[leaf-user] [ leaf-Support Requests-679331 ] NICs/network not comming up?
Support Requests item #679331, was opened at 2003-02-03 00:35 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=679331group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Open Priority: 5 Submitted By: rob merritt (merrittr) Assigned to: Mike Noyes (mhnoyes) Summary: NICs/network not comming up? Initial Comment: I read throuht the faqs and my logs looking for error msgs but there don't seem to be any. Here is my problem: pent 266 + 96mb ran 2 identical 8139too cards (thats what mandrake 8.2 thinks anyway and it works) in modules I have pci-scan and tulip enabled in modules but I get a no route to host message find attached the dump.log of all pertinent info and thanks for the help rob merritt [EMAIL PROTECTED] -- Comment By: Lynn Avants (guitarlynn) Date: 2003-02-03 09:52 Message: Logged In: YES user_id=176069 You'll want to download and add the '8139too' module from Charles' site at: http://leaf.sourceforge.net/devel/cstein The 'small' kernel tree is for the floppy. The tulip driver will _not_ work on 8139too cards. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=679331group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-679331 ] NICs/network not comming up?
Support Requests item #679331, was opened at 2003-02-03 00:35 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=679331group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Open Priority: 5 Submitted By: rob merritt (merrittr) Assigned to: Mike Noyes (mhnoyes) Summary: NICs/network not comming up? Initial Comment: I read throuht the faqs and my logs looking for error msgs but there don't seem to be any. Here is my problem: pent 266 + 96mb ran 2 identical 8139too cards (thats what mandrake 8.2 thinks anyway and it works) in modules I have pci-scan and tulip enabled in modules but I get a no route to host message find attached the dump.log of all pertinent info and thanks for the help rob merritt [EMAIL PROTECTED] -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=679331group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-677584 ] Problems communicating via VPN
Support Requests item #677584, was opened at 2003-01-30 09:19 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677584group_id=13751 Category: packages Group: None Status: Closed Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Problems communicating via VPN Initial Comment: I'm attempting to configure a subnet to subnet VPN between two Bering uclibc v1.02 firewalls and am having difficulty. The VPN appears to be coming up, but no traffic seems to pass through it. My systems are setup as follows: workstation1 - ip 10.12.0.2 | bering gw - internal 10.12.0.1 - external 66.202.70.89 | (internet) | bering gw - internal 10.1.2.200 - external 199.224.108.200 | workstation 2 - ip 10.1.1.1 The external IPs are statically assigned, I'm not using DHCP. When entering ipsec auto --up vpn I receive the following: 104 vpn #8: STATE_MAIN_I1: initiate 106 vpn #8: STATE_MAIN_I2: sent MI2, expecting MR2 108 vpn #8: STATE_MAIN_I3: sent MI3, expecting MR3 004 vpn #8: STATE_MAIN_I4: ISAKMP SA established 112 vpn #9: STATE_QUICK_I1: initiate 004 vpn #9: STATE_QUICK_I2: sent QI2, IPsec SA established The output of ipsec look is: 000 interface ipsec0/eth0 199.224.108.200 000 000 vpn: 10.1.0.0/16===199.224.108.200---199.224.108.34...66.202.70.88---66.202.70.89===10.12.0.0/16 000 vpn: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 vpn: policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 vpn: newest ISAKMP SA: #3; newest IPsec SA: #2; eroute owner: #2 000 000 #3: vpn STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 998s; newest ISAKMP 000 #2: vpn STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23043s; newest IPSEC; eroute owner 000 #2: vpn [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] It appears the VPN is up, but 10.12.0.2 can't ping 10.1.1.1 and vice versa. My conf looks as follows: config setup interfaces=%defaultroute klipsdebug=none plutodebug=all plutoload=%search plutostart=%search conn %default type=tunnel keyexchange=ike keylife=8h keyingtries=0 authby=rsasig disablearrivalcheck=no pfs=yes conn vpn left=199.224.108.200 leftsubnet=10.1.0.0/16 leftnexthop=199.224.108.34 leftfirewall=yes right=66.202.70.89 rightsubnet=10.12.0.0/16 rightnexthop=66.202.70.88 rightfirewall=yes auto=add leftrsasigkey=(omitted) rightrsasigkey=(ommitted) I've added a zone for the VPN and have a rule similar to the following added to the Shorewall rules: vpnnet localnetACCEPT localnet vpnnet ACCEPT (sorry I don't have the exact text of these rules) hosts.allow does include an ALL: entry denoting the private network on the other end of the VPN. Do I need to perform any masquerading on the IPSEC0 interface for the nets to communicate properly? As I was searching the mailing list, I noticed conversations which mentioned an ipsec masquerade kernel driver. I can't seem to locate any info on this for Bering/uclibc. Am I missing something important? The only modules I'm loading for masquerading came with the Bering release (ip_conntrack_ftp, ip_conntrack_irc, ip_nat_ftp, and ip_nat_irc). When shorewall starts it prints a warning indicating the zone I've created for my VPN is empty. I've defined the zone by including the following in the zones file: vpnzone ipsec0 Does this warning indicate a problem? Any suggestions would be appreciated. TIA Bob -- Comment By: Bob Dushok (bdushok) Date: 2003-01-31 18:23 Message: Logged In: YES user_id=694924 Based on the most recent comment on this support request, it is our understanding that this matter has been addressed. Should you require further assistance from LEAF project members, please submit a new support request. Thank you, leaf-project.org support -- Comment By: Bob Dushok (bdushok) Date: 2003-01-31 18:23 Message: Logged In: YES user_id=694924 Tom, Thank you! The missing ipsec interface (zones file) was the problem. I've added it and the VPN is now running. Bob -- Comment By: Tom Eastep (teastep) Date: 2003-01-30 10:56 Message: Logged In: YES user_id=6546 The first time through, I missed that you have vpnzone (sic) ipsec0 in the ZONES file. The only column in that file that Shorewall pays any attention to is the first one. You need to add this to the interfaces file: extnet ipsec0 -Tom -- Comment By: Bob Dushok (bdushok) Date: 2003-01-30 10:30 Message: Logged
[leaf-user] [ leaf-Support Requests-677595 ] Problems communicating via VPN
Support Requests item #677595, was opened at 2003-01-30 09:30 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677595group_id=13751 Category: packages Group: None Status: Closed Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Problems communicating via VPN Initial Comment: I'm attempting to configure a subnet to subnet VPN between two Bering uclibc v1.02 firewalls and am having difficulty. The VPN appears to be coming up, but no traffic seems to pass through it. My systems are setup as follows: workstation1 - ip 10.12.0.2 | bering gw - internal 10.12.0.1 - external 66.202.70.89 | (internet) | bering gw - internal 10.1.2.200 - external 199.224.108.200 | workstation 2 - ip 10.1.1.1 The external IPs are statically assigned, I'm not using DHCP. When entering ipsec auto --up vpn I receive the following: 104 vpn #8: STATE_MAIN_I1: initiate 106 vpn #8: STATE_MAIN_I2: sent MI2, expecting MR2 108 vpn #8: STATE_MAIN_I3: sent MI3, expecting MR3 004 vpn #8: STATE_MAIN_I4: ISAKMP SA established 112 vpn #9: STATE_QUICK_I1: initiate 004 vpn #9: STATE_QUICK_I2: sent QI2, IPsec SA established The output of ipsec look is: 000 interface ipsec0/eth0 199.224.108.200 000 000 vpn: 10.1.0.0/16===199.224.108.200---199.224.108.34...66.202.70.88---66.202.70.89===10.12.0.0/16 000 vpn: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 vpn: policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 vpn: newest ISAKMP SA: #3; newest IPsec SA: #2; eroute owner: #2 000 000 #3: vpn STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 998s; newest ISAKMP 000 #2: vpn STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23043s; newest IPSEC; eroute owner 000 #2: vpn [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] It appears the VPN is up, but 10.12.0.2 can't ping 10.1.1.1 and vice versa. My conf looks as follows: config setup interfaces=%defaultroute klipsdebug=none plutodebug=all plutoload=%search plutostart=%search conn %default type=tunnel keyexchange=ike keylife=8h keyingtries=0 authby=rsasig disablearrivalcheck=no pfs=yes conn vpn left=199.224.108.200 leftsubnet=10.1.0.0/16 leftnexthop=199.224.108.34 leftfirewall=yes right=66.202.70.89 rightsubnet=10.12.0.0/16 rightnexthop=66.202.70.88 rightfirewall=yes auto=add leftrsasigkey=(omitted) rightrsasigkey=(ommitted) I've added a zone for the VPN and have a rule similar to the following added to the Shorewall rules: vpnnet localnetACCEPT localnet vpnnet ACCEPT (sorry I don't have the exact text of these rules) hosts.allow does include an ALL: entry denoting the private network on the other end of the VPN. Do I need to perform any masquerading on the IPSEC0 interface for the nets to communicate properly? As I was searching the mailing list, I noticed conversations which mentioned an ipsec masquerade kernel driver. I can't seem to locate any info on this for Bering/uclibc. Am I missing something important? The only modules I'm loading for masquerading came with the Bering release (ip_conntrack_ftp, ip_conntrack_irc, ip_nat_ftp, and ip_nat_irc). When shorewall starts it prints a warning indicating the zone I've created for my VPN is empty. I've defined the zone by including the following in the zones file: vpnzone ipsec0 Does this warning indicate a problem? Any suggestions would be appreciated. TIA Bob -- Comment By: Bob Dushok (bdushok) Date: 2003-01-31 18:26 Message: Logged In: YES user_id=694924 Based on the most recent comment on this support request, it is our understanding that this matter has been addressed. Should you require further assistance from LEAF project members, please submit a new support request. Thank you, leaf-project.org support -- Comment By: Bob Dushok (bdushok) Date: 2003-01-31 18:26 Message: Logged In: YES user_id=694924 Lynn, Thanks. Why I was pinging the gateway is a mystery, I know not to do that :) I accidentally submitted this support request twice (long story). In the first posting of this Tom noticed I had omitted my ipsec interface from the Shorwall zones file. That problem was preventing my VPN from running. All is well now. Thanks for the reply. BTW, your basic IPSEC documentation is excellent and helped greatly! Bob -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-30 20:02 Message: Logged In: YES user_id=176069 OK, basic IPSec stuff now. You can _not_ ping either of the gateways
[leaf-user] [ leaf-Support Requests-677584 ] Problems communicating via VPN
