 09:46:18AM -0400, Stefan wrote:
Hans-Joerg Hoexer wrote:
this is on -current?
Sorry, I should have mentioned it. It's 3.9 release.
setting the group was added post 3.9.
Hi,
On Thu, Aug 10, 2006 at 12:04:08AM -0400, Steve Glaus wrote:
...
One glaring difference that I can see is that when I connect to the
DLINK I use a passive connection and isakpmd sits and listens for
incoming connections. Could this be a lifetime issue? Tech support at
the other end
On Fri, Jul 28, 2006 at 03:57:02PM -0400, Steven Surdock wrote:
Stuart Henderson wrote:
On 2006/07/28 06:30, jeraklo wrote:
sorry. got to go with the stable branch (3.9).
disadvantages:-
openvpn is more complicated to install on OpenBSD than ipsec
lots of security fixes
Not on
On Fri, Jul 28, 2006 at 09:32:09AM -0700, Spruell, Darren-Perot wrote:
Word is, there is a flaw in IKEv1 that allows for an attacker to create IKE
sessions faster than previous attempts expire. The security research firm
who found the flaw only lists Cisco VPN devices as being vulnerable while
On Wed, Jul 05, 2006 at 11:10:43AM -0600, Stephen Bosch wrote:
Does tcpdump work on enc0?
-Stephen-
yes:
[EMAIL PROTECTED]:1$ sudo tcpdump -n -i enc0
Password:
tcpdump: WARNING: enc0: no IPv4 address assigned
tcpdump: listening on enc0, link-type ENC
19:32:49.036465
isakmpd is only allowed to write to files in the /var/run directory.
I've updated the manpage accordingly.
On Wed, Jun 28, 2006 at 04:37:16PM -0600, Stephen Bosch wrote:
Hi:
Running OpenBSD 3.8, I cannot get isakmpd to write to a capture file.
Here is my mount output:
/dev/wd0a on /
On Wed, Jun 28, 2006 at 06:38:42PM +0200, Thomas Bvrnert wrote:
with the vpn1411 crypto card i get only
700 - 720 KB/s
CPU 30%
by the way the driver of the crypto card is buggy. i have
a lot of cards here removed in the last year. i got several
hangs. hans-joerg has no time to fix it.
On Thu, Jun 22, 2006 at 10:22:08AM -0700, Joe wrote:
Dries Schellekens wrote:
Bihlmaier Andreas wrote:
As I say earlier, the hardware is working, but the performance
bottleneck is elsewhere (presumably kernel crypto framework).
I'm interested in purchasing one of these boards for my
Hi,
On Tue, Jun 13, 2006 at 04:10:08PM -0700, Spruell, Darren-Perot wrote:
To follow that further, is it currently possible to do this kind of
road-warrior setup using ipsecctl/ipsec.conf? Doesn't it require aggressive
mode do to the unknown nature of the peer IP?
since c2k6 it almost is.
On Thu, May 04, 2006 at 12:31:28PM -0500, Nathan Johnson wrote:
...
The problem is when I try to ping any machine from network A to
192.168.51.0/24 (gateway B's internal network) besides the gateway
itsself (192.168.51.1), ping doesn't work.
what does doesn't work mean? Do you see the
On Thu, Apr 20, 2006 at 02:11:36PM +0100, Constantine A. Murenin wrote:
Hi,
I have an OpenBSD (file-)server at a remote location on the internet
that is around 137ms away from an OS X 10.4 laptop.
Is there a way to securely mount OpenBSD's filesystems from OS X in
such a setting?
On Wed, Apr 05, 2006 at 11:27:03AM +0200, Ingbert Zan wrote:
Does anybody know how to distinguish between the two flows?
you can't.
Of course it would be possible to NAT the two 10/8 networks
on Box 1 and 2.
do that.
On Wed, Apr 05, 2006 at 05:13:36PM +1000, Karl Kopp wrote:
Firstly, I thought I could just use /etc/ipsec.conf (right?) and a
line like this:
ike esp from 10.1.1.0/24 to 202.1.1.0/24 peer 202.1.1.30 main auth
hmac-md5 enc 3des psk shhhSecret
this looks correct.
Additionally to the debug
Hi,
On Fri, Mar 31, 2006 at 11:01:03AM +0200, Stefan Sczekalla-Waldschmidt wrote:
Some days ago one certain vpn-tunnel started failing for an
unpredictable time of some minutes up to an hour.
( mostly just less than 5 minutes). All other site-link-tunnels stay up
and running.
a long-term
On Mon, Mar 27, 2006 at 03:37:42AM -0500, Christopher Thorpe wrote:
dmesg says:
hifn0 at pci0 dev 14 function 0 Hifn 7955/7954 rev 0x00: LZS 3DES ARC4
MD5 SHA1 RNG AES PK, 32KB dram, irq 11
The drivers support modular exponentiation, but I'm having trouble
finding documentation or
On Wed, Mar 22, 2006 at 11:30:40PM +0100, Lukas Drbohlav wrote:
with this in x509v3.cnf
# default settings
CERTUFQDN = what i have to give there ??!!
the UFQDN, eg. [EMAIL PROTECTED]. Please take a look at isakmpd(8),
where this is explained using FQDN. UFQDN is similar.
