[leaf-user] dnscache inconsistent
Hello, I'm having problems with what I think can only be dnscache. I am using uClibc 2.1.0 with Shorewall and Openvpn. Dnscache is setup to forward to my internal DNS. Openvpn is setup to use dnscache as the primary dns on the config file. Somtimes it simply doesn't resolve. I have tried it from the console and sometimes it works, sometimes it doesn't. Sometimes it will resolve a host on my internal lan then 20 seconds later tell me "unknown host". It doesn't sound like it is "caching" anything. I have setup Ethereal on my internal DNS hoping to capture traffic between it and dnscache, but alot of traffic doesn't get logged. I am thinking it simply doesn't send the request to the forwarder. I don't have the tools installed, so no log files are generated. Is dnscache supposed to be reliable and stable or does it have issues? All I really need is a caching DNS since my internal lan already has two DNS servers. Would I be better of with another package? Any suggestions are greatly appreciated. TIA --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] Small embedded device with LCD display
Can anyone recommend an embedded device that comes with an LCD display and runs uClibc. I am going to build a small application that will replace a employee time card machine. I need to display the current time on the LCD and also the employee number after they swipe their card. Thanks, Geoff --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSEC subnet routing
Troy Troy Aden wrote: Hello again. I have fought with this for a week now and I must be missing something. First of all, if I use a conn statement that has "%defaultroute" for right=, I get an error that the statement does not exist. However, if I use a right=(IP) and rightnexthop=(gateway), the conn statement works fine. Can anyone explain this? But... Non of the conn statements below work. My guess is that the conn statements that contain the "also=" parameter must be missing something. So I added esp=aes and auto=start or auto=add depending on the side of the connection. Still no joy. Can anyone please tell me what I am doing wrong here? If you need error logs, I can provide them. try to put the connection referencet to by the also statement at the end of your file here are the files I use, it's still 1.99 but it should not matter kerberos # /etc/ipsec.conf - FreeS/WAN IPsec configuration file # More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file, and in the HTML documentation. # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none #plutodebug=all # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes # defaults for subsequent connection descriptions conn %default # How persistent to be in (re)keying negotiations (0 means very). keyingtries=0 # RSA authentication with keys from DNS. authby=rsasig leftrsasigkey=%dns rightrsasigkey=%dns include /etc/ipsec.d/connections/test > /etc/ipsec.d/connections/test # # this is the barebone description of multiple connections through # the same ipsec endpoints # conntest_to_dmz also=test leftsubnet=195.141.2.160/27 auto=add conntest ike=aes esp=aes left=%defaultroute leftcert=aspcert.pem leftrsasigkey=%cert right=%any rightsubnet=10.250.99.0/24 rightrsasigkey=%cert rightid="C=CH,L=Schlieren,O=RUF Gruppe,OU=ASP Plus,CN=test.asp.ruf.ch" keylife=10m rekeymargin=3m rekeyfuzz=150% > right = remote left = local HTH Erich --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSEC subnet routing
Hello again. I have fought with this for a week now and I must be missing something. First of all, if I use a conn statement that has "%defaultroute" for right=, I get an error that the statement does not exist. However, if I use a right=(IP) and rightnexthop=(gateway), the conn statement works fine. Can anyone explain this? But... Non of the conn statements below work. My guess is that the conn statements that contain the "also=" parameter must be missing something. So I added esp=aes and auto=start or auto=add depending on the side of the connection. Still no joy. Can anyone please tell me what I am doing wrong here? If you need error logs, I can provide them. Thanks in advance! Troy. -Original Message- From: Erich Titl [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 16, 2004 3:30 AM Cc: Troy Aden; Leaf-User (E-mail) Subject: Re: [leaf-user] IPSEC subnet routing Looking at my mail there are a few typos. Long live cut and paste :-( Erich Titl wrote: >Troy > >It is a bit confusing for me, as I am always using left for the local system, right for the remote. > >Assumptions > >S'Toon > >external IP address 