[leaf-user] Notes/question about bering 1.1

2003-02-22 Thread Ramiro Morales 
Hello LEAF community,

I wanted to share some notes about details I found while playing
with Bering 1.1.

There is no /etc/shorewall/OUTPUT file implementing the workaround
for the icmp-dnat netfilter bug in the shorewall.lrp package
included with Bering 1.1. I don't it in the packages downloadable
from the official shorewall.net website either.

That file was still included in the Shorewall 1.3.10 package as
shipped with Bering 1.0.

Is this file no longer necessary because a) Shorewall 1.3.14 and it's
new handling of PING; b) the bug was fixed with the Netfilter patches
included in the 2.4.20 kernel?

Two notes about the ulogd.lrp package:

$ tar tzf ulogd.lrp
usr/sbin/ulogd
etc/ulogd.conf
etc/cron.daily/ulogd
etc/init.d/ulogd
usr/lib/ulogd// <--- this entry seems strange
usr/lib/ulogd/ulogd_OPRINT.so
usr/lib/ulogd/ulogd_LOGEMU.so
usr/lib/ulogd/ulogd_BASE.so
var/lib/lrpkg/ulogd.conf
var/lib/lrpkg/ulogd.help
var/lib/lrpkg/ulogd.list
var/lib/lrpkg/ulogd.version

Also, /var/lib/lrpkg/ulogd.conf talks about an /etc/cron.weekly/ulogd
file (in charge of rotating the /var/log/ulogd.log file) that isn't
getting included in the current release of the package.

Best regards,

-
Ramiro

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!



---
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] IPsec between FreeS/WAN 1.91 (Dachstein) and Linksys router/Windows 2000 computer

2004-04-26 Thread Ramiro Morales 
Hi

On 23 Apr 2004 at 16:52, Charles Steinkuehler wrote about "Re: [leaf-user] IPsec 
between FreeS/WAN 1.91 (Dac":

> Timothy J. Massey wrote:
> > Hello!
> > 
> > I'm using a Dachstein firewall with FreeS/WAN 1.91.  I would like to set up an
> > IPsec VPN with either a Linksys BEFVP41 router, or a Windows 2000 computer
> > behind it.
> > 
> > I have been unable to do either.  The router won't negotiate a tunnel 
> > with the LEAF firewall, and I can't seem to make the IPsec passthrough 
> > work, either.  The Windows 2000 computer does work if plug it into the 
> > Internet directly, but not from behind the router.
> > 
> > Any ideas on what I could try?  Even a success story would be enough:  
> > it would be nice to know that it's possible.
> 
> [...]
> 
> After a quick review of the Linksys manual for your box, it looks like 
> it should work fine as an IPSec gateway with Dachstein's IPSec, as long 
> as you get the configuration correct.  Make sure you're selecting 3DES, 
> SHA, IKE (with perfect-forward-security), and have a properly setup 
> pre-shared key.
> 
> You also need to verify the basic tunnel configuration is correct (ie: 
> subnet-subnet, host-host, or subnet-host) and the IP's/networks match on 
> both ends.
> 
> There's probably useful information in the logs on both ends 
> (web-accessible on the Linksys, and in /var/log/auth.log on the 
> Dachstein box...also accessible via the web if you're running weblet).
> 
> We could probably help a lot more with some additional debugging info 
> from the logs and details of your ipsec.conf from Dachstein and the 
> configuration settings on the Linksys.

You could also try an update to Windows 2000 with NAT-T enhacements
published bt M$ a year ago

http://support.microsoft.com/default.aspx?scid=kb;en-us;818043#6

Note that the article states you need Windows 2000 Service pack 3 or 
greater but it doesn't says if the update got bundled with the Service
Pack 4.

Regards,

-
Ramiro



---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html