Hi,
On Tue, Mar 21, 2006 at 07:27:45PM +1100, Rod Whitworth wrote:
Total mention in the manpage:
srcid fqdn
This optional parameter defines a FQDN that will be used by
isakmpd(8) as the identity of the local peer.
dstid fqdn
Similar to srcid,
Can you show me the output of ipsecctl -nvf ... on both machines.
HJ.
On Wed, Feb 22, 2006 at 01:08:39PM -0500, Adam wrote:
I am trying to setup a simple vpn between two networks using ipsecctl.
One side is running 3.8 release, the other 3.8 stable. On both sides I
have copied over
On Wed, Jan 18, 2006 at 11:20:55AM +0100, Joachim Schipper wrote:
Each will work; OpenVPN is slightly easier to set up, but IPsec will
likely offer better performance.
Forget about openvpn, there's no need to fiddle around with third
party stuff.
Just make sure to take a look at vpn(8). If
Hi,
On Fri, Dec 23, 2005 at 11:58:14AM -0500, Will H. Backman wrote:
Reducing the enckey to 160 bits worked. Interesting to note that if a
key is too short, you get a nice warning that the key is too short and
must be 160 bits long. If a key is too long, you don't get a warning,
just
the defaults are hmac-sha2-256 and aesctr which uses a 160 bit key.
On Wed, Dec 21, 2005 at 03:25:26PM -0500, Will H. Backman wrote:
OpenBSD 3.8 release.
I'm getting the same errors as this thread:
http://archives.neohapsis.com/archives/openbsd/2005-11/1980.html
I'm trying to use as many
On Sun, Dec 18, 2005 at 06:58:22PM +0100, Lukasz Sztachanski wrote:
ipsecadm(8) isn't new ;) Probably ipsecctl isn't `mature' enough to
handle such setup. Imho, you'll have to use isakmpd- actually web is
full of tutorials and examples of isakmpd configurtion; plus, it's very
flexible and
yes, you can. You need to encrypt traffic from/to your laptop to
0.0.0.0/0. So instead of using your gw address, use 0.0.0.0/0.
HJ.
On Thu, Dec 01, 2005 at 08:00:38AM +0100, raff wrote:
Hi,
I have wireless connection between my machine and router/gateway.
I can set up ipsec connection
please show us your config files.
On Wed, Nov 30, 2005 at 03:31:27PM +0100, martin wrote:
hi all, i use ipsec to replace wep for my wlan so the setup is pretty
simple and all and everything works. I used this page
http://www.dietlein.com/requisites/ipsec/ to get it to work and my
configs
On Wed, Nov 30, 2005 at 03:58:07PM +0100, martin wrote:
...
[Phase 1]
10.10.10.9= ISAKMP-peer-ignition
[Phase 2]
Connections=IPsec-ignition-soekris
this should be a passive connection. Otherwise isakmpd will try
to keep this connection up and when this fails it gets
make sure to apply all patches for 3.7, see errata37.html. I've added fix a
few days ago. Moreover, I need the full out put of -DA=80 to see what's
actually going on.
HJ.
On Tue, Nov 29, 2005 at 01:20:25PM +0100, [EMAIL PROTECTED] wrote:
Hello!
I have a problem with ISAKMPD on a new
Hi,
ok, please use hmac-sha1 instead of sha1
HJ.
On Thu, Nov 24, 2005 at 11:04:45AM +0100, raff wrote:
following ipsec.conf(5) i was trying to set up connection between to
hosts 192.168.1.115 and 192.168.1.125
I can set it using ipsecadm, and everything works fiine, but using
ipsecctl i'm
please apply all patches for 3.7. I've lately added a patch for
this issue to the 3.7 errata page.
HJ.
On Mon, Nov 21, 2005 at 05:01:28PM -0800, Dag Richards wrote:
Using the sample config straight from the vpn man page, my tunnel fails
to come up between GENERIC 3.8 or 3.7 on a sunfire v100
On Wed, Nov 09, 2005 at 07:44:29PM -0500, Roy Morris wrote:
libdvdread: Could not open /dev/rcd0c with libdvd.
libdvdread: Can't open /dev/rcd0c for reading
ERROR[ogle_nav]: faild to open/read the DVD
callbacks.on_opendvd_activate(): DVDSetDVDRoot: Root not set
WHat am I supposed to enter
man 3 errno
On Thu, Nov 10, 2005 at 01:53:27PM +0100, [EMAIL PROTECTED] wrote:
Hello!
Thanks for your reply, first of all.
Hi,
the errno shown be ipsecadm can be ignored, nothing to worry about
(and this was fixed post 3.7-stable). Besides this message the vpn
is working as
On Wed, Nov 09, 2005 at 05:03:25PM -0500, Roy Morris wrote:
I think you need libdvdcss from ports. Both mplayer and ogle
work fine for me.
or libdvd instead of libdvdcss.
