Re: [leaf-user] OpenSwan issue

2012-12-06 Thread Erich Titl
Hi Adam

on 06.12.2012 09:16, ads...@genis-x.com wrote:
 Hi guys,
 
 I know this should go to the openswan list, but no one seems to want to help
 or respond. I was hoping one of you guys might be able to help me out.

I guess they were either shocked or intimidated by your multi connection
set up.
I must admit it is rather surprising :-)

 
 
 
 I'm having an issue setting up a tunnel that I need some help with.
 
  
 
 I have included the relevant files below
 
 
 My first issue is when I start ipsec I get the following error:
 
  
 
 Dec  6 13:51:30 firewall ipsec__plutorun: 023 address family inconsistency
 in this connection=2 host=2/nexthop=0
 
 Dec  6 13:51:30 firewall ipsec__plutorun: 037 attempt to load incomplete
 connection
 
 Dec  6 13:51:30 firewall ipsec__plutorun: 023 address family inconsistency
 in this connection=2 host=2/nexthop=0
 
 Dec  6 13:51:30 firewall ipsec__plutorun: 037 attempt to load incomplete
 connection

looks like your conn is broken, maybe you should try with more simple
{left|right}subnet settings

Also you don't use %defaultroute on the xxnexthop parameters. I for once
use it on left=%defaultroute. I _believe_ you cannot have your type of
interface definition in the setup config if you want to use
%defaultroute for left.

I would suggest to leave away the interfaces description in the setup
config and use left=%defaultroute

 
  
 
 My second issue is the right side can't connect.
 
 packet from 119.225.115.131:500: ignoring unknown Vendor ID payload
 [f4ed19e0c114eb516faaac0ee37daf2807b4381f0001138d50c009ee...]
 
 packet from 119.225.115.131:500: initial Main Mode message received on
 103.29.172.40:500 but no connection has been authorized with policy=PSK

This appears to be a consequence of the above.

 
 packet from 119.225.115.131:500: ignoring unknown Vendor ID payload
 [f4ed19e0c114eb516faaac0ee37daf2807b4381f0001138d50c009ee...]
 
 packet from 119.225.115.131:500: initial Main Mode message received on
 103.29.172.40:500 but no connection has been authorized with policy=PSK
 
  
 
 Can anyone help me on where to go from here?

cheers

Erich




smime.p7s
Description: S/MIME Kryptografische Unterschrift
--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/


[leaf-user] Hardware for LEAF-running WiFi router?

2012-12-06 Thread Eric House
It's time to get a dedicated hackable WiFi router to replace the
consumer-grade stuff I keep having to replace (while the Soekris and
PCEngines boards running our LEAF firewalls just keep going.)

Does this list maintain a -- list -- of hardware known to work with
LEAF?

I assume I'll get a PCEngines Alix board.  But I'm not confident in
picking a Mini-PCI WiFi card since I've seen so many discussions about
working around problems.  Can anybody recommend a card currently
available that's working well for him/her with stock LEAF (Bering
uClibc)?  Until recently (latest generation of Atom processors), I
trusted Intel to take Linux compatibility seriously.  Can their
Mini-PCI cards be trusted?

Thanks!

--Eric
-- 
**
* From the desktop of: Eric House, eeho...@eehouse.org   *
*   Crosswords for Android now in beta: via the Market or xwords.sf.net  *
**

--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/


Re: [leaf-user] Hardware for LEAF-running WiFi router?

2012-12-06 Thread Andrew
Hi.
LEAF should run on any x86 PC.
About WiFi - IMHO Atheros is one of best choices for Linux.

06.12.2012 19:30, Eric House пишет:
 It's time to get a dedicated hackable WiFi router to replace the
 consumer-grade stuff I keep having to replace (while the Soekris and
 PCEngines boards running our LEAF firewalls just keep going.)

 Does this list maintain a -- list -- of hardware known to work with
 LEAF?

 I assume I'll get a PCEngines Alix board.  But I'm not confident in
 picking a Mini-PCI WiFi card since I've seen so many discussions about
 working around problems.  Can anybody recommend a card currently
 available that's working well for him/her with stock LEAF (Bering
 uClibc)?  Until recently (latest generation of Atom processors), I
 trusted Intel to take Linux compatibility seriously.  Can their
 Mini-PCI cards be trusted?

 Thanks!

 --Eric



--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/


Re: [leaf-user] Hardware for LEAF-running WiFi router?

2012-12-06 Thread Victor McAllister
On 12/6/2012 9:30 AM, Eric House wrote:
 It's time to get a dedicated hackable WiFi router to replace the
 consumer-grade stuff I keep having to replace (while the Soekris and
 PCEngines boards running our LEAF firewalls just keep going.)

 Does this list maintain a -- list -- of hardware known to work with
 LEAF?

 I assume I'll get a PCEngines Alix board.  But I'm not confident in
 picking a Mini-PCI WiFi card since I've seen so many discussions about
 working around problems.  Can anybody recommend a card currently
 available that's working well for him/her with stock LEAF (Bering
 uClibc)?  Until recently (latest generation of Atom processors), I
 trusted Intel to take Linux compatibility seriously.  Can their
 Mini-PCI cards be trusted?

 Thanks!

 --Eric


I use a mini-pci using an Atheors chip in a PCEngines ALIX for 802-11g. 
I don't do 11n.  In uses ath9k. They are cheap - good enough for my 
purposes.

http://www.amazon.com/TP-Link-TL-WN861N-300M-Mini-PCI/dp/B0035GV6FE

Victor


--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/