Am Montag, 10. November 2014, 22:56:28 schrieb Erich Titl:
Hi Adam
at 19.07.2007 00:57, Adam Niedzwiedzki wrote:
Hi guys,
insmod /lib/modules/ipsec.o has no issues (no errors) but I can't
find af_key.o anywhere in the modules download.
Any help appreciated
Paul Wouters
Hi Adam
at 19.07.2007 00:57, Adam Niedzwiedzki wrote:
Hi guys,
insmod /lib/modules/ipsec.o has no issues (no errors) but I can't
find af_key.o anywhere in the modules download.
Any help appreciated
Paul Wouters left the OpenSwan Project and it appears to be a dead duck
now. AFAIK
) to fix this one.
Cheers
Ad
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Adam
Niedzwiedzki
Sent: Thursday, 19 July 2007 9:57 AM
To: leaf-user@lists.sourceforge.net
Subject: [leaf-user] ipsec setup
Hi guys,
This has been fun dragging my old leaf boxes up
Hi guys,
This has been fun dragging my old leaf boxes up to the new builds. I was
running openvpn, and figured I'd upgrade to openswan (ipsec) for my vpns.
The guide on the site Configuring openswan(ipsec) talks about openswan.lrp
(but can't find it) so I'm guessing it's now ipsec.lrp.
The guide
Hi,
I've been asked to add VPN capabilities to our router here at work.
It's currently Bering-uClibc 2.3.1.
I keep getting this error in the /var/secure log when starting up or
connecting to the VPN:
Connecting:
ERROR: L2TP-PSK[2] 5.6.7.8 #3: pfkey write() of SADB_ADD message 5 for
Add SA
Of James Neave
Sent: 30 March 2007 12:55
To: leaf-user@lists.sourceforge.net
Subject: [leaf-user] IPSec errors, kernel/userland version mismatch?
Hi,
I've been asked to add VPN capabilities to our router here at work.
It's currently Bering-uClibc 2.3.1.
I keep getting this error in the /var
I was wondering if there is any documentation for using ipsec or some form
of vpn and Bering uClibc.
Specifically, I am using 3.0 beta 2 BuC with a standard 3 nic setup. I was
wanting to setup (a secure) remote desktop to multiple windows servers on my
dmz and possibly also a workstation on the
Hi Andrew,
Documentation about openvpn is in the following location:
http://leaf.sourceforge.net/doc/bk05ch07.html
Ipsec (openswan) documentation:
http://leaf.sourceforge.net/doc/bk05ch08.html
Additional information on the shorewall site (www.shorewall.net)
Regards,
Eric
I was wondering if
Hello Bodo,
I got the same error with the package I just checked out from CVS.
Then I checked the CVS revision:
cvs status ipsec.lrp
==File:
ipsec.lrp Status: Up-to-date
Working revision:1.2
Repository
Hello Huy,
There is indeed a typo in the buildtool setup of openswan, I have
corrected the setup and created a new package. It seems that Sourceforge's
CVS is down at the moment so I can't commit the fix. I will send you a new
package privately.
Thanks for reporting.
Eric
Hi
I am setting up
Hello Cpu,
Does the same fix applies to our current openswan-2.4.4?
Eric
Hello,
In addition to specifying a label I couldn't get openswan to work with
secondary IPs unless I changed this line in _startklips:
eval `ip addr show $phys primary | grep inet | sed -n 1p |
to:
eval `ip
Cpu,
If I'm not mistaken you have to use the standard kernel ciphers, openswan
doesn't use its own anymore.
#
# Cryptographic options
#
CONFIG_CRYPTO=y
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_NULL=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=m
CONFIG_CRYPTO_SHA1=m
CONFIG_CRYPTO_SHA256=y
Hello Cpu,
I looked through the openswan source, it seems that those ciphers are
linked into pluto.
Eric
Hello Arne,
I don't understand openswan 2.x. It doesn't have SHA2 (which I use).
Can't
modularize ciphers; no blowfish (missing usual ALGs). I tried using
cryptoapi's sha512 but that
Hi Eric,
I'm not using openswan 2.4.4, I'm using 1.0.9. But I did look at the newer
_startklips and the line is the same. To me, this suggests it's making the
same assumptions about the interface. My guess is that it will work.
original 2.4.4
/usr/lib/ipsec/_startklips:
eval `ip addr show
Hello Cpu,
A pity 2.4.4 is not working ok for you. You are the first reporting a
problem with it.
