[leaf-user] What is latest Freeswan for Bering 1.2?

2004-11-10 Thread Tibbs, Richard 

Dear List,
I am wondering if there is any newer version such as Freeswan 2.06 in a
.lrp that is available.  I am running Bering 1.2 (kernel 2.4.20).  The
current version of freeswan is 1.99.6.2.

TIA,
Rick.





---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] What is latest Freeswan for Bering 1.2?

2004-11-10 Thread Peter Mueller 
 Dear List,
 I am wondering if there is any newer version such as Freeswan 
 2.06 in a
 .lrp that is available.  I am running Bering 1.2 (kernel 2.4.20).  The
 current version of freeswan is 1.99.6.2.

FreeSWAN is now OpenSWAN.  There are no updates for Bering.  For
Bering-uclibc though, you can get the latest openswan.

http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91017page_id=51

Is there a feature you want that's available in 2.06 that isn't in 1.99?

Regards,

P


---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] What is latest Freeswan for Bering 1.2?

2004-11-10 Thread Tibbs, Richard 
Hmm.
I have not had luck with Bering uclibc -- some of my nics are natsemi,
and I could not get a working natsemi.o.
The freeswan site says that up through v2.03 will work on 2.4.17+
kernels. There is also a super-freeswan 1.99.8 -- with the x509 and
NAT-t patches.
I thought I would give that a try.

Does anyone know if there is a makefile target for just the binary?
(no downloads I know of for just the binary from freeswan.org).

TIA,
Rick.

-Original Message-
From: Peter Mueller [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, November 10, 2004 12:58 PM
To: Tibbs, Richard; [EMAIL PROTECTED]
Subject: RE: [leaf-user] What is latest Freeswan for Bering 1.2?

 Dear List,
 I am wondering if there is any newer version such as Freeswan 
 2.06 in a
 .lrp that is available.  I am running Bering 1.2 (kernel 2.4.20).  The
 current version of freeswan is 1.99.6.2.

FreeSWAN is now OpenSWAN.  There are no updates for Bering.  For
Bering-uclibc though, you can get the latest openswan.

http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91017page_id=51

Is there a feature you want that's available in 2.06 that isn't in 1.99?

Regards,

P



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] What is latest Freeswan for Bering 1.2?

2004-11-10 Thread Tibbs, Richard 
On the feature issue: We have had a problem with messages in the log
files saying no route available.
I have a successful road warrior from just outside the firewall, but
across campus, (beyond the next router) things stop working with the
above message.

I was hoping an upgrade to 1.99.8 or beyond might be better.  
Upgrading is fairly easy once I have a 2.4.x glibc binary.

Rick.

-Original Message-
From: Peter Mueller [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, November 10, 2004 12:58 PM
To: Tibbs, Richard; [EMAIL PROTECTED]
Subject: RE: [leaf-user] What is latest Freeswan for Bering 1.2?

 Dear List,
 I am wondering if there is any newer version such as Freeswan 
 2.06 in a
 .lrp that is available.  I am running Bering 1.2 (kernel 2.4.20).  The
 current version of freeswan is 1.99.6.2.

FreeSWAN is now OpenSWAN.  There are no updates for Bering.  For
Bering-uclibc though, you can get the latest openswan.

http://leaf.sourceforge.net/mod.php?mod=userpagemenu=91017page_id=51

Is there a feature you want that's available in 2.06 that isn't in 1.99?

Regards,

P



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] What is latest Freeswan for Bering 1.2?

2004-11-10 Thread Charles Steinkuehler 
Tibbs, Richard wrote:
On the feature issue: We have had a problem with messages in the log
files saying no route available.
I have a successful road warrior from just outside the firewall, but
across campus, (beyond the next router) things stop working with the
above message.
I was hoping an upgrade to 1.99.8 or beyond might be better.  
Upgrading is fairly easy once I have a 2.4.x glibc binary.
Do you have appropriate [left|right]nexthop stanzas in your connection 
descriptions?  This doesn't sound like a problem that will be solved by a 
newer version of [free|open]s/wan.

--
Charles Steinkuehler
[EMAIL PROTECTED]
---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] What is latest Freeswan for Bering 1.2?

