[leaf-user] Win XP to Bering Ipsec Gateway setup using X509
Hi All, I am trying to setup a Bering 1.2 firewall to allow a Windows XP client to connect to an internal network attached to the Bering box. I have already successfully got a Net-Net Ipsec connection working between two Bering firewalls using pre shared keys. I am now trying to add to this setup by allowing a Windows XP client to connect. I am essentially following the configuration as described by Nate Carlson http://www.natecarlson.com/linux/ipsec-x509.php When I try to ping the Bering internal network I get the following errors on the Bering box auth.log Ignoring Vendor ID payload {MS NT5 ... Responding to Main Mode Encrypted Informational Exchange message is invalid because it is for incomplete ISAKMP SA If I look on the XP Oakley log I see IKE failed to find valid machine certificate Received an unencrypted packet when crypto active As far as I am aware I have setup the certificates correctly. I think my first main question is, will this setup work. Should I be able to have both a Net-Net ipsec connection as well as a Windows XP roadwarrior connection as well. Any help will be much appreciated. I can provide further configuration details if necessary. Regards, Simon Chalk. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] ip_conntrack message
James Neave wrote: Can somebody tell me what this means and whether it is a problem please? Have a look at the current setting : cat /proc/sys/net/ipv4/ip_conntrack_max You could define the maximum of connection trackings: echo 12000 /proc/sys/net/ipv4/ip_conntrack_max --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Win XP to Bering Ipsec Gateway setup using X509
Hi Mohan, Thanks for this I will have a look at your document. Regards, Simon. -Original Message- From: S Mohan [mailto:[EMAIL PROTECTED] Sent: 18 September 2003 11:53 To: Simon Chalk Subject: RE: [leaf-user] Win XP to Bering Ipsec Gateway setup using X509 I've done this using Marcus Muller's utility and it worked well. I've a doc in my devel (mohansundaram) area. Maybe that will help. Regards Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Simon Chalk Sent: Thursday, September 18, 2003 3:01 PM To: Leaf-User List Subject: [leaf-user] Win XP to Bering Ipsec Gateway setup using X509 Hi All, I am trying to setup a Bering 1.2 firewall to allow a Windows XP client to connect to an internal network attached to the Bering box. I have already successfully got a Net-Net Ipsec connection working between two Bering firewalls using pre shared keys. I am now trying to add to this setup by allowing a Windows XP client to connect. I am essentially following the configuration as described by Nate Carlson http://www.natecarlson.com/linux/ipsec-x509.php When I try to ping the Bering internal network I get the following errors on the Bering box auth.log Ignoring Vendor ID payload {MS NT5 ... Responding to Main Mode Encrypted Informational Exchange message is invalid because it is for incomplete ISAKMP SA If I look on the XP Oakley log I see IKE failed to find valid machine certificate Received an unencrypted packet when crypto active As far as I am aware I have setup the certificates correctly. I think my first main question is, will this setup work. Should I be able to have both a Net-Net ipsec connection as well as a Windows XP roadwarrior connection as well. Any help will be much appreciated. I can provide further configuration details if necessary. Regards, Simon Chalk. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Win XP to Bering Ipsec Gateway setup using X509 and Pre Shared Keys
Hi All, To get to the bottom of this problem I have decided to try to get the setup working with preshared keys. I now get different failure results. On the Bering end I get packet from ip: ignoring Vendor ID payload responding to Main Mode next payload type of ISAKMP Indentification Payload has an unknown value: 32 probable authentication failure (mismatch of preshared secrets?) On the Win XP End (Oakley log) First error seen at next payload: NOTIFY then see received an unencrypted packet when crypto active Negotiation timed out I am at a loss to know whether the problem is at the XP end or the Bering Firewall end. Please help Regards, Simon. Hi All, I am trying to setup a Bering 1.2 firewall to allow a Windows XP client to connect to an internal network attached to the Bering box. I have already successfully got a Net-Net Ipsec connection working between two Bering firewalls using pre shared keys. I am now trying to add to this setup by allowing a Windows XP client to connect. I am essentially following the configuration as described