[Leaf-user] IPSEC 1.91 and EigerStein
I have not upgraded to Dachstein yet, but will soon. I am still running EigerStein and I am attempting to upgrade to the newest IPSEC 1.91 that Charles just released. I have installed the required LRP files, ifconfig, mawk, and IPSEC. Upon booting and before the logon prompt, I get the following errors: "tr: not found" and "ipsec_setup: cannot find ipsec command -- 'start' aborted" If I try to run IPSEC from a prompt, then I get this error: "egrep: not found" >From everything I have read it appears I need busybox? If this true, if so, where do I find it? Barry ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] Dachstein and forward rules
Charles, how are you setting up the forward rules in Dachstein for IPSEC? Is there still a walk-list or do I need to write my own ipchains in the ipchains.forward script? Barry Martin ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Re: Dachstein and forward rules
Thanks. I added the chains to the ipchains.forward file and everything works fine. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Steinkuehler Sent: Saturday, November 10, 2001 6:16 PM To: Barry Martin; 'LEAF' Subject: [Leaf-user] Re: Dachstein and forward rules > Charles, how are you setting up the forward rules in Dachstein for > IPSEC? Is there still a walk-list or do I need to write my own ipchains > in the ipchains.forward script? I assume you're referring to the forwarding rules that allow packets to cross the VPN...ie the rules that accept packets from your local subnet to the remote subnet. Your options are to either add these rules to ipchains.forward, in which case they will *ALWAYS* be in effect...not a problem if you're using private IP space and the output garbage filters are still in place, but this *CAN* allow data that should be encrypted out over the 'net if you're using public IP's or if you're using private IP's and don't have the output garbage filters enabled (in this case, the traffic won't get far, but someone nearby could still sniff it...especially if you're on a cable-modem or similar shared access line). The other option is to let IPSec create the forwarding rules for you (left|rightfirewall=yes). This dynamically brings the forwarding rules up/down with the IPSec link, insuring you won't send anything in the clear that should be encrypted, but you have to remember to restart IPSec if you need to reload your firewall rules, as the IPSec forward rules will be lost. There are more elegant ways around this (ie have IPSec add/remove it's forwarding rules from a custom chain that the automated firewall scripts call, but don't clear), but I haven't bothered to set it up... Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
[Leaf-user] aliased IP addresses on DCD
Does this work with DCD? eth0_ALIAS0=216.248.55.3 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] LEAF routing private IP space w/ IPSEC
You have to fake out the routing. For the hub site you need to shorten the subnet mask. For example. If using a /16 subnet mask for all sites, then in the ipsec.conf file on all connections, specify that your internal site is a /8. Check out this site for details: http://jixen.tripod.com/ and look at this section: Using a central Ipsec gateway as a "tunnel hub" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jason C. Leach Sent: Thursday, February 07, 2002 6:41 PM To: [EMAIL PROTECTED] Subject: Re: [Leaf-user] LEAF routing private IP space w/ IPSEC hi, I have a question on this with a twist. If I have several nodes connected to a sentral HUB via IPSec, how can I route from node A to node B? Right now, the HUB can ping every node, but nodes can only pin the HUB. Thanks, j. -- .. . Jason C. Leach .. PGP/GPG Public key at http://www.keyserver.net/ Key ID: 1CF6DA85 ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