135.115.157.162 >internal networks 192.168.161.0/24 192.168.162.0/24 192.168.163.0/24 > >Victoria >external IP address 24.35.38.129 >internal network 172.0.0.0/8 > >Please observe the difference in auto= between the two systems, only one should start the connection. > >At 18:59 15.11.2004 -0600, Troy Aden wrote: > > >>First of all, thanks so much for the quick reply! I am sorry to bug you a >>second time but I need some baby steps here. >>Can you please give me a example with the configs I provided. I need to see >>the "also=common_conn_params" in terms of my config. >>For example, if I had a 192.168.161.0/24, 192.168.162.0/24,192.168.163.0/24, >>networks on router A side. And I wanted Router B to connect to ONLY those >>subnets. Can you please type in "exactly" what I would need on both router A >>(S'toon) and router B (Victoria). From that, I should be able to figure out >>what I need to do to be more pricise about the Router B networks within the >>172.0.0.0/8 range. >> >>Again.Thanks in advance!!! Sorry to be a pain. >> >>Troy. >> >> >> > >Router A (S'toon) ># basic configuration >config setup ># THIS SETTING MUST BE CORRECT or almost nothing will work; ># %defaultroute is okay for most simple cases. >interfaces=%defaultroute ># Debug-logging controls: "none" for (almost) none, "all" for lots. >klipsdebug=none >plutodebug=none ># Use auto= parameters in conn descriptions to control startup >actions. >plutoload=%search >plutostart=%search ># Close down old connection when new one using same ID shows up. >uniqueids=yes > > ># defaults for subsequent connection descriptions >conn %default ># How persistent to be in (re)keying negotiations (0 means very). >keyingtries=0 ># RSA authentication with keys from DNS. >authby=secret >pfs=yes > >conn block >auto=ignore > >conn private >auto=ignore > >conn private-or-clear >auto=ignore > >conn clear >auto=ignore > >conn packetdefault >auto=ignore > >conn victoria >right=%defaultroute >left=24.35.38.129 >leftsubnet=172.0.0.0/8 >esp=aes >auto=start > >conn victoria_1 >also=victoria >rightsubnet=192.168.161.0/24 > >conn victoria_2 >also=victoria >rightsubnet=192.168.162.0/24 > >conn victoria_3 >also=victoria >rightsubnet=192.168.163.0/24 > > >Router B (Victoria) > ># basic configuration >config setup ># THIS SETTING MUST BE CORRECT or almost nothing will work; ># %defaultroute is okay for most simple cases. >interfaces=%defaultroute ># Debug-logging controls: "none" for (almost) none, "all" for lots. >klipsdebug=none >plutodebug=none ># Use auto= parameters in conn descriptions to control startup >actions. >plutoload=%search >plutostart=%search ># Close down old connection when new one using same ID shows up. >uniqueids=yes > > > ># defaults for subsequent connection descriptions >conn %default ># How persistent to be in (re)keying negotiations (0 means very). >keyingtries=0 ># RSA authentication with keys from DNS. >authby=secret >pfs=yes > >conn block >auto=ignore > >conn private >auto=ignore > >conn private-or-clear >auto=ignore > >conn clear >auto=ignore > >conn packetdefault >auto=ignore > > >conn stoon >right=%defaultroute >rightsubnet=172.0.0.0/8 >left=135.115.157.162 >esp=aes >auto=add > >conn stoon_1 >also=stoon >leftsubnet=192.168.161.0/24 > >conn stoon_2 >also=stoon >leftsubnet=192.168.162.0/24 > >conn stoon_3 >also=stoon >
Re: [leaf-user] IPSEC pluto errors
Scott Scott A. Young wrote: Hi All, I'm also back on the subnet-to-subnet ipsec setup. Even with all the info on the list and archives, I'm at a loss. Both ends of connection are bering-uclibc v2.2.1 boxes w/ipsec. According to the bering userguide chapter 15, you don't need certificates if your using pre-shared keys. But, I'm getting the following errors, and I'm wondering if it's related some how. So what's up with the FATAL ERROR? It would seem without pluto, my ipsec configuration is unable to start? I can supply full details if required, but I'm hoping it's something much simpler then that. I had a look at the code, is it possible that you have an empty certificate file, possibly called cert? Else you can contact Andreas Steffen on the StrongSwan list. cheers Erich --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] bridging tunnel
hello i need to do a bridging tunnel acrosss the internet, transparent to dhcp and similar broudcasts. i have done this with vtund, but it seamed to me to be a tad unstable, as it needed a restart now and then. what is the most stable tunneling solution available for lrp ? encryption is not needed. with regards -- Ronny Aasen <[EMAIL PROTECTED]> --- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
