[leaf-user] Win XP to Bering Ipsec Gateway setup using X509
Hi All,
I am trying to setup a Bering 1.2 firewall to allow a Windows XP client to
connect to an internal network attached to the Bering box. I have already
successfully got a Net-Net Ipsec connection working between two Bering
firewalls using pre shared keys. I am now trying to add to this setup by
allowing a Windows XP client to connect.
I am essentially following the configuration as described by Nate Carlson
http://www.natecarlson.com/linux/ipsec-x509.php
When I try to ping the Bering internal network I get the following errors on
the Bering box auth.log
Ignoring Vendor ID payload {MS NT5 ...
Responding to Main Mode
Encrypted Informational Exchange message is invalid because it is for
incomplete ISAKMP SA
If I look on the XP Oakley log I see
IKE failed to find valid machine certificate
Received an unencrypted packet when crypto active
As far as I am aware I have setup the certificates correctly. I think my
first main question is, will this setup work. Should I be able to have both
a Net-Net ipsec connection as well as a Windows XP roadwarrior connection as
well.
Any help will be much appreciated. I can provide further configuration
details if necessary.
Regards,
Simon Chalk.
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ip_conntrack message
James Neave wrote: Can somebody tell me what this means and whether it is a problem please? Have a look at the current setting : cat /proc/sys/net/ipv4/ip_conntrack_max You could define the maximum of connection trackings: echo 12000 /proc/sys/net/ipv4/ip_conntrack_max --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Win XP to Bering Ipsec Gateway setup using X509
Hi Mohan,
Thanks for this I will have a look at your document.
Regards,
Simon.
-Original Message-
From: S Mohan [mailto:[EMAIL PROTECTED]
Sent: 18 September 2003 11:53
To: Simon Chalk
Subject: RE: [leaf-user] Win XP to Bering Ipsec Gateway setup using X509
I've done this using Marcus Muller's utility and it worked well. I've a doc
in my devel (mohansundaram) area. Maybe that will help.
Regards
Mohan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Simon Chalk
Sent: Thursday, September 18, 2003 3:01 PM
To: Leaf-User List
Subject: [leaf-user] Win XP to Bering Ipsec Gateway setup using X509
Hi All,
I am trying to setup a Bering 1.2 firewall to allow a Windows XP client to
connect to an internal network attached to the Bering box. I have already
successfully got a Net-Net Ipsec connection working between two Bering
firewalls using pre shared keys. I am now trying to add to this setup by
allowing a Windows XP client to connect.
I am essentially following the configuration as described by Nate Carlson
http://www.natecarlson.com/linux/ipsec-x509.php
When I try to ping the Bering internal network I get the following errors on
the Bering box auth.log
Ignoring Vendor ID payload {MS NT5 ...
Responding to Main Mode
Encrypted Informational Exchange message is invalid because it is for
incomplete ISAKMP SA
If I look on the XP Oakley log I see
IKE failed to find valid machine certificate
Received an unencrypted packet when crypto active
As far as I am aware I have setup the certificates correctly. I think my
first main question is, will this setup work. Should I be able to have both
a Net-Net ipsec connection as well as a Windows XP roadwarrior connection as
well.
Any help will be much appreciated. I can provide further configuration
details if necessary.
Regards,
Simon Chalk.
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Win XP to Bering Ipsec Gateway setup using X509 and Pre Shared Keys
Hi All,
To get to the bottom of this problem I have decided to try to get the setup
working with preshared keys. I now get different failure results.
On the Bering end I get
packet from ip: ignoring Vendor ID payload
responding to Main Mode
next payload type of ISAKMP Indentification Payload has an unknown value: 32
probable authentication failure (mismatch of preshared secrets?)
On the Win XP End (Oakley log)
First error seen at
next payload: NOTIFY
then see received an unencrypted packet when crypto active
Negotiation timed out
I am at a loss to know whether the problem is at the XP end or the Bering
Firewall end.
Please help
Regards,
Simon.
Hi All,
I am trying to setup a Bering 1.2 firewall to allow a Windows XP client to
connect to an internal network attached to the Bering box. I have already
successfully got a Net-Net Ipsec connection working between two Bering
firewalls using pre shared keys. I am now trying to add to this setup by
allowing a Windows XP client to connect.
I am essentially following the configuration as described by Nate Carlson
http://www.natecarlson.com/linux/ipsec-x509.php
When I try to ping the Bering internal network I get the following errors on
the Bering box auth.log
Ignoring Vendor ID payload {MS NT5 ...
