Hi,
since I am a while out of the game of doing ipsec with Linux:
What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon.
Emerge -p gave me some ~ for ipsec-tools while openswan goes without.
Any input welcome. I need this for a road warrior setup.
Regards,
Konstantin
Hi,
I installed openswan recently to connect to my IPCOP based router via
VPN over an Netgear WPN311 WLAN card. According to some documentation I
found I added also ipsec-tools though it seems that this is not
necessary (setup of different PC without them and everything works
fine).
The problem
On 1/24/2010 1:38 PM, Konstantinos Agouros wrote:
Hi,
since I am a while out of the game of doing ipsec with Linux:
What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon.
Emerge -p gave me some ~ for ipsec-tools while openswan goes without.
Any input welcome. I need
kashani wrote:
On 1/24/2010 1:38 PM, Konstantinos Agouros wrote:
Hi,
since I am a while out of the game of doing ipsec with Linux:
What's the way to go? Strongswan/Openswan or ipsec-tools for
kame/racoon.
Emerge -p gave me some ~ for ipsec-tools while openswan goes without.
Any input
kernel modules, ipsec-tools and iptables, we see that as
keeping it simple and effective.
Your insight, suggested how-to pages are greatly appreciated.
Thanks in Advance,
Nick.
. Meaning if we could achieve the tunnel using the
required kernel modules, ipsec-tools and iptables, we see that as
keeping it simple and effective.
Your insight, suggested how-to pages are greatly appreciated.
To my knowledge, OpenVPN does not use IPSec. Instead, it encapsulates
either IP/IPv6 (tun
On 24.01.2010 23:38, Konstantinos Agouros wrote:
since I am a while out of the game of doing ipsec with Linux:
What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon.
Emerge -p gave me some ~ for ipsec-tools while openswan goes without.
Any input welcome. I need
In 4b612f2e.1070...@badapple.net kashani-l...@badapple.net (kashani) writes:
On 1/24/2010 1:38 PM, Konstantinos Agouros wrote:
Hi,
since I am a while out of the game of doing ipsec with Linux:
What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon.
Emerge -p gave me some
On Sunday 24 January 2010 21:38:23 Konstantinos Agouros wrote:
Hi,
since I am a while out of the game of doing ipsec with Linux:
What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon.
Openswan is simpler to configure, although I have not tried it yet. I have
however
/swab.h:6:22: error: asm/swab.h: No such
file or directory
make[4]: *** [isakmp.o] Error 1
make[4]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-
tools-0.7.3/work/ipsec-tools-0.7.3/src/racoon'
make[3]: *** [all] Error 2
make[3]: Leaving directory `/var/tmp/portage/net-firewall
/ipsec-
tools-0.7.3/work/ipsec-tools-0.7.3/src/racoon'
make[3]: *** [all] Error 2
make[3]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-
tools-0.7.3/work/ipsec-tools-0.7.3/src/racoon'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/var/tmp/portage/net-firewall/ipsec
or
directory
make[4]: *** [isakmp.o] Error 1
make[4]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-
tools-0.7.3/work/ipsec-tools-0.7.3/src/racoon'
make[3]: *** [all] Error 2
make[3]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-
tools-0.7.3/work/ipsec-tools-0.7.3/src/racoon'
make
:115:
../../src/include-glibc/linux/swab.h:6:22: error: asm/swab.h: No such
file or
directory
make[4]: *** [isakmp.o] Error 1
make[4]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-
tools-0.7.3/work/ipsec-tools-0.7.3/src/racoon'
make[3]: *** [all] Error 2
make[3]: Leaving
] Error 1
make[4]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-
tools-0.7.3/work/ipsec-tools-0.7.3/src/racoon'
make[3]: *** [all] Error 2
make[3]: Leaving directory `/var/tmp/portage/net-firewall/ipsec-
tools-0.7.3/work/ipsec-tools-0.7.3/src/racoon'
make[2]: *** [all-recursive] Error 1
OpenVPN
vs OpenSwan debate, we would really like to keep the application level
to a minimum. Meaning if we could achieve the tunnel using the
required kernel modules, ipsec-tools and iptables, we see that as
keeping it simple and effective.
Your insight, suggested how-to pages are greatly
just a bit on the
issues (config files, possible values) involved?
I mean, the ebuild for ipsec-tools doesn't even put in half the config files...
as if any of this could work at all without them?
Any help appreciated. :(
Cheers
-headers-2.6.8.1-r4 (masked by: profile)
For more information, see MASKED PACKAGES section in the emerge man page
or
section 2.2 Software Availability in the Gentoo Handbook.
