Hi An-Cheng,
I see.
Looking forward to alpha2(if there is something new about remote-access).
Thanks,
Adrian
An-Cheng Huang wrote:
Hi Adrian,
You're right that xl2tpd fixed both issues. However, the email you mentioned
said the fixes were for openswan's new KLIPS code. The manpage for
Hi,
Playing further with Glendale and Remote Access.
I've setup L2TP/IPsec with certificates(IKE authentication).
Build a quick CA with OpenSSL and issue some certificates(public key
1024 bits). One to Glendale and two to clients(Windows clients).
VPN_Clients---NAT_Device---Glendale---Internal
Hi,
I was messing with Glendale today and with the new remote access features.
I've setup a simple lab test:
VPNClient(192.168.22.2)---Vyatta(doing NAT)-Internal
Network(192.168.10.0/24)
First with PPTP: 1,2,3 and it was up and running.
Cool!
Moving to L2TP/IPsec: 1,2 and I've nailed it.
.
An-Cheng
Adrian F. Dimcev wrote:
So why do I need this outside-nexthop since I already have
specified a default route through 192.168.30.1 ?
Since my experience shows that there are problems with NAT devices,
I've always done my first tests connected directly to the external
interface
Josh wrote:
Adrian,
Once again, thank you for your invaluable input! I will begin working on
your below suggestions, as this does make a lot of sense. I also need to
peruse the Vyatta_CommandRef_VC3_v02.pdf more thoroughly to take the
pieces from there and complete [the] puzzle . But I first
Hi Todd,
Whatever you need. It's all about that. To know what you need.
Yep, you've got those static NAT mappings so actually when you're
hitting Vyatta traffic gets redirected.
But some of those mappings apply only to TCP traffic, so the rest will
go to Vyatta itself. Here that Local instance
Hi Josh,
Guess what, all that info and much more is documented now here(Community
Documentation):
http://www.vyatta.com/twiki/bin/view/Community/CommunityDocumentation
More exactly within the article How to Create a VPN Site-to-Site IPsec
Tunnel Mode Connection Between a Vyatta OFR and an ISA 2006
Hi,
I have written some articles about Vyatta:
How to Create a VPN Site-to-Site IPsec Tunnel Mode Connection Between a
Vyatta OFR and an ISA 2006 Firewall(creating the site-to-site on Vyatta,
setup a basic firewall on Vyatta in relation with the site-to-site VPN,
adding the NAT rule stuff like
Hi Josh,
There is no firewall by default on Vyatta.
Your firewall rule does not prevent packets from external to your
Vyatta itself.
You can apply the firewall instance as in, out and local per interface.
You have used in, meaning that packets entering that interface will be
filtered by the
Stig wrote
You can define multiple tunnels under the same peer to accomplish that.
Philippe wrote
Yes but it is not an optimal solution in term of scalibility.
I would agree with Philippe.
If we have multiple local and remote subnets it becomes a little
painful.
With Cisco's crypto_acl that's
Stig wrote
I'm not sure if this will do what you want, but you might try setting the
lifetime of the ipsec key with:
[EMAIL PROTECTED] set vpn ipsec esp-group foo lifetime
Possible completions:
[30..86400] Set lifetime in seconds
Hi Stig,
Thank you for your reply.
No, I wasn't talking about the
Hi,
Can we set on Vyatta an IPsec SA idle timer?
For example the other side of the tunnel has set this timer to 5 min.
If within 5 min no traffic is passing through the tunnel, the IPsec SA
is deleted.
Note that the other end does not support DPD.
From what I can see, the other side is deleting
[EMAIL PROTECTED]
Date: Wed, November 07, 2007 3:39 pm
To: Adrian F. Dimcev [EMAIL PROTECTED]
Cc: vyatta-users@mailman.vyatta.com
Hi Adrian,
What rules have you placed in your firewall and what options are you
using to send ACK segments with nmap (specific ports etc?)
Thank you,
Robyn
Adrian F
Hi Dave and Robyn,
Robyn,
Thanks for the NAT exclusion solution.
Dave,
Once that article will be finished I will add a link there.
Things look good regarding the tunnel between Vyatta and ISA.
Except that it seems to be one ISAKMP Informational Exchanges after the
Quick Mode messages sent by
Hi guys,In Vyatta_ConfigGuide_VC2.2_v01.pdf, page 229, Table 14-3 there is a serious error regarding Diffie-Hellman group 5:"5 Diffie-Hellman group 5 is a 1536-bit modular exponentiation(MODP) group. This is a 1024-bit group with a key strengthapproximately equivalent to symmetric keys of length
15 matches
Mail list logo