Support Requests item #677584, was opened at 2003-01-30 12:19 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677584group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Problems communicating via VPN Initial Comment: I'm attempting to configure a subnet to subnet VPN between two Bering uclibc v1.02 firewalls and am having difficulty. The VPN appears to be coming up, but no traffic seems to pass through it. My systems are setup as follows: workstation1 - ip 10.12.0.2 | bering gw - internal 10.12.0.1 - external 66.202.70.89 | (internet) | bering gw - internal 10.1.2.200 - external 199.224.108.200 | workstation 2 - ip 10.1.1.1 The external IPs are statically assigned, I'm not using DHCP. When entering ipsec auto --up vpn I receive the following: 104 vpn #8: STATE_MAIN_I1: initiate 106 vpn #8: STATE_MAIN_I2: sent MI2, expecting MR2 108 vpn #8: STATE_MAIN_I3: sent MI3, expecting MR3 004 vpn #8: STATE_MAIN_I4: ISAKMP SA established 112 vpn #9: STATE_QUICK_I1: initiate 004 vpn #9: STATE_QUICK_I2: sent QI2, IPsec SA established The output of ipsec look is: 000 interface ipsec0/eth0 199.224.108.200 000 000 vpn: 10.1.0.0/16===199.224.108.200---199.224.108.34...66.202.70.88---66.202.70.89===10.12.0.0/16 000 vpn: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 vpn: policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 vpn: newest ISAKMP SA: #3; newest IPsec SA: #2; eroute owner: #2 000 000 #3: vpn STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 998s; newest ISAKMP 000 #2: vpn STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23043s; newest IPSEC; eroute owner 000 #2: vpn [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] It appears the VPN is up, but 10.12.0.2 can't ping 10.1.1.1 and vice versa. My conf looks as follows: config setup interfaces=%defaultroute klipsdebug=none plutodebug=all plutoload=%search plutostart=%search conn %default type=tunnel keyexchange=ike keylife=8h keyingtries=0 authby=rsasig disablearrivalcheck=no pfs=yes conn vpn left=199.224.108.200 leftsubnet=10.1.0.0/16 leftnexthop=199.224.108.34 leftfirewall=yes right=66.202.70.89 rightsubnet=10.12.0.0/16 rightnexthop=66.202.70.88 rightfirewall=yes auto=add leftrsasigkey=(omitted) rightrsasigkey=(ommitted) I've added a zone for the VPN and have a rule similar to the following added to the Shorewall rules: vpnnet localnetACCEPT localnet vpnnet ACCEPT (sorry I don't have the exact text of these rules) hosts.allow does include an ALL: entry denoting the private network on the other end of the VPN. Do I need to perform any masquerading on the IPSEC0 interface for the nets to communicate properly? As I was searching the mailing list, I noticed conversations which mentioned an ipsec masquerade kernel driver. I can't seem to locate any info on this for Bering/uclibc. Am I missing something important? The only modules I'm loading for masquerading came with the Bering release (ip_conntrack_ftp, ip_conntrack_irc, ip_nat_ftp, and ip_nat_irc). When shorewall starts it prints a warning indicating the zone I've created for my VPN is empty. I've defined the zone by including the following in the zones file: vpnzone ipsec0 Does this warning indicate a problem? Any suggestions would be appreciated. TIA Bob -- Comment By: Bob Dushok (bdushok) Date: 2003-01-31 21:23 Message: Logged In: YES user_id=694924 Based on the most recent comment on this support request, it is our understanding that this matter has been addressed. Should you require further assistance from LEAF project members, please submit a new support request. Thank you, leaf-project.org support -- Comment By: Bob Dushok (bdushok) Date: 2003-01-31 21:23 Message: Logged In: YES user_id=694924 Tom, Thank you! The missing ipsec interface (zones file) was the problem. I've added it and the VPN is now running. Bob -- Comment By: Tom Eastep (teastep) Date: 2003-01-30 13:56 Message: Logged In: YES user_id=6546 The first time through, I missed that you have vpnzone (sic) ipsec0 in the ZONES file. The only column in that file that Shorewall pays any attention to is the first one. You need to add this to the interfaces file: extnet ipsec0 -Tom -- Comment By: Bob Dushok (bdushok) Date: 2003-01-30 13:30 Message: Logged In: YES
[leaf-user] [ leaf-Support Requests-677584 ] Problems communicating via VPN
Support Requests item #677584, was opened at 2003-01-30 12:19 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677584group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Problems communicating via VPN Initial Comment: I'm attempting to configure a subnet to subnet VPN between two Bering uclibc v1.02 firewalls and am having difficulty. The VPN appears to be coming up, but no traffic seems to pass through it. My systems are setup as follows: workstation1 - ip 10.12.0.2 | bering gw - internal 10.12.0.1 - external 66.202.70.89 | (internet) | bering gw - internal 10.1.2.200 - external 199.224.108.200 | workstation 2 - ip 10.1.1.1 The external IPs are statically assigned, I'm not using DHCP. When entering ipsec auto --up vpn I receive the following: 104 vpn #8: STATE_MAIN_I1: initiate 106 vpn #8: STATE_MAIN_I2: sent MI2, expecting MR2 108 vpn #8: STATE_MAIN_I3: sent MI3, expecting MR3 004 vpn #8: STATE_MAIN_I4: ISAKMP SA established 112 vpn #9: STATE_QUICK_I1: initiate 004 vpn #9: STATE_QUICK_I2: sent QI2, IPsec SA established The output of ipsec look is: 000 interface ipsec0/eth0 199.224.108.200 000 000 vpn: 10.1.0.0/16===199.224.108.200---199.224.108.34...66.202.70.88---66.202.70.89===10.12.0.0/16 000 vpn: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 vpn: policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 vpn: newest ISAKMP SA: #3; newest IPsec SA: #2; eroute owner: #2 000 000 #3: vpn STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 998s; newest ISAKMP 000 #2: vpn STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23043s; newest IPSEC; eroute owner 000 #2: vpn [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] It appears the VPN is up, but 10.12.0.2 can't ping 10.1.1.1 and vice versa. My conf looks as follows: config setup interfaces=%defaultroute klipsdebug=none plutodebug=all plutoload=%search plutostart=%search conn %default type=tunnel keyexchange=ike keylife=8h keyingtries=0 authby=rsasig disablearrivalcheck=no pfs=yes conn vpn left=199.224.108.200 leftsubnet=10.1.0.0/16 leftnexthop=199.224.108.34 leftfirewall=yes right=66.202.70.89 rightsubnet=10.12.0.0/16 rightnexthop=66.202.70.88 rightfirewall=yes auto=add leftrsasigkey=(omitted) rightrsasigkey=(ommitted) I've added a zone for the VPN and have a rule similar to the following added to the Shorewall rules: vpnnet localnetACCEPT localnet vpnnet ACCEPT (sorry I don't have the exact text of these rules) hosts.allow does include an ALL: entry denoting the private network on the other end of the VPN. Do I need to perform any masquerading on the IPSEC0 interface for the nets to communicate properly? As I was searching the mailing list, I noticed conversations which mentioned an ipsec masquerade kernel driver. I can't seem to locate any info on this for Bering/uclibc. Am I missing something important? The only modules I'm loading for masquerading came with the Bering release (ip_conntrack_ftp, ip_conntrack_irc, ip_nat_ftp, and ip_nat_irc). When shorewall starts it prints a warning indicating the zone I've created for my VPN is empty. I've defined the zone by including the following in the zones file: vpnzone ipsec0 Does this warning indicate a problem? Any suggestions would be appreciated. TIA Bob -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677584group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-677595 ] Problems communicating via VPN
Support Requests item #677595, was opened at 2003-01-30 12:30 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677595group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Problems communicating via VPN Initial Comment: I'm attempting to configure a subnet to subnet VPN between two Bering uclibc v1.02 firewalls and am having difficulty. The VPN appears to be coming up, but no traffic seems to pass through it. My systems are setup as follows: workstation1 - ip 10.12.0.2 | bering gw - internal 10.12.0.1 - external 66.202.70.89 | (internet) | bering gw - internal 10.1.2.200 - external 199.224.108.200 | workstation 2 - ip 10.1.1.1 The external IPs are statically assigned, I'm not using DHCP. When entering ipsec auto --up vpn I receive the following: 104 vpn #8: STATE_MAIN_I1: initiate 106 vpn #8: STATE_MAIN_I2: sent MI2, expecting MR2 108 vpn #8: STATE_MAIN_I3: sent MI3, expecting MR3 004 vpn #8: STATE_MAIN_I4: ISAKMP SA established 112 vpn #9: STATE_QUICK_I1: initiate 004 vpn #9: STATE_QUICK_I2: sent QI2, IPsec SA established The output of ipsec look is: 000 interface ipsec0/eth0 199.224.108.200 000 000 vpn: 10.1.0.0/16===199.224.108.200---199.224.108.34...66.202.70.88---66.202.70.89===10.12.0.0/16 000 vpn: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 vpn: policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 vpn: newest ISAKMP SA: #3; newest IPsec SA: #2; eroute owner: #2 000 000 #3: vpn STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 998s; newest ISAKMP 000 #2: vpn STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23043s; newest IPSEC; eroute owner 000 #2: vpn [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] It appears the VPN is up, but 10.12.0.2 can't ping 10.1.1.1 and vice versa. My conf looks as follows: config setup interfaces=%defaultroute klipsdebug=none plutodebug=all plutoload=%search plutostart=%search conn %default type=tunnel keyexchange=ike keylife=8h keyingtries=0 authby=rsasig disablearrivalcheck=no pfs=yes conn vpn left=199.224.108.200 leftsubnet=10.1.0.0/16 leftnexthop=199.224.108.34 leftfirewall=yes right=66.202.70.89 rightsubnet=10.12.0.0/16 rightnexthop=66.202.70.88 rightfirewall=yes auto=add leftrsasigkey=(omitted) rightrsasigkey=(ommitted) I've added a zone for the VPN and have a rule similar to the following added to the Shorewall rules: vpnnet localnetACCEPT localnet vpnnet ACCEPT (sorry I don't have the exact text of these rules) hosts.allow does include an ALL: entry denoting the private network on the other end of the VPN. Do I need to perform any masquerading on the IPSEC0 interface for the nets to communicate properly? As I was searching the mailing list, I noticed conversations which mentioned an ipsec masquerade kernel driver. I can't seem to locate any info on this for Bering/uclibc. Am I missing something important? The only modules I'm loading for masquerading came with the Bering release (ip_conntrack_ftp, ip_conntrack_irc, ip_nat_ftp, and ip_nat_irc). When shorewall starts it prints a warning indicating the zone I've created for my VPN is empty. I've defined the zone by including the following in the zones file: vpnzone ipsec0 Does this warning indicate a problem? Any suggestions would be appreciated. TIA Bob -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677595group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-677584 ] Problems communicating via VPN
