Stephen Lee wrote: > Because I'm a big chicken ;-) The Bering box controls a rather busy > connection and has some mission-critical traffic running through it. You > and the rest of the Bering team have build such a solid product that I > suspect very few of us ever bother upgrading on a regular basis. OTOH, it > will give me a chance to slip in a current USB version. I'm tired of bad > floppies.
I'll second that. I've had Bering 1.2 running upto last year. The only reason that thing ever broke down is because of the old P66 starting to smoke. You should never start smoking when you're getting older ;) > Btw, the reason for upgrading OpenSwan is that I need to connect the > router to a Sonicwall vpn box at the other end. Do any of you have such > experience and/or tips? I'm following the suggestions on the OpenSwan > site. Just recently I required vpn connections as well and I found that this would corrupt my current settings. If you do a site-to-site vpn there's no real problem, but I figured I might as well make this a vpn for Windows roadwarriors. Which brings in L2TP, which adds a new ppp interface whenever a connection is made, which requires changing the last rule in Shorewall to be ACCEPT because you can't create a zone for interfaces that don't exist. And so I added a second Bering box just for handling vpn. The new box is sitting directly on the outside connection and this eliminates all issues with masquerading vpn. I have Shorewall on the new box configured to pass everything but the obvious onto the existing box that runs a custom firewall script. Essentially the only thing I had to change on the old box was to let it accept RFC1918 addresses on the outside interface. Gordon ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