If your other peer is 3.7, please apply all patches.
HJ.
On Fri, Nov 04, 2005 at 07:29:50PM +0100, Tobias Walkowiak wrote:
On Fri, Nov 04, 2005 at 06:42:11PM +0100, Michiel van der Kraats wrote:
Today I upgraded a VPN gateway to 3.8-RELEASE. Anyway, when I put
isakmpd.conf back and tried to
:21PM +0100, Hans-Joerg Hoexer wrote:
If your other peer is 3.7, please apply all patches.
of course i applied all 5 patches from 3.7. or do you have sth different in
mind?
--
tobias
Hi,
On Fri, Nov 04, 2005 at 10:47:59PM +0100, Tobias Walkowiak wrote:
hm, i think i better update the other peer to 3.8, as well - although it's
550 km from here ...
Other workaround, disable nat-t with the -T option.
but that only works for 3.8 isakmpd, doesn't it? what about the
Hi,
On Wed, Oct 26, 2005 at 02:40:52PM -0400, Roy Morris wrote:
I have been reading through the archives but have not found a reliable answer
yet. I have recently been converting vpns from manual to isakmpd, with one
of the other endpoints being a Cisco box. I can bring up a single subnet/IP
On Wed, Oct 26, 2005 at 10:24:25AM +0200, [EMAIL PROTECTED] wrote:
Hi all,
Is ike over tcp supported under isakmpd on obsd 3.7?? where I can
no
On Wed, Oct 19, 2005 at 01:34:45PM +0200, Kim Nielsen wrote:
[greenbow-quick-mode]
DOI=IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-AES-SHA-PFS-GR2-SUITE
it's GRP2, not GR2
[AES-SHA-GRP2]
ENCRYPTION_ALGORITHM= AES_CBC
HASH_ALGORITHM= SHA
Hi,
On Wed, Oct 19, 2005 at 01:34:45PM +0200, Kim Nielsen wrote:
[greenbow-main-mode]
DOI=IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= AES-SHA-GRP2
[greenbow-quick-mode]
DOI=IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-AES-SHA-PFS-GR2-SUITE
Hi,
On Fri, Sep 30, 2005 at 05:57:14PM -0700, Trepliev wrote:
[Net-SonicWall]
ID-type= IPV4_ADDR_SUBNET
Network= 172.16.0.0 http://172.16.0.0
Netmask= 255.255.0.0 http://255.255.0.0
^
[Net-Corp]
ID-type= IPV4_ADDR_SUBNET
Network= 10.1.105.0
much appreciated!
Best,
--Toni++
--
Dipl.-Inf. Hans-Joerg Hoexerroom: 07.137phone:+49 9131 852 7915
Dept. of Computer Science 3 University of Erlangen-Nuremberg
Martensstr. 3, 91058 Erlangen, Germany
On Tue, Sep 06, 2005 at 12:25:23AM -0500, Andrew Daugherity wrote:
===
a) biomask e74d netmask ff4d ttymask ffef
...
this are the interrupt masks (on i386) for the levels IPL_BIO,
IPL_NET and IPL_TTY after autoconfiguration has finished. They
will be modified again when clock and rtc are
= QM-ESP-DES-MD5-SUITE
--
pub 1024D/513AEFD9 1999-12-18 Hans-Joerg Hoexer
[EMAIL PROTECTED]
Key fingerprint = 83D2 436A 0D3C 34A9 E0FF 4C33 35F6 617C 513A EFD9
wrote:
...
I found the following page but the configfile for isakmpd is full of
bugs (looks like a lot of copy and paste without re-editing :-) )
http://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-howto/HOWTO.html
...
--
pub 1024D/513AEFD9 1999-12-18 Hans-Joerg Hoexer
,
sk
--
pub 1024D/513AEFD9 1999-12-18 Hans-Joerg Hoexer
[EMAIL PROTECTED]
Key fingerprint = 83D2 436A 0D3C 34A9 E0FF 4C33 35F6 617C 513A EFD9
?
Manon
[demime 1.01d removed an attachment of type application/pgp-signature]
[demime 1.01d removed an attachment of type application/pgp-signature]
--
pub 1024D/513AEFD9 1999-12-18 Hans-Joerg Hoexer
[EMAIL PROTECTED]
Key fingerprint = 83D2 436A 0D3C 34A9 E0FF
apply all patches listed on the errata pages for your 3.4 and 3.6
machines. There are patches for this issue.
On Sun, Jun 19, 2005 at 01:34:06PM +1000, Dave Harrison wrote:
I just upgraded my firewall to 3.7, but I've found my VPN is now not
working. I keep seeing NAT detected messages, but
site via VPN.I picked up the above ruleset from
internet. If someone can suggest better ruleset, that would be great
also.
Please help.
Thanks
Suresh
--
pub 1024D/513AEFD9 1999-12-18 Hans-Joerg Hoexer
[EMAIL PROTECTED]
Key fingerprint = 83D2 436A 0D3C 34A9 E0FF
79 matches
Mail list logo