Support Requests item #677584, was opened at 2003-01-30 17:19 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677584group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Problems communicating via VPN Initial Comment: I'm attempting to configure a subnet to subnet VPN between two Bering uclibc v1.02 firewalls and am having difficulty. The VPN appears to be coming up, but no traffic seems to pass through it. My systems are setup as follows: workstation1 - ip 10.12.0.2 | bering gw - internal 10.12.0.1 - external 66.202.70.89 | (internet) | bering gw - internal 10.1.2.200 - external 199.224.108.200 | workstation 2 - ip 10.1.1.1 The external IPs are statically assigned, I'm not using DHCP. When entering ipsec auto --up vpn I receive the following: 104 vpn #8: STATE_MAIN_I1: initiate 106 vpn #8: STATE_MAIN_I2: sent MI2, expecting MR2 108 vpn #8: STATE_MAIN_I3: sent MI3, expecting MR3 004 vpn #8: STATE_MAIN_I4: ISAKMP SA established 112 vpn #9: STATE_QUICK_I1: initiate 004 vpn #9: STATE_QUICK_I2: sent QI2, IPsec SA established The output of ipsec look is: 000 interface ipsec0/eth0 199.224.108.200 000 000 vpn: 10.1.0.0/16===199.224.108.200---199.224.108.34...66.202.70.88---66.202.70.89===10.12.0.0/16 000 vpn: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 vpn: policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 vpn: newest ISAKMP SA: #3; newest IPsec SA: #2; eroute owner: #2 000 000 #3: vpn STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 998s; newest ISAKMP 000 #2: vpn STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23043s; newest IPSEC; eroute owner 000 #2: vpn [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] It appears the VPN is up, but 10.12.0.2 can't ping 10.1.1.1 and vice versa. My conf looks as follows: config setup interfaces=%defaultroute klipsdebug=none plutodebug=all plutoload=%search plutostart=%search conn %default type=tunnel keyexchange=ike keylife=8h keyingtries=0 authby=rsasig disablearrivalcheck=no pfs=yes conn vpn left=199.224.108.200 leftsubnet=10.1.0.0/16 leftnexthop=199.224.108.34 leftfirewall=yes right=66.202.70.89 rightsubnet=10.12.0.0/16 rightnexthop=66.202.70.88 rightfirewall=yes auto=add leftrsasigkey=(omitted) rightrsasigkey=(ommitted) I've added a zone for the VPN and have a rule similar to the following added to the Shorewall rules: vpnnet localnetACCEPT localnet vpnnet ACCEPT (sorry I don't have the exact text of these rules) hosts.allow does include an ALL: entry denoting the private network on the other end of the VPN. Do I need to perform any masquerading on the IPSEC0 interface for the nets to communicate properly? As I was searching the mailing list, I noticed conversations which mentioned an ipsec masquerade kernel driver. I can't seem to locate any info on this for Bering/uclibc. Am I missing something important? The only modules I'm loading for masquerading came with the Bering release (ip_conntrack_ftp, ip_conntrack_irc, ip_nat_ftp, and ip_nat_irc). When shorewall starts it prints a warning indicating the zone I've created for my VPN is empty. I've defined the zone by including the following in the zones file: vpnzone ipsec0 Does this warning indicate a problem? Any suggestions would be appreciated. TIA Bob -- Comment By: Tom Eastep (teastep) Date: 2003-01-30 17:41 Message: Logged In: YES user_id=6546 Bob, You are asking busy people for free technical assistance yet you can't be bothered to collect the relevant information? (ref: sorry I don't have the exact text of these rules) The fact that Shorewall is reporting an empty zone is probably a key symptom but without the contents of the 'zones', 'interfaces', 'hosts' and 'tunnels' files from your /etc/shorewall directory it would be a wild guess to try to tell you what might be wrong. -Tom -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677584group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-677584 ] Problems communicating via VPN
Support Requests item #677584, was opened at 2003-01-30 18:19 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677584group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Problems communicating via VPN Initial Comment: I'm attempting to configure a subnet to subnet VPN between two Bering uclibc v1.02 firewalls and am having difficulty. The VPN appears to be coming up, but no traffic seems to pass through it. My systems are setup as follows: workstation1 - ip 10.12.0.2 | bering gw - internal 10.12.0.1 - external 66.202.70.89 | (internet) | bering gw - internal 10.1.2.200 - external 199.224.108.200 | workstation 2 - ip 10.1.1.1 The external IPs are statically assigned, I'm not using DHCP. When entering ipsec auto --up vpn I receive the following: 104 vpn #8: STATE_MAIN_I1: initiate 106 vpn #8: STATE_MAIN_I2: sent MI2, expecting MR2 108 vpn #8: STATE_MAIN_I3: sent MI3, expecting MR3 004 vpn #8: STATE_MAIN_I4: ISAKMP SA established 112 vpn #9: STATE_QUICK_I1: initiate 004 vpn #9: STATE_QUICK_I2: sent QI2, IPsec SA established The output of ipsec look is: 000 interface ipsec0/eth0 199.224.108.200 000 000 vpn: 10.1.0.0/16===199.224.108.200---199.224.108.34...66.202.70.88---66.202.70.89===10.12.0.0/16 000 vpn: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 vpn: policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 vpn: newest ISAKMP SA: #3; newest IPsec SA: #2; eroute owner: #2 000 000 #3: vpn STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 998s; newest ISAKMP 000 #2: vpn STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23043s; newest IPSEC; eroute owner 000 #2: vpn [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] It appears the VPN is up, but 10.12.0.2 can't ping 10.1.1.1 and vice versa. My conf looks as follows: config setup interfaces=%defaultroute klipsdebug=none plutodebug=all plutoload=%search plutostart=%search conn %default type=tunnel keyexchange=ike keylife=8h keyingtries=0 authby=rsasig disablearrivalcheck=no pfs=yes conn vpn left=199.224.108.200 leftsubnet=10.1.0.0/16 leftnexthop=199.224.108.34 leftfirewall=yes right=66.202.70.89 rightsubnet=10.12.0.0/16 rightnexthop=66.202.70.88 rightfirewall=yes auto=add leftrsasigkey=(omitted) rightrsasigkey=(ommitted) I've added a zone for the VPN and have a rule similar to the following added to the Shorewall rules: vpnnet localnetACCEPT localnet vpnnet ACCEPT (sorry I don't have the exact text of these rules) hosts.allow does include an ALL: entry denoting the private network on the other end of the VPN. Do I need to perform any masquerading on the IPSEC0 interface for the nets to communicate properly? As I was searching the mailing list, I noticed conversations which mentioned an ipsec masquerade kernel driver. I can't seem to locate any info on this for Bering/uclibc. Am I missing something important? The only modules I'm loading for masquerading came with the Bering release (ip_conntrack_ftp, ip_conntrack_irc, ip_nat_ftp, and ip_nat_irc). When shorewall starts it prints a warning indicating the zone I've created for my VPN is empty. I've defined the zone by including the following in the zones file: vpnzone ipsec0 Does this warning indicate a problem? Any suggestions would be appreciated. TIA Bob -- Comment By: KP Kirchdörfer (kapeka) Date: 2003-01-30 19:14 Message: Logged In: YES user_id=204664 Lynn Avants advice in his ipsec doc for LEAF is to omitt the left- and rightfirewall. I cannot see a real error in your ipsec settings, but I'm no expert. I guess you should provide your shorewall settings, esp: zones interfaces policy rules tunnels I have an ipsec tunnel up and running, without touching masq. I'm not shure, if that's all correct and safe, but it's working. kp -- Comment By: Tom Eastep (teastep) Date: 2003-01-30 18:41 Message: Logged In: YES user_id=6546 Bob, You are asking busy people for free technical assistance yet you can't be bothered to collect the relevant information? (ref: sorry I don't have the exact text of these rules) The fact that Shorewall is reporting an empty zone is probably a key symptom but without the contents of the 'zones', 'interfaces', 'hosts' and 'tunnels' files from your /etc/shorewall directory it would be a wild guess to try to tell you what might be wrong. -Tom -- You can respond
[leaf-user] [ leaf-Support Requests-677584 ] Problems communicating via VPN
Support Requests item #677584, was opened at 2003-01-30 12:19 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677584group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Problems communicating via VPN Initial Comment: I'm attempting to configure a subnet to subnet VPN between two Bering uclibc v1.02 firewalls and am having difficulty. The VPN appears to be coming up, but no traffic seems to pass through it. My systems are setup as follows: workstation1 - ip 10.12.0.2 | bering gw - internal 10.12.0.1 - external 66.202.70.89 | (internet) | bering gw - internal 10.1.2.200 - external 199.224.108.200 | workstation 2 - ip 10.1.1.1 The external IPs are statically assigned, I'm not using DHCP. When entering ipsec auto --up vpn I receive the following: 104 vpn #8: STATE_MAIN_I1: initiate 106 vpn #8: STATE_MAIN_I2: sent MI2, expecting MR2 108 vpn #8: STATE_MAIN_I3: sent MI3, expecting MR3 004 vpn #8: STATE_MAIN_I4: ISAKMP SA established 112 vpn #9: STATE_QUICK_I1: initiate 004 vpn #9: STATE_QUICK_I2: sent QI2, IPsec SA established The output of ipsec look is: 000 interface ipsec0/eth0 199.224.108.200 000 000 vpn: 10.1.0.0/16===199.224.108.200---199.224.108.34...66.202.70.88---66.202.70.89===10.12.0.0/16 000 vpn: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 vpn: policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 vpn: newest ISAKMP SA: #3; newest IPsec SA: #2; eroute owner: #2 000 000 #3: vpn STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 998s; newest ISAKMP 000 #2: vpn STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23043s; newest IPSEC; eroute owner 000 #2: vpn [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] It appears the VPN is up, but 10.12.0.2 can't ping 10.1.1.1 and vice versa. My conf looks as follows: config setup interfaces=%defaultroute klipsdebug=none plutodebug=all plutoload=%search plutostart=%search conn %default type=tunnel keyexchange=ike keylife=8h keyingtries=0 authby=rsasig disablearrivalcheck=no pfs=yes conn vpn left=199.224.108.200 leftsubnet=10.1.0.0/16 leftnexthop=199.224.108.34 leftfirewall=yes right=66.202.70.89 rightsubnet=10.12.0.0/16 rightnexthop=66.202.70.88 rightfirewall=yes auto=add leftrsasigkey=(omitted) rightrsasigkey=(ommitted) I've added a zone for the VPN and have a rule similar to the following added to the Shorewall rules: vpnnet localnetACCEPT localnet vpnnet ACCEPT (sorry I don't have the exact text of these rules) hosts.allow does include an ALL: entry denoting the private network on the other end of the VPN. Do I need to perform any masquerading on the IPSEC0 interface for the nets to communicate properly? As I was searching the mailing list, I noticed conversations which mentioned an ipsec masquerade kernel driver. I can't seem to locate any info on this for Bering/uclibc. Am I missing something important? The only modules I'm loading for masquerading came with the Bering release (ip_conntrack_ftp, ip_conntrack_irc, ip_nat_ftp, and ip_nat_irc). When shorewall starts it prints a warning indicating the zone I've created for my VPN is empty. I've defined the zone by including the following in the zones file: vpnzone ipsec0 Does this warning indicate a problem? Any suggestions would be appreciated. TIA Bob -- Comment By: Bob Dushok (bdushok) Date: 2003-01-30 13:24 Message: Logged In: YES user_id=694924 Tom, Thanks for the reply. I'm sorry if my message implied I don't value the support you're providing. I completely forgot about the zones, interfaces, hosts, and tunnels files but have attached them below. Bob hosts: (nothing, only comments that were present in file included with distribution) interfaces: net eth0detect norfc1918 admin eth1detect routestopped tunnels: ipsec net 66.202.70.89/24 extnet zones: extnet ipsec0 net Internet admin Admin -- Comment By: KP Kirchdörfer (kapeka) Date: 2003-01-30 13:14 Message: Logged In: YES user_id=204664 Lynn Avants advice in his ipsec doc for LEAF is to omitt the left- and rightfirewall. I cannot see a real error in your ipsec settings, but I'm no expert. I guess you should provide your shorewall settings, esp: zones interfaces policy rules tunnels I have an ipsec tunnel up and running, without touching masq. I'm not shure, if that's all correct and safe, but it's