!!!(dependency required by net-firewall/ipsec-tools-0.5-r1
[ebuild])
!!! Problem with ebuild net-firewall/ipsec-tools-0.5
On 8/11/05, Walter Willis [EMAIL PROTECTED] wrote:
the install openswan ok but install ipsec-tools and error:
gcc -L../libipsec/.libs -o plainrsa-gen plainrsa-gen.o plog.o vmbuf.o
crypto_openssl.o logger.o misc.o -lssl -lcrypto -lresolv -lipsec
-lflsha2.o
gcc: sha2.o: No such file
Zac Medico [EMAIL PROTECTED] writes:
Are we really far behind? That's difficult to believe. For what
packages specifically? Do you know how to unmask unstable packages
(marked M or M~ at packages.gentoo.org)?
ipsec-tools. The current upstream 'release' is 0.6, and 0.6.1 is at
release
intensive
connections in a deployment environment. Without starting any OpenVPN
vs OpenSwan debate, we would really like to keep the application level
to a minimum. Meaning if we could achieve the tunnel using the
required kernel modules, ipsec-tools and iptables, we see that as
keeping it simple
a combination of existing
tools. Given that they're using IPSec, it may be that all you need is
racoon.
http://en.gentoo-wiki.com/wiki/IPsec_L2TP_VPN_server
--
:wq
pre-shared secret connection, and wish to elaborate just a bit on
the issues (config files, possible values) involved?
I mean, the ebuild for ipsec-tools doesn't even put in half the config
files... as if any of this could work at all without them?
Any help appreciated. :(
Any progress
Graham Murray wrote:
Zac Medico [EMAIL PROTECTED] writes:
Are we really far behind? That's difficult to believe. For what
packages specifically? Do you know how to unmask unstable packages
(marked M or M~ at packages.gentoo.org)?
ipsec-tools. The current upstream 'release' is 0.6
grab
their package, you can probably repackage such that it'd work on
Gentoo. I know that's how one would [used to] install closed binary
packages like Skype.
That said, it's possible they're using a combination of existing
tools. Given that they're using IPSec, it may be that all you need
On Thursday 15 December 2005 09:10 pm, Grant wrote:
How can I see what is happening as far as traffic on my unencrypted
network?
tcpdump
How can I keep my own http traffic private?
Use https instead. IPSec is another option, if supported. Also,
traffic is normally only passed along
another.
DPD timeouts are 30seconds minimum, which is too long.
i'll keep you posted if the bird recommendations works better
You can tune dpd_delay and dpd_retry in racoon.conf (if you are using ipsec-
tools) or the equivalent in open/strongswan. I think strongswan sends
keepalives every 20
, but I don't know if this
includes any necessary patches. You could check the changelog.
BTW, have you tried more actively developed VPN software like strongswan (it
has a networkmanager plugin) or even ipsec-tools instead of vpnc, to see if
you're getting the same problem? I think
consider using a
different tunnel method. A network layer VPN, like IPSec (you can use
StrongSwan which also offers IKEv2 and MOBIKE for your laptop, or ipsec-tools
with racoon for IKEv1 only) should work without such problems. You will be
tunnelling tcp in udp packets. If you tunnel to your
consider using a
different tunnel method. A network layer VPN, like IPSec (you can use
StrongSwan which also offers IKEv2 and MOBIKE for your laptop, or ipsec-tools
with racoon for IKEv1 only) should work without such problems. You will be
tunnelling tcp in udp packets. If you tunnel to your
default gateway machine. tcpdump is pretty cool for sure.
How can I keep my own http traffic private?
Use https instead. IPSec is another option, if supported. Also,
traffic is normally only passed along the links between you and the
server, unless there's some hub between you can them
On Jan 20, 2012, at 9:36 PM, Walter Dnes waltd...@waltdnes.org wrote:
On Fri, Jan 20, 2012 at 10:45:08AM -0600, Chris Frederick wrote
If you still want private addresses, IPv6 has unique local addresses
(fc00::/7 range, http://www.sixxs.net/tools/grh/ula/ has a reg form to
help assign a /48
still annoying.
Thanks in advance for any suggestions.
Not sure why this is happening, but I have noticed the same with some
applications (ipsec-tools springs to mind). I think it started when /var/run,
/var/lock and /dev/shm (? not sure) were moved over to /run/*.
I assumed
acquainted with OpenVPN for
just this purpose. I've been using Gentoo on all of my systems for
nearly 15 years and haven't needed it otherwise.
> I've been using it for years and I love it. It's definitely easier to
> set up than IPSec. All my DNS (and some other UDP stuff) goes over
&
ars and I love it. It's definitely easier to
set up than IPSec. All my DNS (and some other UDP stuff) goes over
OpenVPN. At times I even had a "ssh -D" SOCKS proxy on the other end,
so double encryption, with no slowdown to notice.