I looked through various documents and it seems like all those ciphers are
supported but probably internal.
Does the _startklips fix still suports plain ethx interfaces?
Eric
Hi Eric,
I'm
Eric,
Regarding openswan 2.x. It looks like one is supposed to use cryptoapi
instead of Juanjo's crypto algorithms. But there is no real info on how to
go from 1.x to 2.x. After getting stuck on SHA2_256 I gave up. Also, on
1.0.9 I made some modifications to ./pluto/kernel.c to allow for
Hi Cpu,
Eric,
Regarding openswan 2.x. It looks like one is supposed to use cryptoapi
instead of Juanjo's crypto algorithms. But there is no real info on how to
The cryptoapi stuff is optional and the other ciphers are internal to pluto:
Hmmm... Where/how do you set USE_EXTRACRYPTO?
-cpu
Eric Spakman wrote:
Hi Cpu,
Eric,
Regarding openswan 2.x. It looks like one is supposed to use cryptoapi
instead of Juanjo's crypto algorithms. But there is no real info on how
to
The cryptoapi stuff is optional and the other ciphers
Hi Cpu,
In makefile.inc
But a much better fix will be to enable cryptoapi in the kernel config and
rebuild openswan against it. Only the standard openswan patch doesn't
contain that option and I have to make a patch against it.
Eric
Hmmm... Where/how do you set USE_EXTRACRYPTO?
-cpu
Eric
Hello Cpu,
I think the fix to support cryptoapi is rather simple, it's just broken in
the openswan sources (patch).
If you change the following line in the kernel's linux/net/ipsec/Config.in
from:
bool ' IPsec Modular Extensions' CONFIG_KLIPS_ALG
if [ $CONFIG_KLIPS_ALG != n ]; then
Hello Arne,
I don't understand openswan 2.x. It doesn't have SHA2 (which I use).
Can't
modularize ciphers; no blowfish (missing usual ALGs). I tried using
cryptoapi's sha512 but that didn't work. I tried searching the openswan
mailing list, found a couple of similar concerns, but no answers.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sandro Doro wrote:
Hi,
I am testing Bering 2.3.1 with a multiple IP interface as:
# ip addr show eth0
5: eth0: BROADCAST,MULTICAST,ALLMULTI,UP mtu 1500 qdisc pfifo_fast qlen
1000
link/ether fe:fd:58:24:f8:e6 brd ff:ff:ff:ff:ff:ff
Hi,
I am testing Bering 2.3.1 with a multiple IP interface as:
# ip addr show eth0
5: eth0: BROADCAST,MULTICAST,ALLMULTI,UP mtu 1500 qdisc pfifo_fast qlen
1000
link/ether fe:fd:58:24:f8:e6 brd ff:ff:ff:ff:ff:ff
inet 82.46.148.130/24 brd 82.46.148.255 scope global eth0
inet
Hi all,
i just finished packaging openswan 2.4.2 for bering-uclibc
and did some initial testing, i am just wondering if someone
else is using openswan/ipsec and is willing to test it, too.
--arne
--
Arne Bernin [EMAIL PROTECTED]
http://www.ucBering.de
Hello list,
Quick question, for Bering-uClibc.
To use a box as an IPSec server, is it still FreeS/WAN that gets used?
And is all the same documentation that was used for original Bering
still valid?
Thanks,
James.
The information in this email is confidential and may be legally privileged.
Tom
Tom Eastep wrote:
while true; do
ip link ls dev ppp0 /dev/null 21 break
echo Waiting for ppp0 to come up...
sleep 5
done
Yes, that is more or less the thing I finally did, although this will
loop forever and without a console the poor luser might never know
Richard Saunders wrote:
Does this problem have anything to do with shorewall? Shorewall seems to
startup
without a problem and everything else runs fine. It's only ipsec that
can't find a default route.
I thought inetd may be responsible. Not that I know anything much about it.
Shorewall is
Richard Saunders wrote:
Thanks Tom and Eric
I don't know if it matters to me how long it takes to come up, so long
as everything that is supposed to work works once it's up.