[leaf-user] [ leaf-Support Requests-677584 ] Problems communicating via VPN
Support Requests item #677584, was opened at 2003-01-30 12:19 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677584group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Problems communicating via VPN Initial Comment: I'm attempting to configure a subnet to subnet VPN between two Bering uclibc v1.02 firewalls and am having difficulty. The VPN appears to be coming up, but no traffic seems to pass through it. My systems are setup as follows: workstation1 - ip 10.12.0.2 | bering gw - internal 10.12.0.1 - external 66.202.70.89 | (internet) | bering gw - internal 10.1.2.200 - external 199.224.108.200 | workstation 2 - ip 10.1.1.1 The external IPs are statically assigned, I'm not using DHCP. When entering ipsec auto --up vpn I receive the following: 104 vpn #8: STATE_MAIN_I1: initiate 106 vpn #8: STATE_MAIN_I2: sent MI2, expecting MR2 108 vpn #8: STATE_MAIN_I3: sent MI3, expecting MR3 004 vpn #8: STATE_MAIN_I4: ISAKMP SA established 112 vpn #9: STATE_QUICK_I1: initiate 004 vpn #9: STATE_QUICK_I2: sent QI2, IPsec SA established The output of ipsec look is: 000 interface ipsec0/eth0 199.224.108.200 000 000 vpn: 10.1.0.0/16===199.224.108.200---199.224.108.34...66.202.70.88---66.202.70.89===10.12.0.0/16 000 vpn: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 vpn: policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 vpn: newest ISAKMP SA: #3; newest IPsec SA: #2; eroute owner: #2 000 000 #3: vpn STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 998s; newest ISAKMP 000 #2: vpn STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23043s; newest IPSEC; eroute owner 000 #2: vpn [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] It appears the VPN is up, but 10.12.0.2 can't ping 10.1.1.1 and vice versa. My conf looks as follows: config setup interfaces=%defaultroute klipsdebug=none plutodebug=all plutoload=%search plutostart=%search conn %default type=tunnel keyexchange=ike keylife=8h keyingtries=0 authby=rsasig disablearrivalcheck=no pfs=yes conn vpn left=199.224.108.200 leftsubnet=10.1.0.0/16 leftnexthop=199.224.108.34 leftfirewall=yes right=66.202.70.89 rightsubnet=10.12.0.0/16 rightnexthop=66.202.70.88 rightfirewall=yes auto=add leftrsasigkey=(omitted) rightrsasigkey=(ommitted) I've added a zone for the VPN and have a rule similar to the following added to the Shorewall rules: vpnnet localnetACCEPT localnet vpnnet ACCEPT (sorry I don't have the exact text of these rules) hosts.allow does include an ALL: entry denoting the private network on the other end of the VPN. Do I need to perform any masquerading on the IPSEC0 interface for the nets to communicate properly? As I was searching the mailing list, I noticed conversations which mentioned an ipsec masquerade kernel driver. I can't seem to locate any info on this for Bering/uclibc. Am I missing something important? The only modules I'm loading for masquerading came with the Bering release (ip_conntrack_ftp, ip_conntrack_irc, ip_nat_ftp, and ip_nat_irc). When shorewall starts it prints a warning indicating the zone I've created for my VPN is empty. I've defined the zone by including the following in the zones file: vpnzone ipsec0 Does this warning indicate a problem? Any suggestions would be appreciated. TIA Bob -- Comment By: Bob Dushok (bdushok) Date: 2003-01-30 13:30 Message: Logged In: YES user_id=694924 Kp, Thanks, I'll try removing left/rightfirewall=yes and will add a rule to allow connections on ports 50 and 51. My policy and rules are as follows: policy: #SOURCE DESTPOLICY LOG LEVEL LIMIT:BURST admin net ACCEPT fw extnet ACCEPT admin extnet ACCEPT extnet admin ACCEPT fw net ACCEPT net all DROP info all all REJECT info Rules: ACCEPT fwnet tcp 53 ACCEPT fwnet udp 53 ACCEPT admin fwudp 53 ACCEPT fwnet tcp 37 ACCEPT fwnet tcp 25 ACCEPT net fwudp 500 Thanks, Bob -- Comment By: Bob Dushok (bdushok) Date: 2003-01-30 13:24 Message: Logged In: YES user_id=694924 Tom, Thanks for the reply. I'm sorry if my message implied I
[leaf-user] [ leaf-Support Requests-677595 ] Problems communicating via VPN
Support Requests item #677595, was opened at 2003-01-30 11:30 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677595group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Problems communicating via VPN Initial Comment: I'm attempting to configure a subnet to subnet VPN between two Bering uclibc v1.02 firewalls and am having difficulty. The VPN appears to be coming up, but no traffic seems to pass through it. My systems are setup as follows: workstation1 - ip 10.12.0.2 | bering gw - internal 10.12.0.1 - external 66.202.70.89 | (internet) | bering gw - internal 10.1.2.200 - external 199.224.108.200 | workstation 2 - ip 10.1.1.1 The external IPs are statically assigned, I'm not using DHCP. When entering ipsec auto --up vpn I receive the following: 104 vpn #8: STATE_MAIN_I1: initiate 106 vpn #8: STATE_MAIN_I2: sent MI2, expecting MR2 108 vpn #8: STATE_MAIN_I3: sent MI3, expecting MR3 004 vpn #8: STATE_MAIN_I4: ISAKMP SA established 112 vpn #9: STATE_QUICK_I1: initiate 004 vpn #9: STATE_QUICK_I2: sent QI2, IPsec SA established The output of ipsec look is: 000 interface ipsec0/eth0 199.224.108.200 000 000 vpn: 10.1.0.0/16===199.224.108.200---199.224.108.34...66.202.70.88---66.202.70.89===10.12.0.0/16 000 vpn: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 vpn: policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 vpn: newest ISAKMP SA: #3; newest IPsec SA: #2; eroute owner: #2 000 000 #3: vpn STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 998s; newest ISAKMP 000 #2: vpn STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 23043s; newest IPSEC; eroute owner 000 #2: vpn [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] It appears the VPN is up, but 10.12.0.2 can't ping 10.1.1.1 and vice versa. My conf looks as follows: config setup interfaces=%defaultroute klipsdebug=none plutodebug=all plutoload=%search plutostart=%search conn %default type=tunnel keyexchange=ike keylife=8h keyingtries=0 authby=rsasig disablearrivalcheck=no pfs=yes conn vpn left=199.224.108.200 leftsubnet=10.1.0.0/16 leftnexthop=199.224.108.34 leftfirewall=yes right=66.202.70.89 rightsubnet=10.12.0.0/16 rightnexthop=66.202.70.88 rightfirewall=yes auto=add leftrsasigkey=(omitted) rightrsasigkey=(ommitted) I've added a zone for the VPN and have a rule similar to the following added to the Shorewall rules: vpnnet localnetACCEPT localnet vpnnet ACCEPT (sorry I don't have the exact text of these rules) hosts.allow does include an ALL: entry denoting the private network on the other end of the VPN. Do I need to perform any masquerading on the IPSEC0 interface for the nets to communicate properly? As I was searching the mailing list, I noticed conversations which mentioned an ipsec masquerade kernel driver. I can't seem to locate any info on this for Bering/uclibc. Am I missing something important? The only modules I'm loading for masquerading came with the Bering release (ip_conntrack_ftp, ip_conntrack_irc, ip_nat_ftp, and ip_nat_irc). When shorewall starts it prints a warning indicating the zone I've created for my VPN is empty. I've defined the zone by including the following in the zones file: vpnzone ipsec0 Does this warning indicate a problem? Any suggestions would be appreciated. TIA Bob -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-30 22:02 Message: Logged In: YES user_id=176069 OK, basic IPSec stuff now. You can _not_ ping either of the gateways with IPSec with a tunnel, only machines on the VPN _behind_ the gateways. Try pinging a client on one subnet from a client on the other subnet. To ping either gateway, another link must be brought up that is a host connection as opposed to a gw-tunnel. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=677595group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-675725 ] IPSEC error messages
Support Requests item #675725, was opened at 2003-01-27 22:05 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=675725group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: KP Kirchdörfer (kapeka) Summary: IPSEC error messages Initial Comment: I'm using the uclibc version of Bering (1.0.2) and am attempting to use ipsec. I've downloaded ipsec.o from http://leaf.sourceforge.net/devel/jnilo/bering/latest/module s/2.4.18/kernel/net/ipsec and placed it into the /lib/modules directory. I've modified /etc/modules to load the module on startup. When the system boots I receive three errors as follows: /sbin/ipsec: /lib/ipsec/eroute : not found /sbin/ipsec: /lib/ipsec/spi : not found /sbin/ipsec: /lib/ipsec/tncfg : not found Similar errors referring to the files /lib/ipsec/spi and /lib/ipsec/tncfg appear on shutdown. My copy of ipsec.lrp was downloaded from http://cvs.sourceforge.net/cgi- bin/viewcvs.cgi/leaf/bin/packages/uclibc/0_9_15/ipsec.lrp Is this the correct version to be used with the ipsec.o file I downloaded for the uclibc Bering release? I have verified the /sbin/ipsec binary is present and working. For example, /sbin/ipsec barf works perfectly. The binaries at /lib/ipsec appear to be the problem. For example, /lib/ipsec/eroute prints: /lib/ipsec/eroute: not found. I receive this error when I attempt to execute any of the three files mentioned in the error above. The files appear to be elf executables. Are there any specific libraries needed for these executables? I can only find a reference to mawk, which I've loaded by including in the LRP line within my syslinux.cfg file. Thanks, Bob -- Comment By: KP Kirchdörfer (kapeka) Date: 2003-01-29 18:01 Message: Logged In: YES user_id=204664 Lynn; there is no need to build modules for uClibc. We can use those provided with Bering. I'm almost shure the error described in the request is not related to kernel version, glibc/uClibc - in fact I'm running ipsec with nearly the same setup (kernel 2.4.20 instead of 2.4.18 and realted modules). kp -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 23:54 Message: Logged In: YES user_id=176069 Sorry KP, I was attempting (badly) to say that the 'jnilo' module cannot be used with uClibc-Bering. Thanks for the response. -- Comment By: KP Kirchdörfer (kapeka) Date: 2003-01-28 18:24 Message: Logged In: YES user_id=204664 The ipsec.lrp you've downloaded _is_ compiled with uClibc. Can you verify that ipsec.o is loaded? I don't load it from /etc/modules, instead it's loaded from /etc/init.d/ipsec start. hope that helps kp -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 00:07 Message: Logged In: YES user_id=176069 Ipsec that you are using is compiled with glibc-2.0.7 instead of uClibcthus the lib errors. You can use an ipsec package if one is available in the uClibc cvs area of the LEAF site or compile your own with uClibc. There are many script changes to the ipsec package, so if you compile your own, you will probably want to change out the old libs with the freshly compiled ones. ~Lynn Avants -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=675725group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-675725 ] IPSEC error messages
