RE: [leaf-user] ipsec.lrp - does it do plain old DES?
You have the right attitude, single-DES is crap. However, ipsec.lrp does support single-DES. Superfreeswan includes additional encyrption algorithm patches which Jacques includes. RTM ;-) - http://leaf-project.org/devel/jnilo/bipack2.html 12.8. ipsec.lrp This is the super-freeswan ipsec package. Refer to the Bering user's guide for explanations. Superfreeswan 1.99.6.2 is patched with the following patches: NAT-Traversal, X509, ipsec_algs and port & protocols selector. Current "Bering" version: 1.99.6.2 http://www.freeswan.ca/patches/ Hope that helps, > Yes, I thought this would be the case. I'll have to look > into this, but either way, a DES VPN is not secure, and I > think I'll just tell the guys at the remote end that they > have to supply a Linux box with DES support as I don't want > to be held responsible for implementing such an insecure VPN > solution. :) > > Regards, > HiltonT > > On Sun, 2003-07-06 at 15:19, M Lu wrote: > > Hi Hilton, > > > > Bering ipsec.lrp is actually Superfreeswan 1.99.6.2, and I believe > > that > > FreeSWAN does not support single DES. > > > > M Lu. > > > > > > >From: Hilton Travis <[EMAIL PROTECTED]> > > >Reply-To: [EMAIL PROTECTED] > > >To: [EMAIL PROTECTED] > > >Subject: [leaf-user] ipsec.lrp - does it do plain old DES? > > >Date: 06 Jul 2003 12:54:07 +1000 > > > > > >Hi All, > > > > > >Does the behring ipsec.lrp module handle the insecure DES > protocol? > > >I have a need for a DES-based Linux router for a short > while, and if > > >this works, then I'll use it. Unfortunately, the remote > end cannot > > >accept any secure IPSEC encryption protocols. :( > > -- > Regards, > > HiltonT > > > > --- > This SF.Net email sponsored by: Free pre-built ASP.NET sites > including Data Reports, E-commerce, Portals, and Forums are > available now. Download today and enter to win an XBOX or > Visual Studio .NET. > http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_06 1203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] ipsec.lrp - does it do plain old DES?
Hi Peter, On Tue, 2003-07-08 at 06:38, Peter Mueller wrote: > You have the right attitude, single-DES is crap. You bet it is. I cracked a 1DES key with a banana smoothie in a whisker over 30 minutes last week. :) > However, ipsec.lrp does support single-DES. Are you sure about this? There's no mention of it anywhere, and the FreeS/WAN docs say that by default 1DES support is included for 3DES encryption, but unable to be used as a protocol in its own right - for obvious reasons. > Superfreeswan includes additional encyrption algorithm > patches which Jacques includes. > > RTM ;-) - http://leaf-project.org/devel/jnilo/bipack2.html > > 12.8. ipsec.lrp > This is the super-freeswan ipsec package. Refer to the Bering user's > guide for explanations. > Superfreeswan 1.99.6.2 is patched with the following patches: > NAT-Traversal, X509, ipsec_algs and port & protocols selector. Yes, I read that before posting to this list, and since none of those patches enable the use of 1DES, I asked the list for further clarification. > Current "Bering" version: 1.99.6.2 > > http://www.freeswan.ca/patches/ This lists the patches available, and I also went to this site before emailing the list. None of the 1DES patches seem to be applied (sensibly) to the LEAF ipsec.lrp package. > Hope that helps, Not really. The information you have given me basically says that 1DES is not able to be used as a protocol, whereas you are saying it is able to be used. So, your suggestion is refuted by the links you gave as a reference - actually muddying the issue, not clarifying it. :( - HiltonT > > Yes, I thought this would be the case. I'll have to look > > into this, but either way, a DES VPN is not secure, and I > > think I'll just tell the guys at the remote end that they > > have to supply a Linux box with DES support as I don't want > > to be held responsible for implementing such an insecure VPN > > solution. :) > > > > Regards, > > HiltonT > > > > On Sun, 2003-07-06 at 15:19, M Lu wrote: > > > Hi Hilton, > > > > > > Bering ipsec.lrp is actually Superfreeswan 1.99.6.2, and I > > > believe that FreeSWAN does not support single DES. > > > > > > M Lu. > > > > > > > > > >From: Hilton Travis <[EMAIL PROTECTED]> > > > >Reply-To: [EMAIL PROTECTED] > > > >To: [EMAIL PROTECTED] > > > >Subject: [leaf-user] ipsec.lrp - does it do plain old DES? > > > >Date: 06 Jul 2003 12:54:07 +1000 > > > > > > > >Hi All, > > > > > > > >Does the behring ipsec.lrp module handle the insecure DES > > > >protocol? I have a need for a DES-based Linux router for > > > >a short while, and if this works, then I'll use it. > > > >Unfortunately, the remote end cannot accept any secure > > > >IPSEC encryption protocols. :( --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Dynamic tinydns Bering 1.0
Dear list ! (using bering 1.0 stable w/ dnscache&tinydns and dhcpd) Currently I am using my privat DNSserver with static client-IPs. They just use djbdns for nameresolution. I edited the config files for tinydns, restarted shorwall and dns and zoom: it works. Now I can get rid off /etc/hosts. But whats about dynamic IP-Name-resolving ? I got one single dynamic client in my homebrewed net. This is the "road warrier" - the mobile PC. That one gets its (changing) IP from Bering using dhcp. Worked fine for months so far... I found no doku for this (common) problem... Thanks for any short hints! --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] ipsec.lrp - does it do plain old DES?