2004-11-10 Thread Tibbs, Richard 
Here is the ipsec.conf file.  If you want a barf, let me know.
TIA Rick.
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

 

# More elaborate and more varied sample configurations can be found

# in FreeS/WAN's doc/examples file, and in the HTML documentation.

 

 

 

# basic configuration

config setup

# THIS SETTING MUST BE CORRECT or almost nothing will work;

# %defaultroute is okay for most simple cases.

interfaces=%defaultroute

#interfaces=ipsec0=eth0

# Debug-logging controls:  none for (almost) none, all for
lots.
klipsdebug=none

plutodebug=none

# Use auto= parameters in conn descriptions to control startup
actions. 
plutoload=%search

plutostart=%search

# Close down old connection when new one using same ID shows up.

uniqueids=yes

nat_traversal=no


# defaults for subsequent connection descriptions

conn %default

# How persistent to be in (re)keying negotiations (0 means
very).   
keyingtries=0

# RSA authentication with keys from DNS.

#authby=rsasig

# Authentication by pre-shared secret key

authby=secret

right=137.45.192.190

#left=%defaultroute

rightsubnet=192.168.10.0/24

#leftnexthop=%direct

rightfirewall=yes

pfs=yes

auto=add

#leftrsasigkey=%dns

#rightrsasigkey=%dns

 

conn road-warrior

left=%any



-Original Message-
From: Charles Steinkuehler [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, November 10, 2004 1:42 PM
To: Tibbs, Richard
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] What is latest Freeswan for Bering 1.2?

Tibbs, Richard wrote:

 On the feature issue: We have had a problem with messages in the log
 files saying no route available.
 I have a successful road warrior from just outside the firewall, but
 across campus, (beyond the next router) things stop working with the
 above message.
 
 I was hoping an upgrade to 1.99.8 or beyond might be better.  
 Upgrading is fairly easy once I have a 2.4.x glibc binary.

Do you have appropriate [left|right]nexthop stanzas in your connection 
descriptions?  This doesn't sound like a problem that will be solved by
a 
newer version of [free|open]s/wan.

-- 
Charles Steinkuehler
[EMAIL PROTECTED]



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] What is latest Freeswan for Bering 1.2?

2004-11-10 Thread Charles Steinkuehler 
Tibbs, Richard wrote:
Here is the ipsec.conf file.  If you want a barf, let me know.
TIA Rick.
As mentioned, you need a nexthop value...in your case, a rightnexthop 
setting.  This should be set to the default gateway of the leaf box.

Alternatively, you can set right=%defaultroute and the rightnexthop setting 
(along with the appropriate IP for 'right') will get automatically filled in.

Per the ipsec.conf man page for Dachstein (substitute 'right' for 'left' 
given your config file):

quote
left
(required) the IP address of the left participant's public-network 
interface, in any form accepted by ipsec_ttoaddr(3). If it is the magic 
value %defaultroute, and interfaces=%defaultroute is used in the config 
setup section, left will be filled in automatically with the local address 
of the default-route interface (as determined at IPsec startup time); this 
also overrides any value supplied for leftnexthop. (Either left or right may 
be %defaultroute, but not both.) The magic value %any signifies an address 
to be filled in (by automatic keying) during negotiation; the magic value 
%opportunistic signifies that both left and leftnexthop are to be filled in 
(by automatic keying) from DNS data for left's client.

leftnexthop
next-hop gateway IP address for the left participant's connection to 
the public network; defaults to %direct (meaning right). If the value is to 
be overridden by the left=%defaultroute method (see above), an explicit 
value must not be given. If that method is not being used, but leftnexthop 
is %defaultroute, and interfaces=%defaultroute is used in the config setup 
section, the next-hop gateway address of the default-route interface will be 
used. The magic value %direct signifies a value to be filled in (by 
automatic keying) with the peer's address.
/quote

For the full man page:
http://lrp.steinkuehler.net/Packages/man/IPSec1.91/manpage.d/ipsec.conf.5.html
In summary, since you're explicitly setting 'right', but *NOT* setting 
'rightnexthop', FreeS/WAN by default assumes the far end of the connection 
is directly conected to your 'right' interface, which is what's causing your 
problems (ie: IPSec traffic not routed through your default gateway).

--
Charles Steinkuehler
[EMAIL PROTECTED]
---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] My leaf crashed

2004-11-10 Thread ALParada 
Hello,

I had a problem with Leaf yesterday that surprised me a little bit. Last
night I rebooted it via Putty and well it never came back up. This morning I
showed up to find a kernel panic. This was a working system not something
new. It has been flawless for about 6 months now. It goes to load root and
stalls then loads some more packages and then it says can't find
\var\lib\lrpkg\root.dev.own. I opened the *.lrp and the file was there. I
ended up replacing the root.lrp with a backup and it was happy again. Has
anyone seen this before or know why this would happen. I am using uClibc
2.1.0.

TIA



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] My leaf crashed

2004-11-10 Thread freeman groups 
Bad floppy drive/disks can give said effects. My drive/disk is currently 
in that transient-problem state itself (I'm fairly certain it's the 
drive, not the disk).

scott; canada
ALParada wrote:
Hello,
I had a problem with Leaf yesterday that surprised me a little bit. Last

---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] My leaf crashed

2004-11-10 Thread ALParada 
I did backup root but never considered the memory issue. I'm using a 128 MB
stick and allocating 10 MB to the system with 3 MB for the logs. I can't say
I looked at the space thinking there must be plenty.