Support Requests item #675725, was opened at 2003-01-27 15:05 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=675725group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: KP Kirchdörfer (kapeka) Summary: IPSEC error messages Initial Comment: I'm using the uclibc version of Bering (1.0.2) and am attempting to use ipsec. I've downloaded ipsec.o from http://leaf.sourceforge.net/devel/jnilo/bering/latest/module s/2.4.18/kernel/net/ipsec and placed it into the /lib/modules directory. I've modified /etc/modules to load the module on startup. When the system boots I receive three errors as follows: /sbin/ipsec: /lib/ipsec/eroute : not found /sbin/ipsec: /lib/ipsec/spi : not found /sbin/ipsec: /lib/ipsec/tncfg : not found Similar errors referring to the files /lib/ipsec/spi and /lib/ipsec/tncfg appear on shutdown. My copy of ipsec.lrp was downloaded from http://cvs.sourceforge.net/cgi- bin/viewcvs.cgi/leaf/bin/packages/uclibc/0_9_15/ipsec.lrp Is this the correct version to be used with the ipsec.o file I downloaded for the uclibc Bering release? I have verified the /sbin/ipsec binary is present and working. For example, /sbin/ipsec barf works perfectly. The binaries at /lib/ipsec appear to be the problem. For example, /lib/ipsec/eroute prints: /lib/ipsec/eroute: not found. I receive this error when I attempt to execute any of the three files mentioned in the error above. The files appear to be elf executables. Are there any specific libraries needed for these executables? I can only find a reference to mawk, which I've loaded by including in the LRP line within my syslinux.cfg file. Thanks, Bob -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-29 11:24 Message: Logged In: YES user_id=176069 Ok, that makes since since the kernel doesn't use any libs. Thank-you for clarifying, since I appear to be going a little braindead. Going the background to recoup a few braincells. ;-) ~Lynn -- Comment By: KP Kirchdörfer (kapeka) Date: 2003-01-29 11:01 Message: Logged In: YES user_id=204664 Lynn; there is no need to build modules for uClibc. We can use those provided with Bering. I'm almost shure the error described in the request is not related to kernel version, glibc/uClibc - in fact I'm running ipsec with nearly the same setup (kernel 2.4.20 instead of 2.4.18 and realted modules). kp -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 16:54 Message: Logged In: YES user_id=176069 Sorry KP, I was attempting (badly) to say that the 'jnilo' module cannot be used with uClibc-Bering. Thanks for the response. -- Comment By: KP Kirchdörfer (kapeka) Date: 2003-01-28 11:24 Message: Logged In: YES user_id=204664 The ipsec.lrp you've downloaded _is_ compiled with uClibc. Can you verify that ipsec.o is loaded? I don't load it from /etc/modules, instead it's loaded from /etc/init.d/ipsec start. hope that helps kp -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-27 17:07 Message: Logged In: YES user_id=176069 Ipsec that you are using is compiled with glibc-2.0.7 instead of uClibcthus the lib errors. You can use an ipsec package if one is available in the uClibc cvs area of the LEAF site or compile your own with uClibc. There are many script changes to the ipsec package, so if you compile your own, you will probably want to change out the old libs with the freshly compiled ones. ~Lynn Avants -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=675725group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-675725 ] IPSEC error messages
Support Requests item #675725, was opened at 2003-01-27 16:05 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=675725group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: KP Kirchdörfer (kapeka) Summary: IPSEC error messages Initial Comment: I'm using the uclibc version of Bering (1.0.2) and am attempting to use ipsec. I've downloaded ipsec.o from http://leaf.sourceforge.net/devel/jnilo/bering/latest/module s/2.4.18/kernel/net/ipsec and placed it into the /lib/modules directory. I've modified /etc/modules to load the module on startup. When the system boots I receive three errors as follows: /sbin/ipsec: /lib/ipsec/eroute : not found /sbin/ipsec: /lib/ipsec/spi : not found /sbin/ipsec: /lib/ipsec/tncfg : not found Similar errors referring to the files /lib/ipsec/spi and /lib/ipsec/tncfg appear on shutdown. My copy of ipsec.lrp was downloaded from http://cvs.sourceforge.net/cgi- bin/viewcvs.cgi/leaf/bin/packages/uclibc/0_9_15/ipsec.lrp Is this the correct version to be used with the ipsec.o file I downloaded for the uclibc Bering release? I have verified the /sbin/ipsec binary is present and working. For example, /sbin/ipsec barf works perfectly. The binaries at /lib/ipsec appear to be the problem. For example, /lib/ipsec/eroute prints: /lib/ipsec/eroute: not found. I receive this error when I attempt to execute any of the three files mentioned in the error above. The files appear to be elf executables. Are there any specific libraries needed for these executables? I can only find a reference to mawk, which I've loaded by including in the LRP line within my syslinux.cfg file. Thanks, Bob -- Comment By: Bob Dushok (bdushok) Date: 2003-01-29 14:08 Message: Logged In: YES user_id=694924 Based on the most recent comment on this support request, it is our understanding that this matter has been addressed. Should you require further assistance from LEAF project members, please submit a new support request. Thank you, leaf-project.org support -- Comment By: Bob Dushok (bdushok) Date: 2003-01-29 14:08 Message: Logged In: YES user_id=694924 The problem wasn't with the kernel module, but with the lrp itself. I downloaded a new copy as well as the kernel module from the Bering uclibc cvs and the problem is resolved. Thanks for the help! Bob -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-29 12:24 Message: Logged In: YES user_id=176069 Ok, that makes since since the kernel doesn't use any libs. Thank-you for clarifying, since I appear to be going a little braindead. Going the background to recoup a few braincells. ;-) ~Lynn -- Comment By: KP Kirchdörfer (kapeka) Date: 2003-01-29 12:01 Message: Logged In: YES user_id=204664 Lynn; there is no need to build modules for uClibc. We can use those provided with Bering. I'm almost shure the error described in the request is not related to kernel version, glibc/uClibc - in fact I'm running ipsec with nearly the same setup (kernel 2.4.20 instead of 2.4.18 and realted modules). kp -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 17:54 Message: Logged In: YES user_id=176069 Sorry KP, I was attempting (badly) to say that the 'jnilo' module cannot be used with uClibc-Bering. Thanks for the response. -- Comment By: KP Kirchdörfer (kapeka) Date: 2003-01-28 12:24 Message: Logged In: YES user_id=204664 The ipsec.lrp you've downloaded _is_ compiled with uClibc. Can you verify that ipsec.o is loaded? I don't load it from /etc/modules, instead it's loaded from /etc/init.d/ipsec start. hope that helps kp -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-27 18:07 Message: Logged In: YES user_id=176069 Ipsec that you are using is compiled with glibc-2.0.7 instead of uClibcthus the lib errors. You can use an ipsec package if one is available in the uClibc cvs area of the LEAF site or compile your own with uClibc. There are many script changes to the ipsec package, so if you compile your own, you will probably want to change out the old libs with the freshly compiled ones. ~Lynn Avants -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=675725group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM
[leaf-user] [ leaf-Support Requests-675725 ] IPSEC error messages
Support Requests item #675725, was opened at 2003-01-27 22:05 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=675725group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: IPSEC error messages Initial Comment: I'm using the uclibc version of Bering (1.0.2) and am attempting to use ipsec. I've downloaded ipsec.o from http://leaf.sourceforge.net/devel/jnilo/bering/latest/module s/2.4.18/kernel/net/ipsec and placed it into the /lib/modules directory. I've modified /etc/modules to load the module on startup. When the system boots I receive three errors as follows: /sbin/ipsec: /lib/ipsec/eroute : not found /sbin/ipsec: /lib/ipsec/spi : not found /sbin/ipsec: /lib/ipsec/tncfg : not found Similar errors referring to the files /lib/ipsec/spi and /lib/ipsec/tncfg appear on shutdown. My copy of ipsec.lrp was downloaded from http://cvs.sourceforge.net/cgi- bin/viewcvs.cgi/leaf/bin/packages/uclibc/0_9_15/ipsec.lrp Is this the correct version to be used with the ipsec.o file I downloaded for the uclibc Bering release? I have verified the /sbin/ipsec binary is present and working. For example, /sbin/ipsec barf works perfectly. The binaries at /lib/ipsec appear to be the problem. For example, /lib/ipsec/eroute prints: /lib/ipsec/eroute: not found. I receive this error when I attempt to execute any of the three files mentioned in the error above. The files appear to be elf executables. Are there any specific libraries needed for these executables? I can only find a reference to mawk, which I've loaded by including in the LRP line within my syslinux.cfg file. Thanks, Bob -- Comment By: KP Kirchdörfer (kapeka) Date: 2003-01-28 18:24 Message: Logged In: YES user_id=204664 The ipsec.lrp you've downloaded _is_ compiled with uClibc. Can you verify that ipsec.o is loaded? I don't load it from /etc/modules, instead it's loaded from /etc/init.d/ipsec start. hope that helps kp -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 00:07 Message: Logged In: YES user_id=176069 Ipsec that you are using is compiled with glibc-2.0.7 instead of uClibcthus the lib errors. You can use an ipsec package if one is available in the uClibc cvs area of the LEAF site or compile your own with uClibc. There are many script changes to the ipsec package, so if you compile your own, you will probably want to change out the old libs with the freshly compiled ones. ~Lynn Avants -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=675725group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-594097 ] Dachstein will not start on 486/100.....