> On Tue, 2003-07-08 at 06:38, Peter Mueller wrote: > > You have the right attitude, single-DES is crap. > > You bet it is. I cracked a 1DES key with a banana smoothie > in a whisker over 30 minutes last week. :) I used 5000 monkeys to crack it in 5 minutes, guess I got lucky.. > > However, ipsec.lrp does support single-DES. > > Are you sure about this? There's no mention of it anywhere, > and the FreeS/WAN docs say that by default 1DES support is > included for 3DES encryption, but unable to be used as a > protocol in its own right - for obvious reasons. Oops - http://leaf.sourceforge.net/devel/jnilo/manpages/README.ipsec_alg.txt This link clearly states nothing at all about 1DES. I guess you are right. Sorry, Peter --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Dynamic tinydns Bering 1.0
Hello Hein,
The solution I use is that the laptop allways get the same IP Adress from
the dhcpd server
As an example my dhcpd conf.
-
dynamic-bootp-lease-length 604800;
max-lease-time 1209600;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.254;
option domain-name "my.net";
option domain-name-servers 192.168.1.254;
range 192.168.1.110 192.168.1.199;
host roadwarrior { hardware ethernet 00:00:33:11:22:44; fixed-address
192.168.1.100; }
replace your hostname and mac address.
Now you can use your name "roadwarrior.my.net" in tinydns
Regards Eric Wolzak
member of the bering Crew
>Dear list !
>(using bering 1.0 stable w/ dnscache&tinydns and dhcpd)
>Currently I am using my privat DNSserver with static
>client-IPs.
>They just use djbdns for nameresolution. I edited the
>config files for tinydns, restarted shorwall and dns
>and zoom: it works. Now I can get rid off /etc/hosts.
>
>But whats about dynamic IP-Name-resolving ? I got one
>single dynamic client in my homebrewed net. This is the
>"road warrier" - the mobile PC.
>That one gets its (changing) IP from Bering using dhcp.
>Worked fine for months so far...
>
>I found no doku for this (common) problem...
>
>
>Thanks for any short hints!
>
>
>
>
>
>
>
>
>
>
>
>---
>This SF.Net email sponsored by: Free pre-built ASP.NET sites including
>Data Reports, E-commerce, Portals, and Forums are available now.
>Download today and enter to win an XBOX or Visual Studio .NET.
>http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01
>
>leaf-user mailing list: [EMAIL PROTECTED]
>https://lists.sourceforge.net/lists/listinfo/leaf-user
>SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] OT: Bash question
pn] Forgive me; I can't Google this for some reason. pn] Is there an elegant way to test a positional parameter for being numeric (so that I don't assign a string to a numeric variable)? = - Peter Nosko ([EMAIL PROTECTED]) This is a good place for a tagline. __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] OT: Bash question
Peter Nosko wrote:
pn] Forgive me; I can't Google this for some reason.
pn] Is there an elegant way to test a positional parameter for being numeric (so that
I don't
assign a string to a numeric variable)?
The quick & dirty way to do something like this would be with a case
statement:
case $1
in
[0-9]*) echo Number: $1 ;;
*) echo Text: $1 ;;
esac
Note that this only tests the *FIRST* character of the parameter, so
something like 1a would incorrectly look like a number.
To get around this problem (if necessary), you'll either need to
recursively parse each digit of the parameter to see if it's a number
(ugly, but relies only on built-in shell commands)...something like:
#!/bin/ash
ParseChar () {
case $1
in
[0-9]*)
if [ ${#1} -ge 2 ] ; then
Parse ${1#?}
fi ;;
*) NUMBER=NO ;;
esac
}
Parse () {
NUMBER=YES
ParseChar $1
}
Parse $1
echo "Number?: $NUMBER"
...or pass the whole thing to something like sed that can deal with more
complicated regular expressions.
NOTE: You could probably clean up the recursive example code. I'd
probably try to get away from using the NUMBER global, and maybe pass
the Parse procedure a second parameter containing the variable name
you'd like the number or a default value assigned to, and you might want
(or need) to deal with a leading +/- sign, a decimal (only one!) and/or
comma seperators (ie -32,768.0), but the above does actually work for
"plain" numbers.
--
Charles Steinkuehler
[EMAIL PROTECTED]
---
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] OT: Bash question
> -Original Message- > From: Charles Steinkuehler > To get around this problem (if necessary), you'll either need to > recursively parse each digit of the parameter to see if it's a number > (ugly, but relies only on built-in shell commands)...something like: pn] Somehow I knew you'd reply in a jiffy! You are the Master of Parameter Expansion! To make sure I understand it, the IF in ParseChar says... If the length of this number is >= 2 digits, send everything after the first digit back through Parse. pn] Right? > ...or pass the whole thing to something like sed that can pn] There's a lot to be said about relying only on built-in shell commands. Your code worked as is in bash (whatever version comes with SuSE 8.2). > deal with a decimal (only one!) pn] :O pn] Many thanks. I'm running up a tab with you. ;) --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re:[leaf-user] OT: Bash question
> pn] Is there an elegant way to test a positional parameter for > being numeric (so that I don't > assign a string to a numeric variable)? You could try test -eq, it returns an error if non-integer parameters are used: #!/bin/sh test $1 -eq $1 2>/dev/null if test $? -eq 2; then echo non integer else echo integer fi - Alex --- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa0016ave/direct;at.asp_061203_01/01 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