by Nate Carlson http://www.natecarlson.com/linux/ipsec-x509.php When I try to ping the Bering internal network I get the following errors on the Bering box auth.log Ignoring Vendor ID payload {MS NT5 ... Responding to Main Mode Encrypted Informational Exchange message is invalid because it is for incomplete ISAKMP SA If I look on the XP Oakley log I see IKE failed to find valid machine certificate Received an unencrypted packet when crypto active As far as I am aware I have setup the certificates correctly. I think my first main question is, will this setup work. Should I be able to have both a Net-Net ipsec connection as well as a Windows XP roadwarrior connection as well. Any help will be much appreciated. I can provide further configuration details if necessary. Regards, Simon Chalk. --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] looking for a new sshd.lrp
Has anyone packaged open ssh 3.7.1 for standard Dachstein - Bering yet? --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Defeating Verisign's wildcards
What on Earth is 2003 coming to? First SCO and now Verisign. Sigh! I am running tinydns/dnscache on my Bering box. Has someone built a patch for this setup to block the evil Verisign wildcards? Thanks! --Stuart _ Compare Cable, DSL or Satellite plans: As low as $29.95. https://broadband.msn.com --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Next Release: (tulip.o)
Does anybody know why (tulip.o) in /lib/modules isn't included in the Bering package? Every time I upgrade, I have have to go out of my way to get tulip.o into the /lib/modules directory in order for Bering to see my NetGear Cards. If possible, could the powers that be include this in the next release? NOTE: Also some type of GRE (.lrp) package would be nice so we could setup GRE Tunnels to be used for Multicasting. I never could get (ip_gre.o) to work. -Alby --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] openssh 3.7.1p1 available for Bering
The openssh 3.7.1p1 suite is available for testing in the following directory: http://leaf.sourceforge.net/devel/jnilo/packages/openssh-3.7.1p1/ It is compiled statically against openssl 0.9.7b Jacques --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Acx100 - Dlink 520+ Bering 1.2
Has anybody make D-Link 520+ works in Bering 1.2. I compile the modole but this is the log after # insmod acx100_pci.o firmware_dir=firmware insmod: unresolved symbol __ioremap_R9eac042a insmod: unresolved symbol cpu_raise_softirq_Rd01f3ee8 insmod: unresolved symbol netif_rx_R8fa84786 insmod: unresolved symbol __kfree_skb_R2aa7f7c4 insmod: unresolved symbol kmalloc_R93d4cfe6 insmod: unresolved symbol unregister_netdev_R6073b2e9 insmod: unresolved symbol pci_free_consistent_Rd23139f1 insmod: unresolved symbol alloc_skb_Re2a6b56f insmod: unresolved symbol register_netdev_Rbd99562f insmod: unresolved symbol __generic_copy_to_user_Rd523fdd3 insmod: unresolved symbol pci_alloc_consistent_R1f6a8dc8 insmod: unresolved symbol __request_region_R1a1a4f09 insmod: unresolved symbol __generic_copy_from_user_R116166aa insmod: unresolved symbol eth_type_trans_R9ccac474 insmod: unresolved symbol jiffies_R0da02d67 insmod: unresolved symbol disable_irq_R3ce4ca6f insmod: unresolved symbol free_irq_Rf20dabd8 insmod: unresolved symbol sprintf_R1d26aa98 insmod: unresolved symbol pci_enable_device_R944b5e42 insmod: unresolved symbol enable_irq_Rfcec0987 insmod: unresolved symbol kfree_R037a0cba insmod: unresolved symbol skb_over_panic_R8f8e21d2 insmod: unresolved symbol __release_region_Rd49501d4 insmod: unresolved symbol printk_R1b7d4074 insmod: unresolved symbol softnet_data_R5a0882b5 insmod: unresolved symbol iounmap_R5fb196d4 insmod: unresolved symbol do_BUG_R577f4bff insmod: unresolved symbol request_irq_R0c60f2e0 insmod: unresolved symbol ether_setup_R2a548a49 insmod: unresolved symbol pci_register_driver_R465aa46c insmod: unresolved symbol pci_unregister_driver_R26713b86 insmod: unresolved symbol iomem_resource_R9efed5af I used Debian/woody to compile the module. Could be the kernel is 2.4.18 and bering 1.2 is using 2.4.20 but i used it before with other modules and it works. If anybody have a idea i will be great. Thanks in advance. Sebastian A. Aresca --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Re: [leaf-devel] openssh 3.7.1p1 available for Bering
Jacques Nilo wrote: The openssh 3.7.1p1 suite is available for testing in the following directory: http://leaf.sourceforge.net/devel/jnilo/packages/openssh-3.7.1p1/ It is compiled statically against openssl 0.9.7b Jacques Thank you Jacques for all your hard work --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html