Support Requests item #594097, was opened at 2002-08-12 10:57 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=594097group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Closed Priority: 5 Submitted By: Dion Bird (dionb98) Assigned to: Mike Noyes (mhnoyes) Summary: Dachstein will not start on 486/100. Initial Comment: Dachstein will not start on my 486 DX4/100 with 32MB of RAM. Here is a summary of the boot process before it locks up. IP Filters: [IP Forwarding: DISABLED] flushed SIOCGIFFLAGS: Operation not supported by device Bind socket to interface: Operation not supported by device exiting Starting Network: [IP Always Defrag: ENABLED] IP filters: firewall [IP Forwarding: ENABLED] Loopback interface: lo Starting interface: Cannot find device eth1 SIOCGIFFLAGS: Operation not supported by device eth1 Hostname: firewall Static NS: 2 hosts At this point the cursor just sits and flashes. On my other systems the disk will boot completely, with the summary I have provided, same as what's written above. (Including the operation not supported by device stuff) Any insight on why it won't continue past this point on the 486? As I said before it is a 486 DX4/100 with 32MB RAM. I have stripped it down to just the PCI video card and the PCI NIC card. I've tried booting it with no NIC card, and 1 card and 2 cards. If I boot the system under Windows 98, it will detect the network cards so they appear to be functioning. I would appreciate any suggestions you have. Dion -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 16:56 Message: Logged In: YES user_id=176069 I am closing this request due to lack of a response. If there are still any issues, please open a new request. -- Comment By: magic freeman (kiwispaniol) Date: 2002-11-16 04:21 Message: Logged In: YES user_id=650015 hi Dion sorry for asking about other stuff does this Dachstein supports dial on demand (56k modem) today is the first time i read about it, i cant find more info about it. cheers mate freeman -- Comment By: Nobody/Anonymous (nobody) Date: 2002-08-14 09:30 Message: Logged In: NO Have you configured the NIC's with DOS?, What is the make and model of your NIC's Are you loading the right drivers? example: NE2000-pci = pciscan + 8390 + ne2k-pci modules to load. Is your BIOS set to PNP os? Peter -- Comment By: Lynn Avants (guitarlynn) Date: 2002-08-13 22:41 Message: Logged In: YES user_id=176069 Some old BIOS's do not detect the larger floppy format that the LEAF distro's use. A BIOS update may or may not allow for the larger format and I do not know of a definate fix that works for this problem. You may need to reduce your LEAF disk to fit on a 1.44M formatted disk or use a different machine. Unfortunately this is the best advice I can give on this one. I hope it helps, ~Lynn -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=594097group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-599512 ] Weblet won't load from CD ROM
Support Requests item #599512, was opened at 2002-08-23 22:35 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=599512group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Weblet won't load from CD ROM Initial Comment: I'm having a problem loading the Weblet module from the CD-ROM. I've done a search in the archives, but have found anything quite like this... When I use an unaltered ISO file weblet loads fine. When I try adding a LRP to my lrpkg.cfg, the Weblet package will not load and I get repeating cdrom_decode_status errors. I have tired moving the postion of the weblet in my list and each time all the packages load until it gets to this one. If I take the weblet listing out, everything loads fine. Any ideas? -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 20:04 Message: Logged In: YES user_id=176069 It sounds as if there is a error in your syslinux.cfg file, a possible corrupted weblet, a conflict between the CD and floppy files, or something else I am not aware of. Due to the lack of response for an extended time, I am closing this request. If there is still an issue, please open a new request. ~Lynn -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=599512group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-609807 ] unable to browse internet thru client
Support Requests item #609807, was opened at 2002-09-16 02:23 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=609807group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: unable to browse internet thru client Initial Comment: i tried to save the text file as suggested but it only created garbage folders..so unable to include the files.. eth0 = 202.187.248.3 (public ip) am able to ping to the web from the router pc.. eth1 = 196.9.200.1 am able to ping this ip from a client pc.. but when i browse the internet from the client pc i will get error 404 file not found.. -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 20:12 Message: Logged In: YES user_id=176069 You have changed your private subnet and likely not changed it in all the required places; one of which is dnscache. You should make the proper modifications to all the proper places if you do NOT use the default subnet for the LAN side of the router. I am closing this request due to lack of response for an extended time. If this did not resolve the issue, please open a new request. -- Comment By: Matt Schalit (rogermatt) Date: 2002-09-20 14:40 Message: Logged In: YES user_id=144016 Try the commands: ip addr show /tmp/output echo /tmp/output ip route show /tmp/output mount -t msdos /dev/fd0u1680 /mnt cp /tmp/output /mnt umount /mnt Then remove the floppy and put it in a windows box that has access to the net, open the output file in wordpad and copy and paste the output into here so we can see your setup. Also tell us your LEAF flavor, version, if you're using the 196.9.200.0 network that belongs to Dimension Data in South Africa for a reason, what modifications you've done to your LEAF to make it work with that public network, and any relevant messages in your syslog. Regards, Matthew -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=609807group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-615630 ] FTP on Bering
Support Requests item #615630, was opened at 2002-09-27 14:07 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=615630group_id=13751 Category: Release/Branch: Bering Group: None Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: FTP on Bering Initial Comment: I recive this message on syslog when I try to connect to a FTP-server on my subnet; Sep 27 21:00:21 firewall kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= MAC=00:a0:24:4e:c5:e6:00:e0:18:53:6c:d8:08:00 SRC=192.168.1.3 DST=80.213.84.219 LEN=48 TOS=0x10 PREC=0x00 TTL=128 ID=26385 DF PROTO=TCP SPT=3964 DPT=21 WINDOW=16384 RES=0x00 SYN URGP=0 Shorewall rules look like this; DNATnet loc:192.168.1.200:21 tcp 21 I used to have a limited access to my server; then i used this rule DNAT net;external ip-adress loc:192.168.1.200:21 tcp 21 so - all i did, was to remove the external ip to allow everybody to access my ftp-server...now, nobody gets through.any ideas?? PS! thanx for u're support tom -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 20:13 Message: Logged In: YES user_id=176069 Based on the most recent comment on this support request, it is our understanding that this matter has been addressed. Should you require further assistance from LEAF project members, please submit a new support request. Thank you, leaf-project.org support -- Comment By: Nobody/Anonymous (nobody) Date: 2002-09-27 14:54 Message: Logged In: NO OK - thanx! -- Comment By: Tom Eastep (teastep) Date: 2002-09-27 14:16 Message: Logged In: YES user_id=6546 Please read FAQ #2 - http://www.shorewall.net/FAQ.htm#faq2 -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=615630group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-617946 ] Can't ping/connect to firewall
Support Requests item #617946, was opened at 2002-10-03 02:20 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=617946group_id=13751 Category: Release/Branch: Bering Group: None Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Can't ping/connect to firewall Initial Comment: Hi, I am new to Linux (six months), and am trying to setup a Linux Router using Bering_1.0- rc3_img_bering_1680.exe. I have followed the Bering Installation/Users Guide step-by-step to setup the router using mostly default settings where possible. My problem is that my local LAN (192.168.1.0/24) cannot ping and/or connect to the Bering/Shorewall firewall? The following is the configuration of my LAN at the moment: Win2000P Bering +---+ + + LAN2-| 192.168.72.74 | | eth0:65.95.176.193 |--- PPPoE/ADSL | | || | 192.168.1.10 |-xLink RJ45-| eth1:192.168.1.254 | | | || +---+ + + On the Bering LRP, I can ping (1) eth0, (2) eth1, and the Internet, except when I tried to ping loc:192.168.1.10, I receive the following message: PING 192.168.1.10 (192.168.1.10): 56 data bytes --- 192.168.1.10 ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss I think it is something to do with either (1) iptables or (2) shorewall. But I don't have the necessary knowledge to fix it. Other information: uname -a: Linux firewall 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002 i486 unknown ip addr show: 1: lo: LOOPBACK,UP mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: dummy0: BROADCAST,NOARP mtu 1500 qdisc noop link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 3: eth0: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:80:c8:35:c6:7b brd ff:ff:ff:ff:ff:ff 4: eth1: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:80:c8:93:ba:3a brd ff:ff:ff:ff:ff:ff inet 192.168.1.254/24 brd 192.168.1.255 scope global eth1 5: ppp0: POINTOPOINT,MULTICAST,NOARP,UP mtu 1492 qdisc pfifo_fast qlen 3 link/ppp inet 65.95.176.193 peer 65.95.176.1/32 scope global ppp0 ip route show: 65.95.176.1 dev ppp0 proto kernel scope link src 65.95.176.193 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254 default via 65.95.176.1 dev ppp0 iptables -L: Chain INPUT (policy DROP) target prot opt source destination ACCEPT ah -- anywhere anywhere ppp0_inah -- anywhere anywhere eth1_inah -- anywhere anywhere common ah -- anywhere anywhere LOGah -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:' reject ah -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU ppp0_fwd ah -- anywhere anywhere eth1_fwd ah -- anywhere anywhere common ah -- anywhere anywhere LOGah -- anywhere anywhere LOG level info prefix `Shorewall:FORWARD:REJECT:' reject ah -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT ah -- anywhere anywhere DROP icmp -- anywhere anywhere state INVALID ACCEPT icmp -- anywhere anywhere fw2net ah -- anywhere anywhere all2allah -- anywhere anywhere common ah -- anywhere anywhere LOGah -- anywhere anywhere LOG level info prefix `Shorewall:OUTPUT:REJECT:' reject ah -- anywhere anywhere Chain all2all (3 references) target prot opt source destination ACCEPT ah -- anywhere anywhere state RELATED,ESTABLISHED common ah -- anywhere anywhere LOGah -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:' reject ah -- anywhere anywhere Chain common (5 references) target prot opt source destination icmpdeficmp
[leaf-user] [ leaf-Support Requests-620235 ] CD image for WISP
Support Requests item #620235, was opened at 2002-10-08 08:54 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=620235group_id=13751 Category: None Group: None Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: CD image for WISP Initial Comment: Is there a bootable CD image for the WISP branch? Where can I find info on how to make such an image? It would make it much easier to experiment with it on simple PC boxes... Thanks -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 20:29 Message: Logged In: YES user_id=176069 I don't believe there have been any other requests for WISP, but your request has been duely noted. Sometime in the future a CD image may be available if someone develops one. Thanks for the suggestion. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=620235group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-624181 ] unable to insmod realtek module
Support Requests item #624181, was opened at 2002-10-16 11:17 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=624181group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: unable to insmod realtek module Initial Comment: I could not get the NIC with chipset rtl8139c to work under Linux LRP. It complained when I loaded the module 8139.o which I download from the LEAF site. Received following messages after invoking insmod rtl8139:- Using /lib/modules/rtl8139.o insmod: can't handle sections of type 1647181921 insmod: Could not load the module: No such file or directory The rtl8139.o does exist in /lib/modules. I have installed the RedHat 6.2 on the PC and it can recognize the realtek NIC. I will include their files for your viewing. Please email to [EMAIL PROTECTED] It is dougV V, not W -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 20:37 Message: Logged In: YES user_id=176069 You most likely didn't load pciscan.o first. I am closing this request due to lack of response, if there is still an issue please open a new request. -- Comment By: Li Tin Ove Weedle (litinoveweedle) Date: 2002-10-17 03:48 Message: Logged In: YES user_id=630836 You have to get rtl8139.o and place it to the /lib/modules There are two choices. First you will fing binary rtl8139.o compiled for your dachstein distribution (for proper kernel version) or you have to find rtl8139.c C source code file and kernel source files and compile module. You can succesfully use your RH to do this. like: You have to have kernel source codes for Dachstein or find out which version of kernel your dachstein LRP use and visit www.kernel.org to get same version kernel sources. Unpack to your RH to /usr/src/dachstein There should be source for rtl8139 (rtl8139.c) included in sources from kernel.org. (if you unpack it properly it should stay in /usr/src/dachstein/drivers/net ) If not visit www.scyld.com and search for net-drivers-3-1-1.gz unpack fing rtl8139.c and place it to /usr/src/dachstein/drivers/net . Then switch to that directory and compile modules by gcc -DMODULE -D__KERNEL__ -O6 -c rtl8139.c - I/usr/src/dachstein This produce rtl8139.o which you can test by INSMOD rtl8139.o (test on Dachstein) You can compile on any Linux distribution with gcc instaled, I did it on RH too Litin -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=624181group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-630851 ] Traffic shaping in Bering