When ppp0 is up its a router, until then it's lump of useless metal
chewing power.
I have put the loop here:
Richard Saunders wrote:
I managed to kick everyone off at lunchtime and reboot.
The loop paused the startup for about half a second and off it went.
Everything started up fine including ipsec.
I doubt it looped at all then.
Please ignore my previous post on the barf, I must be getting blind.
Thanks Eric
Unfortunately that has had no effect, but I do think you are on the
right track
ie. ipsec is starting before ppp0 is fully up, but since I know nothing except
being able to blindly follow instructions, I don't like my chances of
finding a
solution myself.
Regarding WARNING: ppp0
Rick
Richard Saunders wrote:
Thanks Eric
Unfortunately that has had no effect, but I do think you are on the
right track
ie. ipsec is starting before ppp0 is fully up, but since I know nothing
except
being able to blindly follow instructions, I don't like my chances of
finding a
solution
This problem has always existed for any connection type. It shows up in
a lot of different locations on all Bering versions. I saw this on ppp
connections as well as pcmcia based ethernet connections. The common
denominator of all these is, that you cannot predict reliably how long
they take to
Is it possible just to insert a pause somewhere in the startup
scripts to wait for ppp0
to come up before continuing?
At 07:43 AM 30/09/2005, you wrote:
This problem has always existed for any connection type. It shows up in
a lot of different locations on all Bering versions. I saw this on
Richard Saunders wrote:
Is it possible just to insert a pause somewhere in the startup scripts
to wait for ppp0
to come up before continuing?
You could place a pause/check loop in /etc/shorewall/init. Or, better
yet, configure Shorewall so that it doesn't require ppp0 to be up when
it
Richard Saunders wrote:
Is it possible just to insert a pause somewhere in the startup scripts
to wait for ppp0
to come up before continuing?
Yes, that was my first aproach, unfortunately not a very smart one, as,
for example, ppp may take a very long time to come up.
Erich
Erich Titl wrote:
Richard Saunders wrote:
Is it possible just to insert a pause somewhere in the startup scripts
to wait for ppp0
to come up before continuing?
Yes, that was my first aproach, unfortunately not a very smart one, as,
for example, ppp may take a very long time to come up.
Paul Traina wrote:
This problem has always existed for any connection type. It shows up in
a lot of different locations on all Bering versions. I saw this on ppp
connections as well as pcmcia based ethernet connections. The common
denominator of all these is, that you cannot predict reliably how
Does this problem have anything to do with shorewall? Shorewall seems
to startup
without a problem and everything else runs fine. It's only ipsec
that can't find a default route.
I thought inetd may be responsible. Not that I know anything much about it.
At 08:24 AM 30/09/2005, you wrote:
Richard Saunders wrote:
Does this problem have anything to do with shorewall? Shorewall seems to
startup
without a problem and everything else runs fine. It's only ipsec that
can't find a default route.
I thought inetd may be responsible. Not that I know anything much about it.
I was
Tom Eastep wrote:
You could place a pause/check loop in /etc/shorewall/init. Or, better
yet, configure Shorewall so that it doesn't require ppp0 to be up when
it starts.
I'm not sure I can come up with the semantics to do that, but I'd love
to give it a try...
Here's what I've got:
Zones:
Thanks Tom and Eric
I don't know if it matters to me how long it takes to come up, so
long as everything that is supposed to work works once it's up.
When ppp0 is up its a router, until then it's lump of useless metal
chewing power.
I have put the loop here:
#!/bin/sh
# IPsec startup and
Paul Traina wrote:
Adding IP Addresses...
Device ppp0 does not exist.
Cannot find device ppp0
Been a while since I had to deal with pppd but as I recall there is a
user-provided script that gets run when the interface comes up. Add the
IP addresses in that script rather than having
Richard Saunders wrote:
# misc setup
umask 022
while true; do
ip link ls dev ppp0 /dev/null 21 break
echo Waiting for ppp0 to come up...
sleep 5
done
# do it
case $1 in
start|--start|stop|--stop)
Is this alright? I won't get to test it until I can
I managed to kick everyone off at lunchtime and reboot.
The loop paused the startup for about half a second and off it went.