Now if SoftLayer or the warty tools they provide wan
t;
>> I've been using it for years and I love it. It's definitely easier to
>> set up than IPSec. All my DNS (and some other UDP stuff) goes over
>> OpenVPN. At times I even had a "ssh -D" SOCKS proxy on the other end,
>> so double encryption, with no slowdow
plugin) or even ipsec-tools instead of vpnc, to
see if you're getting the same problem? I think that they should work
with Cisco VPN gateways, although it may be fiddly to set them up.
i can find only ebuilds of (networkmanager-)openswan in the official tree.
strongswan is in the stable tree
Software has been much better. Windows has had full
IPv6 support since Vista. Linux has
had full IPv6 support for a few years, including IPSec. The software
implementations are written...the stuff that's still arriving is
feature-add.
Offload engines and managed switches haven't switched over because
On 03/09/2013 07:53 AM, Kevin Chadwick wrote:
There is no reason to believe that IPv6 will result in an
increased use of IPsec.
Bull. The biggest barrier to IPsec use has been NAT! If an
intermediate router has to rewrite the packet to change the
apparent source and/or destination
can run
that stuff. Is there anything I can use from my workstation which is
connected to the network?
How can I keep my own http traffic private?
Use https instead. IPSec is another option, if supported. Also,
traffic is normally only passed along the links between you
specific optimizations
out of it.
A quick grep of /usr/portage shows that many builds will use
replace-flags to replace one -march setting with another or with
-mtune/-mcpu.
There are a few that can filter -march altogether:
1. net-firewall/ipsec-tools: filters all -march=c3
2. media-libs
actively developed VPN software like strongswan
(it has a networkmanager plugin) or even ipsec-tools instead of vpnc, to
see if you're getting the same problem? I think that they should work
with Cisco VPN gateways, although it may be fiddly to set them up.
i can find only ebuilds
software like
strongswan (it has a networkmanager plugin) or even ipsec-tools
instead of vpnc, to see if you're getting the same problem? I think
that they should work with Cisco VPN gateways, although it may be
fiddly to set them up.
i can find only ebuilds of (networkmanager-)openswan
some other
way to find the process, but its still annoying.
Thanks in advance for any suggestions.
Not sure why this is happening, but I have noticed the same with some
applications (ipsec-tools springs to mind). I think it started when
/var/run,
/var/lock and /dev/shm (? not sure
?
maybe.
BTW, have you tried more actively developed VPN software like
strongswan (it has a networkmanager plugin) or even ipsec-tools
instead of vpnc, to see if you're getting the same problem? I think
that they should work with Cisco VPN gateways, although it may be
fiddly
On 03/11/2013 06:34 PM, Kevin Chadwick wrote:
On 03/09/2013 07:53 AM, Kevin Chadwick wrote:
There is no reason to believe that IPv6 will result in an
increased use of IPsec.
Bull. The biggest barrier to IPsec use has been NAT! If an
intermediate router has to rewrite the packet to change
thing vaguely M$FT about this setup is
MS-CHAP. And L2TP, perhaps. (At least, in so far as I understand this crap,
that's my conclusion.)
I have:
net-firewall/ipsec-tools
net-dialup/xl2tpd
net-dialup/ppp --is this needed?
I don't have * net-misc/openswan ... since that seems
are on a hub, you should see all
traffic connected to the hub.
How can I keep my own http traffic private?
Use https instead. IPSec is another option, if supported. Also,
traffic is normally only passed along the links between you and the
server, unless there's some hub between you can
services from attack/discovery? Great, that's what
your firewall is for, so you don't need to worry about private
addresses. Another option is to deploy IPSec for internal services, this would
hide internal services even from hosts on the private address
space unless they are trusted though IPSec
connected to the hub.
How can I keep my own http traffic private?
Use https instead. IPSec is another option, if supported. Also,
traffic is normally only passed along the links between you and the
server, unless there's some hub between you can them.
You may be able
.
for 'compatibility' very many low powered encryption schemes are
supported and it is these that are the issue.
if you are using ipsec tunnels with aes encryption you can happily
ignore these.
if you are using mpls networks you can almost guarantee your isp and
therefore your network is compromised.
the question
the level of security to something that is
crackable.
for 'compatibility' very many low powered encryption schemes are
supported and it is these that are the issue.
if you are using ipsec tunnels with aes encryption you can happily
ignore these.
if you are using mpls networks you can almost
? =net-nds/openldap-2.0)
mail-client/claws-mail-3.7.1 (ldap? =net-nds/openldap-2.0.7)
net-firewall/ipsec-tools-0.7.1 (ldap? net-nds/openldap)
net-fs/samba-3.0.33 (ldap? net-nds/openldap)
net-misc/curl-7.19.4 (ldap? net-nds/openldap)
net-misc/openssh-5.1_p1-r2 (ldap? net-nds/openldap)
net-misc
52 matches
Mail list logo