Support Requests item #630851, was opened at 2002-10-29 20:28 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=630851group_id=13751 Category: Release/Branch: Bering Group: None Status: Closed Priority: 5 Submitted By: Ernest Fontes (ef11) Assigned to: Mike Noyes (mhnoyes) Summary: Traffic shaping in Bering Initial Comment: First let me express my amazement and gratitude to all the talented developers along the path to Bering 1.0-rc4. I love open source and the creativity it encourages. I've used Bering rc3 for several months now and love it. I've poured over the documentation and bootstrapped myself enough to add and remove packages and modules, etc. I've even added the lrpstat package to my router so I have mesmerizing stripcharts of traffic. A true lava lamp if I've ever seen one! The feature I now drool over is traffic shaping. I have a family of five and we're stuck sharing a dial-up modem. Sad, I know, but actually workable. To make it more workable I'd like to shape traffic so that I can start a long download, at low priority, so that it will yield whenever interactive traffic needs some space. I tried a tcstart file under shorewall in RC3 but dropped it after getting constant error messages. I was encouraged to see mention that the RC4 included a version of tc patched for htb (version 2) (section 12.11 in the Information on packages provided in the Bering...). So I dug right in and added tc.lrp to my router and then tried the first parts of T. Eastep's script. Still the same error messages: RTNETLINK: invalid argument I know I'm not giving much detail right now but before I spend more time on this I'd like to know if it can work and if I'm anywhere close to the correct path. Thanks in advance. Ernie -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 20:41 Message: Logged In: YES user_id=176069 Based on the most recent comment on this support request, it is our understanding that this matter has been addressed. Should you require further assistance from LEAF project members, please submit a new support request. Thank you, leaf-project.org support -- Comment By: Tom Eastep (teastep) Date: 2002-10-29 21:02 Message: Logged In: YES user_id=6546 Are you loading the appropriate kernel modules? I don't know how Jacques is building his rc4 kernel but I can envision you needing to load both sch_sfq and sch_htb. You may need more modules if the basic QoS capability is also modularized. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=630851group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-639240 ] internet sharing with 56k modem
Support Requests item #639240, was opened at 2002-11-15 22:38 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=639240group_id=13751 Category: Release/Branch: Oxygen Group: None Status: Closed Priority: 5 Submitted By: magic freeman (kiwispaniol) Assigned to: Mike Noyes (mhnoyes) Summary: internet sharing with 56k modem Initial Comment: Does LEAF (Oxygen) or others versions, supports internet sharing with Dialup (56kmodem) Cheers -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 20:43 Message: Logged In: YES user_id=176069 Yes it does, with the proper configuration and if your modem is supported by Linux/Oxygen. I am closing this request due to lack of response, please open a new one if there are still issues. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=639240group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-665799 ] Filtering bridge stopped working after upgrade to 2.4.20
Support Requests item #665799, was opened at 2003-01-10 09:26 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=665799group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Garrett Martin (garrettm) Assigned to: Mike Noyes (mhnoyes) Summary: Filtering bridge stopped working after upgrade to 2.4.20 Initial Comment: I have a Bering box with 3 3com 905ctx NIC eth0= monitoring only eth1 and eth2 are bridged I have been running the same config since RC2, and have upgraded to each RC and finally stable without a problem. Once the box was upgraded to 2.4.20 Kernel, modules, and IPTables (1.2.7a) the bridge would not filter anymore. The result is all traffic is allowed, and there is no logging or current connection information except on eth0. I have rolled back to Shorewall 1.3.10, thinking it might be a shorewall issue, but that didnt fix the problem. I rolled back to STABLE-1 and upgraded to shorewall 1.3.12 and everything works again, so I assume the problem is with the 2.4.20 kernel, 1.2.7a iptables, or bridge.o Any help is appreciated... Thanks in advance. -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 20:45 Message: Logged In: YES user_id=176069 I'll see if Jacques or one of the other Bering developers are aware of this. This should be resolved and appears to be a kernel issue. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=665799group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-597193 ] Commercial Support
Support Requests item #597193, was opened at 2002-08-19 10:15 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=597193group_id=13751 Category: Release/Branch: Bering Group: None Status: Closed Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Mike Noyes (mhnoyes) Summary: Commercial Support Initial Comment: What is the commercial support that the features document stated? (Noted below) Support Vast resources, and HOWTO's. Active mailing list. Commercial software support and hardware solutions available. Bobby -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 21:08 Message: Logged In: YES user_id=176069 ref. 1397 This has been corrected. Thank-you Mike. -- Comment By: Mike Noyes (mhnoyes) Date: 2002-08-19 10:35 Message: Logged In: YES user_id=39521 Interesting. We may want to remove the last sentence from docid 1397. However, we have links to hardware vendors, and some of our members offer consulting services. Maybe this change would be appropriate: Hardware solutions and consulting services are available. Opinions or suggestions are welcome. ref. docid 1379 http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/leaf/doc/docmanager/ hardware vendors http://leaf-project.org/links.php?op=viewlinkcid=8 -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=597193group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-668950 ] UML - Probs starting Bering
Support Requests item #668950, was opened at 2003-01-16 02:43 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=668950group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Mathias Leinmueller (mleinmueller) Assigned to: Jacques Nilo (jnilo) Summary: UML - Probs starting Bering Initial Comment: Hi, I am trying to run Bering in UML. UML itself works when I try it with root_woody_fs. When starting Bering (built according to http://leaf.sourceforge.net/devel/jnilo/uml05.html) I get the errors below. Could anybody give me a hint how to solve the problem? Thanks. Mat Linux version 2.4.19-5um ([EMAIL PROTECTED]) (gcc version 2.96 2731 (Red Hat Linux 7.1 2.96-81)) #2 Mon Sep 16 15:41:15 EDT 2002 On node 0 totalpages: 8192 zone(0): 8192 pages. zone(1): 0 pages. zone(2): 0 pages. Kernel command line: ubd0=Bering_fs initrd=initrd.lrp root=/dev/ram0 init=/linuxrc boot=/dev/ubd0:minix PKGPATH=/dev/ubd0 devfs=nomount LRP=root,etc,local,log,modules,shorwall Calibrating delay loop... 68.48 BogoMIPS Memory: 29788k available Dentry cache hash table entries: 4096 (order: 3, 32768 bytes) Inode cache hash table entries: 2048 (order: 2, 16384 bytes) Mount-cache hash table entries: 512 (order: 0, 4096 bytes) Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes) Page-cache hash table entries: 8192 (order: 3, 32768 bytes) Checking for host processor cmov support...No Checking for host processor xmm support...No Checking that ptrace can change system call numbers...OK Checking that host ptys support output SIGIO...No, enabling workaround Checking that host ptys support SIGIO on close...No, enabling workaround POSIX conformance testing by UNIFIX Linux NET4.0 for Linux 2.4 Based upon Swansea University Computer Society NET3.039 Initializing RT netlink socket Starting kswapd VFS: Diskquotas version dquot_6.4.0 initialized Journalled Block Device driver loaded devfs: v1.12a (20020514) Richard Gooch ([EMAIL PROTECTED]) devfs: boot_options: 0x0 Installing knfsd (copyright (C) 1996 [EMAIL PROTECTED]). pty: 256 Unix98 ptys configured RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize loop: loaded (max 8 devices) Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky SCSI subsystem driver Revision: 1.00 NET4: Linux TCP/IP 1.0 for NET4.0 IP Protocols: ICMP, UDP, TCP IP: routing cache hash table of 512 buckets, 4Kbytes TCP: Hash tables configured (established 2048 bind 2048) NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. Initializing software serial port version 1 mconsole (version 2) initialized on /root/.uml/YccNSi/mconsole Partition check: ubda: unknown partition table UML Audio Relay Initializing stdio console driver RAMDISK: Compressed image found at block 0 Freeing initrd memory: 401k freed FAT: bogus logical sector size 0 UMSDOS: msdos_read_super failed, mount aborted. FAT: bogus logical sector size 0 FAT: bogus logical sector size 0 Kernel panic: VFS: Unable to mount root fs on 01:00 -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=668950group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-665799 ] Filtering bridge stopped working after upgrade to 2.4.20
Support Requests item #665799, was opened at 2003-01-10 09:26 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=665799group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Garrett Martin (garrettm) Assigned to: Jacques Nilo (jnilo) Summary: Filtering bridge stopped working after upgrade to 2.4.20 Initial Comment: I have a Bering box with 3 3com 905ctx NIC eth0= monitoring only eth1 and eth2 are bridged I have been running the same config since RC2, and have upgraded to each RC and finally stable without a problem. Once the box was upgraded to 2.4.20 Kernel, modules, and IPTables (1.2.7a) the bridge would not filter anymore. The result is all traffic is allowed, and there is no logging or current connection information except on eth0. I have rolled back to Shorewall 1.3.10, thinking it might be a shorewall issue, but that didnt fix the problem. I rolled back to STABLE-1 and upgraded to shorewall 1.3.12 and everything works again, so I assume the problem is with the 2.4.20 kernel, 1.2.7a iptables, or bridge.o Any help is appreciated... Thanks in advance. -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-28 20:45 Message: Logged In: YES user_id=176069 I'll see if Jacques or one of the other Bering developers are aware of this. This should be resolved and appears to be a kernel issue. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=665799group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-675725 ] IPSEC error messages
Support Requests item #675725, was opened at 2003-01-27 16:05 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=675725group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: IPSEC error messages Initial Comment: I'm using the uclibc version of Bering (1.0.2) and am attempting to use ipsec. I've downloaded ipsec.o from http://leaf.sourceforge.net/devel/jnilo/bering/latest/module s/2.4.18/kernel/net/ipsec and placed it into the /lib/modules directory. I've modified /etc/modules to load the module on startup. When the system boots I receive three errors as follows: /sbin/ipsec: /lib/ipsec/eroute : not found /sbin/ipsec: /lib/ipsec/spi : not found /sbin/ipsec: /lib/ipsec/tncfg : not found Similar errors referring to the files /lib/ipsec/spi and /lib/ipsec/tncfg appear on shutdown. My copy of ipsec.lrp was downloaded from http://cvs.sourceforge.net/cgi- bin/viewcvs.cgi/leaf/bin/packages/uclibc/0_9_15/ipsec.lrp Is this the correct version to be used with the ipsec.o file I downloaded for the uclibc Bering release? I have verified the /sbin/ipsec binary is present and working. For example, /sbin/ipsec barf works perfectly. The binaries at /lib/ipsec appear to be the problem. For example, /lib/ipsec/eroute prints: /lib/ipsec/eroute: not found. I receive this error when I attempt to execute any of the three files mentioned in the error above. The files appear to be elf executables. Are there any specific libraries needed for these executables? I can only find a reference to mawk, which I've loaded by including in the LRP line within my syslinux.cfg file. Thanks, Bob -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=675725group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-675725 ] IPSEC error messages
Support Requests item #675725, was opened at 2003-01-27 15:05 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=675725group_id=13751 Category: packages Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: IPSEC error messages Initial Comment: I'm using the uclibc version of Bering (1.0.2) and am attempting to use ipsec. I've downloaded ipsec.o from http://leaf.sourceforge.net/devel/jnilo/bering/latest/module s/2.4.18/kernel/net/ipsec and placed it into the /lib/modules directory. I've modified /etc/modules to load the module on startup. When the system boots I receive three errors as follows: /sbin/ipsec: /lib/ipsec/eroute : not found /sbin/ipsec: /lib/ipsec/spi : not found /sbin/ipsec: /lib/ipsec/tncfg : not found Similar errors referring to the files /lib/ipsec/spi and /lib/ipsec/tncfg appear on shutdown. My copy of ipsec.lrp was downloaded from http://cvs.sourceforge.net/cgi- bin/viewcvs.cgi/leaf/bin/packages/uclibc/0_9_15/ipsec.lrp Is this the correct version to be used with the ipsec.o file I downloaded for the uclibc Bering release? I have verified the /sbin/ipsec binary is present and working. For example, /sbin/ipsec barf works perfectly. The binaries at /lib/ipsec appear to be the problem. For example, /lib/ipsec/eroute prints: /lib/ipsec/eroute: not found. I receive this error when I attempt to execute any of the three files mentioned in the error above. The files appear to be elf executables. Are there any specific libraries needed for these executables? I can only find a reference to mawk, which I've loaded by including in the LRP line within my syslinux.cfg file. Thanks, Bob -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-27 17:07 Message: Logged In: YES user_id=176069 Ipsec that you are using is compiled with glibc-2.0.7 instead of uClibcthus the lib errors. You can use an ipsec package if one is available in the uClibc cvs area of the LEAF site or compile your own with uClibc. There are many script changes to the ipsec package, so if you compile your own, you will probably want to change out the old libs with the freshly compiled ones. ~Lynn Avants -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=675725group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-669688 ] DHCP problems
Support Requests item #669688, was opened at 2003-01-17 05:24 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 Category: Release/Branch: Bering Group: None Status: Closed Priority: 5 Submitted By: Gerd Niemetz (gniemetz) Assigned to: Jacques Nilo (jnilo) Summary: DHCP problems Initial Comment: Hi! First i want to thank the bering-team for the great work they do! Now to the problem: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). The second question is not proper to the subject, but wouldn't it be nice to have a Wake On Lan feature? I found the ether-wake.c, which would do the thing, but i'm not able to compile it cause i have no suitable linux box. Could somebody do the job for me please? ;-) Any help would be appreciated! best regards, Gerd -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-27 17:10 Message: Logged In: YES user_id=176069 I believe the compiled dhcpcd package has resolved this problem, so I am closing the request. If there are still issues, please open a new request. -- Comment By: Jacques Nilo (jnilo) Date: 2003-01-17 16:18 Message: Logged In: YES user_id=150195 The two packages dhcpcd.lrp and etherw.lrp have been compiled and are available for download from the Bering packages download area: http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/ They are untested please report success/pb. Note that you dhcpcd is started by ifconfig. You must remove any version of pump or dhclient in order for ifconfig to cativate dhcpcd. Jacques -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-672881 ] Are multiple internal nets possible?