Everything started up fine including ipsec.
Thank you very much Tom and Erich.
I am very grateful for your help.
Richard Saunders
At 10:56 AM 30/09/2005, you wrote:
Hello Richard,
I've looked through the changes between ipsec from 2.2.3 and 2.3rc1, there
was a change in the start/stop levels of ipsecs init.d script due to
warnings when stopping ipsec.
The differences are:
(2.2.3): RCDLINKS=0,K42 1,K42 2,S42 3,S42 4,S42 5,S42 6,K42
(2.3rc1): RCDLINKS=0,K19
Hi
I am setting up uClibc 2.3rc1.
I have copied the ipsec.conf file from my uClibc 2.23 box which has
always worked ok.
When starting up I get the following errors
in auth.log:
Sep 28 13:57:09 firewall pluto[21197]: no public interfaces found
in daemon.log:
Sep 28 13:57:07 firewall
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tibbs, Richard wrote:
| Dear list:
| I have a subnet-to-subnet ipsec tunnel that is not coming up, and an
| ipsec barf shows several
| md5sum not found messages in association with all of the secrets.
|
| I looked through the ipsec.conf man page with
Thanks Charles!
I have plenty of other mysteries to explore.
Rick.
-Original Message-
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]
Sent: Monday, May 09, 2005 10:43 AM
To: Tibbs, Richard
Cc: Bering List
Subject: Re: [leaf-user] IPSEC md5sum not found
-BEGIN PGP SIGNED MESSAGE
Dear list:
I have a subnet-to-subnet ipsec tunnel that is not coming up, and an
ipsec barf shows several
md5sum not found messages in association with all of the secrets.
I looked through the ipsec.conf man page with no luck to find some way
to generate the md5 checksum.
Is this a fatal error?
Rick
Tibbs, Richard wrote:
Dear list:
I have a subnet-to-subnet ipsec tunnel that is not coming up, and an
ipsec barf shows several
md5sum not found messages in association with all of the secrets.
I looked through the ipsec.conf man page with no luck to find some way
to generate the md5
Cc: Bering List
Subject: Re: [leaf-user] IPSEC md5sum not found
Rick
Tibbs, Richard wrote:
Dear list:
I have a subnet-to-subnet ipsec tunnel that is not coming up, and an
ipsec barf shows several
md5sum not found messages in association with all of the secrets.
I looked through
@lists.sourceforge.net
Subject: [leaf-user] ipsec - no support for interface aliases
Seems like the ipsec scripts rely heavily on ifconfig but that utility
is not available on bering-uclibc. There are lots of modifications to
make it work with the ip command. I was able to overcome this problem
by replacing
Seems like the ipsec scripts rely heavily on ifconfig but that utility
is not available on bering-uclibc. There are lots of modifications to
make it work with the ip command. I was able to overcome this problem
by replacing this line in _startklips:
eval `ip addr show $phys primary | grep inet |
Dear list, sorry for long post.
I am having an issue with IPsec.
I have a WinXP machine that can build a successful SA just outside
office firewall (Bering 1.2) in road-warrior mode, but not from behind
another bering 1.2 home firewall. Nat traversal patch is on WinXP.
home-subnet -
Tibbs, Richard wrote:
Dear list, sorry for long post.
I am having an issue with IPsec.
I have a WinXP machine that can build a successful SA just outside
office firewall (Bering 1.2) in road-warrior mode, but not from behind
another bering 1.2 home firewall. Nat traversal patch is on WinXP.
Tibbs, Richard wrote:
Charles,
On the nat-traversal issue in bering fws -- I thought that parameter was
if there was a router downstream that would subsequently nat the
connection. I had an exchange with Microsoft about the need for a
patch on the XP (or any machine) going through a nat box
Scott A. Young wrote:
Erich, thanks for the info.
So then I *_do_* need to generate certificates even if I'm just using
pre-shared keys?
IFAIK _no_, just make sure you do not have an empty file where a cert
would be searched for. The code I looked at would do that weird thing
with a file
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 23, 2004 6:04 AM
To: Scott A. Young
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] IPSEC pluto errors
Scott
Scott A. Young wrote:
Hi All, I'm also back on the subnet-to-subnet ipsec setup.
