OK, the verdict seems to be that Charles' suggestion worked (for pings
-- we are only testing the connection with pings) --- so I doubt that
ping tests the CLAMPMSS parm. A large file transfer would probably need
it so I put CLAMPMSS=yes in shorwall.conf.
We are now able to ping across campus.
Dear List,
I am wondering if there is any newer version such as Freeswan 2.06 in a
.lrp that is available. I am running Bering 1.2 (kernel 2.4.20). The
current version of freeswan is 1.99.6.2.
TIA,
Rick.
---
This SF.Net email is
Dear List,
I am wondering if there is any newer version such as Freeswan
2.06 in a
.lrp that is available. I am running Bering 1.2 (kernel 2.4.20). The
current version of freeswan is 1.99.6.2.
FreeSWAN is now OpenSWAN. There are no updates for Bering. For
Bering-uclibc though, you can
PROTECTED]
Subject: RE: [leaf-user] What is latest Freeswan for Bering 1.2?
Dear List,
I am wondering if there is any newer version such as Freeswan
2.06 in a
.lrp that is available. I am running Bering 1.2 (kernel 2.4.20). The
current version of freeswan is 1.99.6.2.
FreeSWAN is now OpenSWAN
or beyond might be better.
Upgrading is fairly easy once I have a 2.4.x glibc binary.
Rick.
-Original Message-
From: Peter Mueller [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 10, 2004 12:58 PM
To: Tibbs, Richard; [EMAIL PROTECTED]
Subject: RE: [leaf-user] What is latest Freeswan
Tibbs, Richard wrote:
On the feature issue: We have had a problem with messages in the log
files saying no route available.
I have a successful road warrior from just outside the firewall, but
across campus, (beyond the next router) things stop working with the
above message.
I was hoping an
-Original Message-
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 10, 2004 1:42 PM
To: Tibbs, Richard
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] What is latest Freeswan for Bering 1.2?
Tibbs, Richard wrote:
On the feature issue: We have had
Tibbs, Richard wrote:
Here is the ipsec.conf file. If you want a barf, let me know.
TIA Rick.
As mentioned, you need a nexthop value...in your case, a rightnexthop
setting. This should be set to the default gateway of the leaf box.
Alternatively, you can set right=%defaultroute and the
Rick
At 21:14 10.11.2004 -0500, you wrote:
No, didn't set CLAMPMSS. The chief symptom so far has been a bad route.
I think it was an error like
Ioctlsroute or some such code.
What is the MSS that you would recommend for Ipsec? The SA is getting
established OK so far (so UDP is not the