Support Requests item #672881, was opened at 2003-01-22 20:09 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=672881group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Closed Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Are multiple internal nets possible? Initial Comment: I'm configuring Dachstein for use as a firewall/VPN and it's working great, but I need to have two internal networks. I have the software recognizing all nics (eth0, eth1, eth2) and I can ping hosts behind any of the three interfaces. eth0 connects to the Internet, eth1 is connected to private net 10.1.0.0/24, and eth2 is connected to private net 10.2.0.0/24. Within the network config, how do I indicate there are two internal networks? The INTERN_IF, INTERN_IP, and INTERN_NET seem to only allow me to specify a single network. Thanks, Bob -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-27 17:09 Message: Logged In: YES user_id=176069 I am closing this request since no reply has been made. If there are still issues to resolve, please open a new request. -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-23 09:38 Message: Logged In: YES user_id=176069 The INTERN_NET is the option that you will want to declare both subnets in. A search of the leaf-user mailing-list archives provides: INTERN_NET=192.168.0.0/24 172.16.0.0/24 This work, but you will manually need to add the routes for the internal networks to talk to each other (if desired). -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=672881group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-672881 ] Are multiple internal nets possible?
Support Requests item #672881, was opened at 2003-01-22 20:09 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=672881group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Are multiple internal nets possible? Initial Comment: I'm configuring Dachstein for use as a firewall/VPN and it's working great, but I need to have two internal networks. I have the software recognizing all nics (eth0, eth1, eth2) and I can ping hosts behind any of the three interfaces. eth0 connects to the Internet, eth1 is connected to private net 10.1.0.0/24, and eth2 is connected to private net 10.2.0.0/24. Within the network config, how do I indicate there are two internal networks? The INTERN_IF, INTERN_IP, and INTERN_NET seem to only allow me to specify a single network. Thanks, Bob -- Comment By: Lynn Avants (guitarlynn) Date: 2003-01-23 09:38 Message: Logged In: YES user_id=176069 The INTERN_NET is the option that you will want to declare both subnets in. A search of the leaf-user mailing-list archives provides: INTERN_NET=192.168.0.0/24 172.16.0.0/24 This work, but you will manually need to add the routes for the internal networks to talk to each other (if desired). -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=672881group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-672881 ] Are multiple internal nets possible?
Support Requests item #672881, was opened at 2003-01-22 21:09 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=672881group_id=13751 Category: Release/Branch: Dachstein Group: None Status: Open Priority: 5 Submitted By: Bob Dushok (bdushok) Assigned to: Mike Noyes (mhnoyes) Summary: Are multiple internal nets possible? Initial Comment: I'm configuring Dachstein for use as a firewall/VPN and it's working great, but I need to have two internal networks. I have the software recognizing all nics (eth0, eth1, eth2) and I can ping hosts behind any of the three interfaces. eth0 connects to the Internet, eth1 is connected to private net 10.1.0.0/24, and eth2 is connected to private net 10.2.0.0/24. Within the network config, how do I indicate there are two internal networks? The INTERN_IF, INTERN_IP, and INTERN_NET seem to only allow me to specify a single network. Thanks, Bob -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=672881group_id=13751 --- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-669688 ] DHCP problems
Support Requests item #669688, was opened at 2003-01-17 11:24 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Gerd Niemetz (gniemetz) Assigned to: Mike Noyes (mhnoyes) Summary: DHCP problems Initial Comment: Hi! First i want to thank the bering-team for the great work they do! Now to the problem: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). The second question is not proper to the subject, but wouldn't it be nice to have a Wake On Lan feature? I found the ether-wake.c, which would do the thing, but i'm not able to compile it cause i have no suitable linux box. Could somebody do the job for me please? ;-) Any help would be appreciated! best regards, Gerd -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-669688 ] DHCP problems
Support Requests item #669688, was opened at 2003-01-17 11:24 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Gerd Niemetz (gniemetz) Assigned to: Jacques Nilo (jnilo) Summary: DHCP problems Initial Comment: Hi! First i want to thank the bering-team for the great work they do! Now to the problem: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). The second question is not proper to the subject, but wouldn't it be nice to have a Wake On Lan feature? I found the ether-wake.c, which would do the thing, but i'm not able to compile it cause i have no suitable linux box. Could somebody do the job for me please? ;-) Any help would be appreciated! best regards, Gerd -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 --- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-669688 ] DHCP problems
Support Requests item #669688, was opened at 2003-01-17 12:24 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Gerd Niemetz (gniemetz) Assigned to: Jacques Nilo (jnilo) Summary: DHCP problems Initial Comment: Hi! First i want to thank the bering-team for the great work they do! Now to the problem: I'm having a Samsung Cablemodem connected via a Accton-Ethernet card to my ISP and i'm not able to get an IP-Address via dhclient/pump, only when i use the dhcpcd package (older one, found it somewhere in the net :-)). The second question is not proper to the subject, but wouldn't it be nice to have a Wake On Lan feature? I found the ether-wake.c, which would do the thing, but i'm not able to compile it cause i have no suitable linux box. Could somebody do the job for me please? ;-) Any help would be appreciated! best regards, Gerd -- Comment By: Jacques Nilo (jnilo) Date: 2003-01-17 23:18 Message: Logged In: YES user_id=150195 The two packages dhcpcd.lrp and etherw.lrp have been compiled and are available for download from the Bering packages download area: http://leaf.sourceforge.net/devel/jnilo/bering/latest/packages/ They are untested please report success/pb. Note that you dhcpcd is started by ifconfig. You must remove any version of pump or dhclient in order for ifconfig to cativate dhcpcd. Jacques -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=669688group_id=13751 --- This SF.NET email is sponsored by: Thawte.com - A 128-bit supercerts will allow you to extend the highest allowed 128 bit encryption to all your clients even if they use browsers that are limited to 40 bit encryption. Get a guide here:http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0030en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-668950 ] UML - Probs starting Bering
Support Requests item #668950, was opened at 2003-01-16 09:43 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=668950group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Mathias Leinmueller (mleinmueller) Assigned to: Mike Noyes (mhnoyes) Summary: UML - Probs starting Bering Initial Comment: Hi, I am trying to run Bering in UML. UML itself works when I try it with root_woody_fs. When starting Bering (built according to http://leaf.sourceforge.net/devel/jnilo/uml05.html) I get the errors below. Could anybody give me a hint how to solve the problem? Thanks. Mat Linux version 2.4.19-5um ([EMAIL PROTECTED]) (gcc version 2.96 2731 (Red Hat Linux 7.1 2.96-81)) #2 Mon Sep 16 15:41:15 EDT 2002 On node 0 totalpages: 8192 zone(0): 8192 pages. zone(1): 0 pages. zone(2): 0 pages. Kernel command line: ubd0=Bering_fs initrd=initrd.lrp root=/dev/ram0 init=/linuxrc boot=/dev/ubd0:minix PKGPATH=/dev/ubd0 devfs=nomount LRP=root,etc,local,log,modules,shorwall Calibrating delay loop... 68.48 BogoMIPS Memory: 29788k available Dentry cache hash table entries: 4096 (order: 3, 32768 bytes) Inode cache hash table entries: 2048 (order: 2, 16384 bytes) Mount-cache hash table entries: 512 (order: 0, 4096 bytes) Buffer-cache hash table entries: 1024 (order: 0, 4096 bytes) Page-cache hash table entries: 8192 (order: 3, 32768 bytes) Checking for host processor cmov support...No Checking for host processor xmm support...No Checking that ptrace can change system call numbers...OK Checking that host ptys support output SIGIO...No, enabling workaround Checking that host ptys support SIGIO on close...No, enabling workaround POSIX conformance testing by UNIFIX Linux NET4.0 for Linux 2.4 Based upon Swansea University Computer Society NET3.039 Initializing RT netlink socket Starting kswapd VFS: Diskquotas version dquot_6.4.0 initialized Journalled Block Device driver loaded devfs: v1.12a (20020514) Richard Gooch ([EMAIL PROTECTED]) devfs: boot_options: 0x0 Installing knfsd (copyright (C) 1996 [EMAIL PROTECTED]). pty: 256 Unix98 ptys configured RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize loop: loaded (max 8 devices) Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky SCSI subsystem driver Revision: 1.00 NET4: Linux TCP/IP 1.0 for NET4.0 IP Protocols: ICMP, UDP, TCP IP: routing cache hash table of 512 buckets, 4Kbytes TCP: Hash tables configured (established 2048 bind 2048) NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. Initializing software serial port version 1 mconsole (version 2) initialized on /root/.uml/YccNSi/mconsole Partition check: ubda: unknown partition table UML Audio Relay Initializing stdio console driver RAMDISK: Compressed image found at block 0 Freeing initrd memory: 401k freed FAT: bogus logical sector size 0 UMSDOS: msdos_read_super failed, mount aborted. FAT: bogus logical sector size 0 FAT: bogus logical sector size 0 Kernel panic: VFS: Unable to mount root fs on 01:00 -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=668950group_id=13751 --- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] [ leaf-Support Requests-665799 ] Filtering bridge stopped working after upgrade to 2.4.20
Support Requests item #665799, was opened at 2003-01-10 10:26 You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=665799group_id=13751 Category: Release/Branch: Bering Group: None Status: Open Priority: 5 Submitted By: Garrett Martin (garrettm) Assigned to: Mike Noyes (mhnoyes) Summary: Filtering bridge stopped working after upgrade to 2.4.20 Initial Comment: I have a Bering box with 3 3com 905ctx NIC eth0= monitoring only eth1 and eth2 are bridged I have been running the same config since RC2, and have upgraded to each RC and finally stable without a problem. Once the box was upgraded to 2.4.20 Kernel, modules, and IPTables (1.2.7a) the bridge would not filter anymore. The result is all traffic is allowed, and there is no logging or current connection information except on eth0. I have rolled back to Shorewall 1.3.10, thinking it might be a shorewall issue, but that didnt fix the problem. I rolled back to STABLE-1 and upgraded to shorewall 1.3.12 and everything works again, so I assume the problem is with the 2.4.20 kernel, 1.2.7a iptables, or bridge.o Any help is appreciated... Thanks in advance. -- You can respond by visiting: https://sourceforge.net/tracker/?func=detailatid=213751aid=665799group_id=13751 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html