Even with
all the info on the list and archives
Scott
Scott A. Young wrote:
Hi All, I'm also back on the subnet-to-subnet ipsec setup. Even with all the
info on the list and archives, I'm at a loss.
Both ends of connection are bering-uclibc v2.2.1 boxes w/ipsec. According to
the bering userguide chapter 15, you don't need certificates if your
what I am doing wrong here? If you need error
logs, I can provide them.
Thanks in advance!
Troy.
-Original Message-
From: Erich Titl [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 16, 2004 3:30 AM
Cc: Troy Aden; Leaf-User (E-mail)
Subject: Re: [leaf-user] IPSEC subnet routing
Troy
Troy Aden wrote:
Hello again.
I have fought with this for a week now and I must be missing something.
First of all, if I use a conn statement that has %defaultroute for right=,
I get an error that the statement does not exist. However, if I use a
right=(IP) and rightnexthop=(gateway), the
For the also parameter :
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# RSA authentication with keys from DNS.
authby=secret
right=135.115.157.162
Troy
It is a bit confusing for me, as I am always using left for the local system,
right for the remote.
Assumptions
S'Toon
external IP address 135.115.157.162
internal networks 192.168.161.0/24 192.168.162.0/24 192.168.163.0/24
Victoria
external IP address 24.35.38.129
internal network
Looking at my mail there are a few typos. Long live cut and paste :-(
Erich Titl wrote:
Troy
It is a bit confusing for me, as I am always using left for the local system,
right for the remote.
Assumptions
S'Toon
external IP address 135.115.157.162
internal networks 192.168.161.0/24
Erich Titl wrote:
Troy
Troy Aden wrote:
Hello all, This may seem a silly question but I have not been able to find
any info in any how-to or docs and I am hoping someone here can help me out.
http://www.freeswan.org/freeswan_trees/freeswan-1.98b/doc/manpage.d/ipsec.conf.5.html
The question is :
Hi All, I'm also back on the subnet-to-subnet ipsec setup. Even with all the
info on the list and archives, I'm at a loss.
Both ends of connection are bering-uclibc v2.2.1 boxes w/ipsec. According to
the bering userguide chapter 15, you don't need certificates if your using
pre-shared keys.
Hello all, This may seem a silly question but I have not been able to find
any info in any how-to or docs and I am hoping someone here can help me out.
The question is : How do I setup the IPSEC config so that I route only
specific subnets over the IPSEC tunnel. Currently, I have set it up by
Troy
Troy Aden wrote:
Hello all, This may seem a silly question but I have not been able to find
any info in any how-to or docs and I am hoping someone here can help me out.
http://www.freeswan.org/freeswan_trees/freeswan-1.98b/doc/manpage.d/ipsec.conf.5.html
The question is : How do I setup
-User (E-mail)
Subject: Re: [leaf-user] IPSEC subnet routing
Troy
Troy Aden wrote:
Hello all, This may seem a silly question but I have not been able to find
any info in any how-to or docs and I am hoping someone here can help me
out.
http://www.freeswan.org/freeswan_trees/freeswan-1.98b/doc
Hi All,
First of all, thanks to everyone involved with this project. The support
from the mailing list archives is great!
I've been trying to get an ipsec vpn between two bering-uclibc v2.2.1 routers
going.
Before boring everyone with the details, I'm wondering if there is a
definitive
, IPsec SA established
Troy
-Original Message-
From: Scott A. Young [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 31, 2004 7:14 PM
To: Troy Aden
Subject: RE: [leaf-user] ipsec subnet-to-subnet vpn
That would be perfect... Pre-shared-keys is where I'm starting as well.
Thanks,
Scott
Hello!
I'm trying to set up a VPN between a Windows 2000 notebook and a Bering
1.2 LEAF firewall, running SuperFreeS/WAN 1.99.6.2.
On this firewall, I have two tunnels set up. One is a tunnel between
two LEAF firewalls bridiging two subnets, and works great. The other is
a tunnel designed
Timothy J. Massey wrote:
Hello!