Responding to Main Mode
Encrypted Informational Exchange message is invalid because it is for
incomplete ISAKMP SA
If I look on the XP Oakley log I see
IKE failed to find valid machine certificate
Received an unencrypted packet when crypto active
As far as I am aware I have setup the certificates correctly. I think my
first main question is, will this setup work. Should I be able to have both
a Net-Net ipsec connection as well as a Windows XP roadwarrior connection as
well.
Any help will be much appreciated. I can provide further configuration
details if necessary.
Regards,
Simon Chalk.
---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] looking for a new sshd.lrp
Has anyone packaged open ssh 3.7.1 for standard Dachstein - Bering yet? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Defeating Verisign's wildcards
What on Earth is 2003 coming to? First SCO and now Verisign. Sigh! I am running tinydns/dnscache on my Bering box. Has someone built a patch for this setup to block the evil Verisign wildcards? Thanks! --Stuart _ Compare Cable, DSL or Satellite plans: As low as $29.95. https://broadband.msn.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Next Release: (tulip.o)
Does anybody know why (tulip.o) in /lib/modules isn't included in the Bering package? Every time I upgrade, I have have to go out of my way to get tulip.o into the /lib/modules directory in order for Bering to see my NetGear Cards. If possible, could the powers that be include this in the next release? NOTE: Also some type of GRE (.lrp) package would be nice so we could setup GRE Tunnels to be used for Multicasting. I never could get (ip_gre.o) to work. -Alby --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] openssh 3.7.1p1 available for Bering
The openssh 3.7.1p1 suite is available for testing in the following directory: http://leaf.sourceforge.net/devel/jnilo/packages/openssh-3.7.1p1/ It is compiled statically against openssl 0.9.7b Jacques --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Acx100 - Dlink 520+ Bering 1.2
Has anybody make D-Link 520+ works in Bering 1.2. I compile the modole but this is the log after # insmod acx100_pci.o firmware_dir=firmware insmod: unresolved symbol __ioremap_R9eac042a insmod: unresolved symbol cpu_raise_softirq_Rd01f3ee8 insmod: unresolved symbol netif_rx_R8fa84786 insmod: unresolved symbol __kfree_skb_R2aa7f7c4 insmod: unresolved symbol kmalloc_R93d4cfe6 insmod: unresolved symbol unregister_netdev_R6073b2e9 insmod: unresolved symbol pci_free_consistent_Rd23139f1 insmod: unresolved symbol alloc_skb_Re2a6b56f insmod: unresolved symbol register_netdev_Rbd99562f insmod: unresolved symbol __generic_copy_to_user_Rd523fdd3 insmod: unresolved symbol pci_alloc_consistent_R1f6a8dc8 insmod: unresolved symbol __request_region_R1a1a4f09 insmod: unresolved symbol __generic_copy_from_user_R116166aa insmod: unresolved symbol eth_type_trans_R9ccac474 insmod: unresolved symbol jiffies_R0da02d67 insmod: unresolved symbol disable_irq_R3ce4ca6f insmod: unresolved symbol free_irq_Rf20dabd8 insmod: unresolved symbol sprintf_R1d26aa98 insmod: unresolved symbol pci_enable_device_R944b5e42 insmod: unresolved symbol enable_irq_Rfcec0987 insmod: unresolved symbol kfree_R037a0cba insmod: unresolved symbol skb_over_panic_R8f8e21d2 insmod: unresolved symbol __release_region_Rd49501d4 insmod: unresolved symbol printk_R1b7d4074 insmod: unresolved symbol softnet_data_R5a0882b5 insmod: unresolved symbol iounmap_R5fb196d4 insmod: unresolved symbol do_BUG_R577f4bff insmod: unresolved symbol request_irq_R0c60f2e0 insmod: unresolved symbol ether_setup_R2a548a49 insmod: unresolved symbol pci_register_driver_R465aa46c insmod: unresolved symbol pci_unregister_driver_R26713b86 insmod: unresolved symbol iomem_resource_R9efed5af I used Debian/woody to compile the module. Could be the kernel is 2.4.18 and bering 1.2 is using 2.4.20 but i used it before with other modules and it works. If anybody have a idea i will be great. Thanks in advance. Sebastian A. Aresca --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: [leaf-devel] openssh 3.7.1p1 available for Bering
Jacques Nilo wrote: The openssh 3.7.1p1 suite is available for testing in the following directory: http://leaf.sourceforge.net/devel/jnilo/packages/openssh-3.7.1p1/ It is compiled statically against openssl 0.9.7b Jacques Thank you Jacques for all your hard work --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