- Original Message - 
From: Victor McAllister [EMAIL PROTECTED]
To: ALParada [EMAIL PROTECTED]
Sent: Wednesday, November 10, 2004 11:52 PM
Subject: Re: [leaf-user] My leaf crashed


 ALParada wrote:

 Hello,
 
 I had a problem with Leaf yesterday that surprised me a little bit. Last
 night I rebooted it via Putty and well it never came back up. This
morning I
 showed up to find a kernel panic. This was a working system not something
 new. It has been flawless for about 6 months now. It goes to load root
and
 stalls then loads some more packages and then it says can't find
 \var\lib\lrpkg\root.dev.own. I opened the *.lrp and the file was there. I
 ended up replacing the root.lrp with a backup and it was happy again. Has
 anyone seen this before or know why this would happen. I am using uClibc
 2.1.0.
 
 TIA
 
 
 backing up root itself can sometimes cause this if the box doesn't have
 enough memory.  Normally root does not need backup unless you are
 modifying something out of the ordinary.





---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

FW: [leaf-user] My leaf crashed

2004-11-10 Thread Joe Nelson 
Apparently, I didn't realize that when I responded to this earlier, it went
to ALParada personally and not to the list.  (Sorry, I'm new on this
particular list.)  I'm resending this to the list so that everyone can
benefit from the discusion:



-Original Message-
From: ALParada [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, November 10, 2004 9:46 PM
To: Joe Nelson
Subject: Re: [leaf-user] My leaf crashed


Now that you mention it, I did do a full backup before I rebooted. I am
using a Flash Drive so it isn't a big deal to back up everything. I tend to
backup everything and not only just the package that I modified. Even though
I have done this countless times, I wonder.


- Original Message - 
From: Joe Nelson [EMAIL PROTECTED]
To: 'ALParada' [EMAIL PROTECTED]
Sent: Wednesday, November 10, 2004 11:26 PM
Subject: RE: [leaf-user] My leaf crashed


I'm not sure if its related, but last week we added bash.lrp to our leaf
router and then we made some changes to it.  After the changes we backed it
up.  Then we ended up rebooting the device while we moved it to a new power
plug.  When we tried to boot it back up, bash was missing and that caused
some issues cause the default shell for root was bash.  After some digging
we found out that anytime we backed up bash.lrp, it would somehow create a
very small file.  Its like it doesn't know what to put in the .lrp or maybe
its being truncated or something.

I guess I just throwing out some ideas.  Your root.lrp may have been a
victim of the same issue as our bash.lrp. ???

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ALParada
Sent: Wednesday, November 10, 2004 7:21 PM
To: [EMAIL PROTECTED]
Subject: [leaf-user] My leaf crashed


Hello,

I had a problem with Leaf yesterday that surprised me a little bit. Last
night I rebooted it via Putty and well it never came back up. This morning I
showed up to find a kernel panic. This was a working system not something
new. It has been flawless for about 6 months now. It goes to load root and
stalls then loads some more packages and then it says can't find
\var\lib\lrpkg\root.dev.own. I opened the *.lrp and the file was there. I
ended up replacing the root.lrp with a backup and it was happy again. Has
anyone seen this before or know why this would happen. I am using uClibc
2.1.0.

TIA



---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's
Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588alloc_id=12065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html





---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] What is latest Freeswan for Bering 1.2?

2004-11-10 Thread Erich Titl 
Rick

At 21:14 10.11.2004 -0500, you wrote:
No, didn't set CLAMPMSS.  The chief symptom so far has been a bad route.
I think it was an error like 
Ioctlsroute or some such code.

What is the MSS that you would recommend for Ipsec? The SA is getting 
established OK so far (so UDP is not the problem).
Rick.

I would just set CLAMPMSS to yes in shorewall.conf. It adapts to the actual MTU 
size less 40 I believe.

Erich

THINK 
Püntenstrasse 39 
8143 Stallikon 
mailto:[EMAIL PROTECTED] 
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16




---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] My leaf crashed

2004-11-10 Thread Erich Titl 
Al

At 00:10 11.11.2004 -0500, ALParada wrote:
I did backup root but never considered the memory issue. I'm using a 128 MB
stick and allocating 10 MB to the system with 3 MB for the logs. I can't say
I looked at the space thinking there must be plenty.

I found one of the most frequent glitches I made was leaving the disk mounted 
when backing up root.lrp. As you can imagine this recursion eats up all 
available space.

Erich

THINK 
Püntenstrasse 39 
8143 Stallikon 
mailto:[EMAIL PROTECTED] 
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16




---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_idU88alloc_id065op=click

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html