I'm trying to set up a VPN between a Windows 2000 notebook and a Bering
1.2 LEAF firewall, running SuperFreeS/WAN 1.99.6.2.
On this firewall, I have two tunnels set up. One is a tunnel between
two LEAF firewalls bridiging two subnets, and works great. The other
Dear list:
Erich Titl has already given me great help (off-list -- much thanks to
him) on this, but I thought I would post to the leaf list and verify
some conclusions.
They are:
1) The Nat-traversal patch available in Bering ipsec does UDP
encapsulation after any masquerading. The particular
On Friday 30 July 2004 09:51 am, Tibbs, Richard wrote:
snipped completely
Why doesn't nat traversal on Bering take care of this? Is there
something wrong with my config?
Is your right side running a firewall (yes)?
Does your right side have a subnet (yes)?
%any doesn't cover everything except
[EMAIL PROTECTED] wrote on 04/23/2004 05:52:30 PM:
Sorry for the delay, but I wanted to write and let others (and future
searchers) know what the resolution to this problem was:
Timothy J. Massey wrote:
Hello!
I'm using a Dachstein firewall with FreeS/WAN 1.91. I would like
to set
up
Hi
On 23 Apr 2004 at 16:52, Charles Steinkuehler wrote about Re: [leaf-user] IPsec
between FreeS/WAN 1.91 (Dac:
Timothy J. Massey wrote:
Hello!
I'm using a Dachstein firewall with FreeS/WAN 1.91. I would like to set up an
IPsec VPN with either a Linksys BEFVP41 router, or a Windows
Hello!
I'm using a Dachstein firewall with FreeS/WAN 1.91. I would like to set
up an IPsec VPN with either a Linksys BEFVP41 router, or a Windows 2000
computer behind it.
I have been unable to do either. The router won't negotiate a tunnel
with the LEAF firewall, and I can't seem to make
Timothy J. Massey wrote:
Hello!
I'm using a Dachstein firewall with FreeS/WAN 1.91. I would like to set
up an IPsec VPN with either a Linksys BEFVP41 router, or a Windows 2000
computer behind it.
I have been unable to do either. The router won't negotiate a tunnel
with the LEAF firewall,
To: 'Charles Steinkuehler'
Cc: '[EMAIL PROTECTED]'
Subject: RE: [leaf-user] IPSEC help needed
Thanks Charles - yes I just need to allow the passthrough of the IPSEC
protocol for everything to work. I will update the firewall like below and
bring the laptop home tomorrow to try it out. The IT guys do
, April 20, 2004 10:27 AM
To: [EMAIL PROTECTED]
Subject: [leaf-user] IPSEC help needed
I am using Dachstein 1.02 and need IPSEC enabled to get the work VPN
software to work correctly. I do not see a module IPSEC that is loaded,
should I have one to make this work correctly?
Here are the modules
Kevin wrote:
I am using Dachstein 1.02 and need IPSEC enabled to get the work VPN
software to work correctly. I do not see a module IPSEC that is loaded,
should I have one to make this work correctly?
Here are the modules loaded:
Linux version 2.2.19-3-LEAF ([EMAIL PROTECTED]) (gcc version
, April 20, 2004 7:41 AM
To: Kevin
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] IPSEC help needed
Kevin wrote:
SNIP
Actually, I think you need a rule set and a module loaded.
I'm going to work under the assumption that you need to masquerade an
IPSec connection (ie: you're running an ipsec
Kevin wrote:
Thanks Charles - yes I just need to allow the passthrough of the IPSEC
protocol for everything to work. I will update the firewall like below and
bring the laptop home tomorrow to try it out. The IT guys do not understand
my router and all they have troubleshooting guides for are the
I am using Dachstein 1.02 and need IPSEC enabled to get the work VPN
software to work correctly. I do not see a module IPSEC that is loaded,
should I have one to make this work correctly?
Here are the modules loaded:
Linux version 2.2.19-3-LEAF ([EMAIL PROTECTED]) (gcc version 2.7.2.3) #1 Sat
Having just recently placed a mail server on my DMZ I am now addressing
an issue whereby my PPP link (over PPPoE) would drop, then come back up
but my routing table would be thereafter mucked up and require manual
intervention to reset the networking/shorewall/ipsec utilities to get
proper
I'm just getting started with Leaf Bering.
I've built a new 2.4.20 kernel using the woody environment and have
iptables built statically and all is well as far as that goes.
