Re: [leaf-user] OpenSwan issue
Hi Adam on 06.12.2012 09:16, ads...@genis-x.com wrote: Hi guys, I know this should go to the openswan list, but no one seems to want to help or respond. I was hoping one of you guys might be able to help me out. I guess they were either shocked or intimidated by your multi connection set up. I must admit it is rather surprising :-) I'm having an issue setting up a tunnel that I need some help with. I have included the relevant files below My first issue is when I start ipsec I get the following error: Dec 6 13:51:30 firewall ipsec__plutorun: 023 address family inconsistency in this connection=2 host=2/nexthop=0 Dec 6 13:51:30 firewall ipsec__plutorun: 037 attempt to load incomplete connection Dec 6 13:51:30 firewall ipsec__plutorun: 023 address family inconsistency in this connection=2 host=2/nexthop=0 Dec 6 13:51:30 firewall ipsec__plutorun: 037 attempt to load incomplete connection looks like your conn is broken, maybe you should try with more simple {left|right}subnet settings Also you don't use %defaultroute on the xxnexthop parameters. I for once use it on left=%defaultroute. I _believe_ you cannot have your type of interface definition in the setup config if you want to use %defaultroute for left. I would suggest to leave away the interfaces description in the setup config and use left=%defaultroute My second issue is the right side can't connect. packet from 119.225.115.131:500: ignoring unknown Vendor ID payload [f4ed19e0c114eb516faaac0ee37daf2807b4381f0001138d50c009ee...] packet from 119.225.115.131:500: initial Main Mode message received on 103.29.172.40:500 but no connection has been authorized with policy=PSK This appears to be a consequence of the above. packet from 119.225.115.131:500: ignoring unknown Vendor ID payload [f4ed19e0c114eb516faaac0ee37daf2807b4381f0001138d50c009ee...] packet from 119.225.115.131:500: initial Main Mode message received on 103.29.172.40:500 but no connection has been authorized with policy=PSK Can anyone help me on where to go from here? cheers Erich smime.p7s Description: S/MIME Kryptografische Unterschrift -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
[leaf-user] Hardware for LEAF-running WiFi router?
It's time to get a dedicated hackable WiFi router to replace the consumer-grade stuff I keep having to replace (while the Soekris and PCEngines boards running our LEAF firewalls just keep going.) Does this list maintain a -- list -- of hardware known to work with LEAF? I assume I'll get a PCEngines Alix board. But I'm not confident in picking a Mini-PCI WiFi card since I've seen so many discussions about working around problems. Can anybody recommend a card currently available that's working well for him/her with stock LEAF (Bering uClibc)? Until recently (latest generation of Atom processors), I trusted Intel to take Linux compatibility seriously. Can their Mini-PCI cards be trusted? Thanks! --Eric -- ** * From the desktop of: Eric House, eeho...@eehouse.org * * Crosswords for Android now in beta: via the Market or xwords.sf.net * ** -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Hardware for LEAF-running WiFi router?
Hi. LEAF should run on any x86 PC. About WiFi - IMHO Atheros is one of best choices for Linux. 06.12.2012 19:30, Eric House пишет: It's time to get a dedicated hackable WiFi router to replace the consumer-grade stuff I keep having to replace (while the Soekris and PCEngines boards running our LEAF firewalls just keep going.) Does this list maintain a -- list -- of hardware known to work with LEAF? I assume I'll get a PCEngines Alix board. But I'm not confident in picking a Mini-PCI WiFi card since I've seen so many discussions about working around problems. Can anybody recommend a card currently available that's working well for him/her with stock LEAF (Bering uClibc)? Until recently (latest generation of Atom processors), I trusted Intel to take Linux compatibility seriously. Can their Mini-PCI cards be trusted? Thanks! --Eric -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Hardware for LEAF-running WiFi router?
On 12/6/2012 9:30 AM, Eric House wrote: It's time to get a dedicated hackable WiFi router to replace the consumer-grade stuff I keep having to replace (while the Soekris and PCEngines boards running our LEAF firewalls just keep going.) Does this list maintain a -- list -- of hardware known to work with LEAF? I assume I'll get a PCEngines Alix board. But I'm not confident in picking a Mini-PCI WiFi card since I've seen so many discussions about working around problems. Can anybody recommend a card currently available that's working well for him/her with stock LEAF (Bering uClibc)? Until recently (latest generation of Atom processors), I trusted Intel to take Linux compatibility seriously. Can their Mini-PCI cards be trusted? Thanks! --Eric I use a mini-pci using an Atheors chip in a PCEngines ALIX for 802-11g. I don't do 11n. In uses ath9k. They are cheap - good enough for my purposes. http://www.amazon.com/TP-Link-TL-WN861N-300M-Mini-PCI/dp/B0035GV6FE Victor -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/