[leaf-devel] [ leaf-Support Requests-708144 ] Multiple VPNs through same interface?
Support Requests item #708144, was opened at 2003-03-22 16:03 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=213751&aid=708144&group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Resolution: None Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Multiple VPNs through same interface? Initial Comment: I've been using Bering 1.0.2 for several weeks to maintain a VPN between two of our sites. All has been working well. This week I needed to add a new site and installed a Leaf firewall at the new location. At our main location we've using net 10.1.0.0/24 and have a VPN established to 10.12.0.0/24. I want to an additional VPN to 10.11.0.0/24 at the new location. I already have a conn section of ipsec.conf for our first site, so I've added a second configured similarly (after generating a host key). Upon restarting the firewall at our main location I'm starting both VPNs using: ipsec auto --up loc1 ipsec auto --up loc2 Establishing each of the VPN connections seems to take a little longer than normal and lists a retry is needed to establish the connections. Information indicating the SA has been established does appear after the retry delay. Using "ipsec look" I'm seeing that both VPNs are setup via ipsec0. ip route also indicates both VPNed nets are using ipsec0. This doesn't seem correct. Unfortunately it's the weekend and the two remote sites are closed. I can't verify if my connections are good as I can't verify if any hosts behind the VPNs are powered up. Is it normal to have multiple VPNs on the same interface? I can't seems to locate docs indicating the proper method of setting up multiple VPNs using Freeswan/Leaf. Thanks! Bob My ipsec.conf is included below: # /etc/ipsec.conf - FreeS/WAN IPsec configuration file config setup interfaces=%defaultroute klipsdebug=none plutodebug=all plutoload=%search plutostart=%search conn %default type=tunnel keyexchange=ike keylife=8h keyingtries=0 authby=rsasig disablearrivalcheck=no pfs=yes conn loc1 left=199.224.108.210 leftsubnet=10.1.0.0/24 leftnexthop=199.224.108.14 right=66.202.70.89 rightsubnet=10.12.0.0/24 rightnexthop=66.202.70.88 auto=add leftrsasigkey=(removed for posting purposes) rightrsasigkey=(removed for posting purposes) conn loc2 left=199.224.108.210 leftsubnet=10.1.0.0/24 leftnexthop=199.224.108.14 right=64.65.218.107 rightsubnet=10.11.0.0/24 rightnexthop=66.65.218.1 auto=add leftrsasigkey=(removed for posting purposes) rightrsasigkey=(removed for posting purposes) -- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=213751&aid=708144&group_id=13751 --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Ports to Non-x86 Platforms?
On Friday 21 March 2003 05:41 pm, David Douthitt wrote: > > One of my friends has added Linux > > to the Mac boot-menu that was considered impossible (until he did it). > > I don't know which boot menu you mean, but for several years there's > been a couple of INITs that would do this. They depend on MacOS > loading first. Exactly, my friend Chris Olson got Linux (or whatever) to boot w/o loading Mac-OS-X first. He isn't using OpenBoot, but he uses an escape sequence to open a boot manager _before_ OS-X starts to load. I can get some info from him about this if your interested the Mac lists say it is impossible though. ;-) > > a couple of after-market manufacturers making wholesale Mac-machines > > as well. > > I thought all of the Mac licenses were revoked - PowerMac, Motorola > StarMax, UMax - they're all gone, thanks to Apple and Jobs. Yes, for the Mac OS. These are just hardware for those who want to use Debian, Yellowdog, FreeBSD, etc... instead of OS-X. I don't imagine you would have a problem buying OS-X off the shelf and loading it if you wanted though. > Actually, there is a Bochs emulator for MacOS X - I downloaded it. > Unfortunately, it was corrupt. Got to try again... WinTEL has a nicer GUI and is _much_ faster than Bochs. Plex86 development appears to be forking to a bare base to integrate with Bochs to speed things up considerably. Unfortunately, this fork just started in the last 30 days w/o anything in CVS that appears very workable. http://plex86.sf.net > Now I've an AirPort card too. Watch out... I'm entering the 21st > century! :-) Most -- all! -- of my other hardware (including PC and Mac > hardware) is at least 10 to 20 years old... Ohhh, I'm jealous! I'm still walking around w/300 feet of Cat5. ;) -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://www.guitarlynn.homelinux.org:81 --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