There are newer 2.4 kernels around
Freeswan is a it of a mystery though. I'm using super-freeswan-1.99.6.2.
I'm just getting started with Leaf Bering.
I've built a new 2.4.20 kernel using the woody environment and have
iptables built statically and all is well as far as that goes.
Freeswan is a it of a mystery though. I'm using super-freeswan-1.99.6.2.
Pluto whack and other utilities are linked to
: [leaf-user] IPSec WiFi vs. weblet
I already had a similar entry in my policy file:
vpn fw ACCEPT
fwvpn ACCEPT
to no avail. Are you using IPSec, Francois?
On Mon, 15 Dec 2003,
Francois BERGERET wrote:
Hi all,
I use two wireless networks simultaneous in a Soekris
Eureka!
Determined to resolve this issue, I attempted to access the weblet over
the VPN, and checked to see if any log file was touched.
Just one. daemon.log. Which told me that I had failed to place a
carriage return after the second entry in hosts.allow for my ipsec'd
subnet. One
At 06:20 PM 12/29/2003 +0100, Christopher Harewood wrote:
Eureka!
Determined to resolve this issue, I attempted to access the weblet over
the VPN, and checked to see if any log file was touched.
Just one. daemon.log. Which told me that I had failed to place a
carriage return after the second
Hope everyone had a happy Christmas,
can anyone point me to documentation about the Bering uClib2.0 IPSEC package
?
The links at Freeswan don't seem very relevant to the config in Bering. I'm
trying to set the RSA keys up but not having any success so far.
Best wishes for the new year,
robert
Am Freitag, 26. Dezember 2003 12:28 schrieb Robert Sabine von Knobloch:
Hope everyone had a happy Christmas,
can anyone point me to documentation about the Bering uClib2.0 IPSEC
package ?
The links at Freeswan don't seem very relevant to the config in Bering. I'm
trying to set the RSA keys
:[EMAIL PROTECTED] la part de
Christopher
Harewood
Envoye : lundi 15 decembre 2003 07:10
Cc : [EMAIL PROTECTED]
Objet : Re: [leaf-user] IPSec WiFi vs. weblet
The 192.168.3.0 subnet is my IPSec vpn. Hence, in
/etc/shorewall/rules:
ACCEPTloc fw tcp 80
ACCEPT
Tried both of these before posting. 192.168.1.0 is my wired subnet,
192.68.3.0 is my wireless subnet.
hosts.allow:
ALL: 192.168.1.0/255.255.255.0
ALL: 192.168.3.0/255.255.255.0
sh-httpd.conf (pertinent parts)
# Who are we - used for CGI scripts
SERVER_NAME=ice.rawdata.lab
Christopher Harewood wrote:
Tried both of these before posting. 192.168.1.0 is my wired subnet,
192.68.3.0 is my wireless subnet.
hosts.allow:
ALL: 192.168.1.0/255.255.255.0
ALL: 192.168.3.0/255.255.255.0
sh-httpd.conf (pertinent parts)
# Who are we - used for CGI scripts
On Saturday 13 December 2003 12:25 am, Christopher Harewood wrote:
I have finally (through the alignment of planets, presumably) set up IPSec
on the wifi connection to my Bering box. All works well (browse Samba
shares with no problems, net access, etc. The only thing that fails to
load over
I have finally (through the alignment of planets, presumably) set up IPSec
on the wifi connection to my Bering box. All works well (browse Samba
shares with no problems, net access, etc. The only thing that fails to
load over the ipsec tunnel is the weblet. It works fine from any wired
On Tuesday 25 November 2003 08:47 pm, Troy Aden wrote:
[...]
My goal with this configuration is to have two networks linked via IPSEC. I
would expect that all users from site A will be able to communicate with
all users on site B transparently meaning that for all intents and
purposes users on
, November 26, 2003 1:10 AM
To: Troy Aden; Leaf-User ([EMAIL PROTECTED])
Subject: Re: [leaf-user] IPSEC NAT traversal with shorewall HELP!
On Tuesday 25 November 2003 08:47 pm, Troy Aden wrote:
[...]
My goal with this configuration is to have two networks linked via IPSEC.
I
would expect that all
1 - 100 of 261 matches
Mail list logo