RE: [leaf-user] IPSec doesn't found public interface - RESOLVED -

2002-08-19 Thread Francois BERGERET 

Hi Chad,

Thanks for your corrected /usr/lib/ipsec/_startklips file.
It is ok now.

But I have another error, may be a bad parameter in my IPSec config files.

I have not the time this days to check it more...
I will start another request thread whan I will seen what is the problem.

Thanks for your efforts.

Best Regards,
Francois BERGERET,
France.


Chad Carr  [EMAIL PROTECTED]


# BEGIN /usr/lib/ipsec/_startklips #
#!/bin/sh
# KLIPS startup script
# Copyright (C) 1998, 1999, 2001, 2002  Henry Spencer.
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See .
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# RCSID $Id: _startklips,v 1.6.2.6 2002/06/21 05:05:01 mcr Exp $

... SNIP SNIP SNIP ...


---
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

RE: [leaf-user] IPSec doesn't found public interface

2002-08-11 Thread François BERGERET 

Hi again Dear Chad,

Thanks for your effort for servicing Bering distro.

I am very found of it, and all of you who works on this project are
very gentlemen and your quick replies welcome ! Thanks for sharing.
Very, very cool !

I use a windows box for Internet mailing, and I have some doubt if
I do a simple copy/paste with your text script to feel the
/usr/lib/ipsec/_startklips file with an intermediate relay floppy
for transfert from windows box to Bearing box...

Is it possible for you to send me the complete file as attachment ?
I will copy it directly on the floppy without change anything in it.

Thanks again.
Best Regards,
Francois BERGERET,
France.


-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]De la part de Chad Carr
Envoye : dimanche 11 aout 2002 16:47
A : [EMAIL PROTECTED]; [EMAIL PROTECTED]
Objet : Re: [leaf-user] IPSec doesn't found public interface


On Sun, 11 Aug 2002 13:47:20 +0200
"Francois BERGERET" <[EMAIL PROTECTED]> wrote:

> Hi Chad,
>
> Thanks to spend your time to help me (and others).
>
> I have understood that you have trieve a bug in the IPSec package,
> but I don't know how correct it by myself, due to my lack of competence
> with Linux.
>
> I have tempted an idiot editing with ae without success, of course.
>
> How can I proceed ?
>
> Could you, please, correct this bug for me (and the community) and
> post the file to replace ?

Sorry about that.  Attached inline below.  Please excuse the bug.  It will
be fixed in the next release.

> After this bug correction, how can I start correctly IPSec tunnels
> between my two boxes ? As described by Jacques Nilo's user manual ?

Yes.  The users manual has a section on ipsec.  If you have additional
questions, please post to the list.

http://leaf.sourceforge.net/devel/jnilo/buipsec.html

--

Chad Carr  [EMAIL PROTECTED]


# BEGIN /usr/lib/ipsec/_startklips #

...SNIP SNIP SNIP...




---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Re: [leaf-user] IPSec doesn't found public interface

2002-08-11 Thread Chad Carr 

On Sun, 11 Aug 2002 13:47:20 +0200
"Francois BERGERET" <[EMAIL PROTECTED]> wrote:

> Hi Chad,
> 
> Thanks to spend your time to help me (and others).
> 
> I have understood that you have trieve a bug in the IPSec package,
> but I don't know how correct it by myself, due to my lack of competence
> with Linux.
> 
> I have tempted an idiot editing with ae without success, of course.
> 
> How can I proceed ?
> 
> Could you, please, correct this bug for me (and the community) and
> post the file to replace ?

Sorry about that.  Attached inline below.  Please excuse the bug.  It will be fixed in 
the next release.

> After this bug correction, how can I start correctly IPSec tunnels
> between my two boxes ? As described by Jacques Nilo's user manual ?

Yes.  The users manual has a section on ipsec.  If you have additional questions, 
please post to the list.

http://leaf.sourceforge.net/devel/jnilo/buipsec.html

-- 

Chad Carr  [EMAIL PROTECTED]


# BEGIN /usr/lib/ipsec/_startklips #
#!/bin/sh
# KLIPS startup script
# Copyright (C) 1998, 1999, 2001, 2002  Henry Spencer.
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See .
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
# RCSID $Id: _startklips,v 1.6.2.6 2002/06/21 05:05:01 mcr Exp $

me='ipsec _startklips'  # for messages

# KLIPS-related paths
sysflags=/proc/sys/net/ipsec
modules=/proc/modules
# full rp_filter path is $rpfilter1/interface/$rpfilter2
rpfilter1=/proc/sys/net/ipv4/conf
rpfilter2=rp_filter
ipsecversion=/proc/net/ipsec_version
moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec
bareversion=`uname -r | sed -e 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9-]*\).*/\1.\2.\3/'`
moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec
modulename=ipsec.o

info=/dev/null
log=daemon.error
for dummy
do
case "$1" in
--log)  log="$2" ; shift;;
--info) info="$2" ; shift   ;;
--debug)debug="$2" ; shift  ;;
--omtu) omtu="$2" ; shift   ;;
--fragicmp) fragicmp="$2" ; shift   ;;
--hidetos)  hidetos="$2" ; shift;;
--default)  packetdefault="$2" ; shift  ;;
--) shift ; break   ;;
-*) echo "$me: unknown option \`$1'" >&2 ; exit 2   ;;
*)  break   ;;
esac
shift
done



# some shell functions, to clarify the actual code

# set up a system flag based on a variable
# sysflag value shortname default flagname
sysflag() {
case "$1" in
'') v="$3"  ;;
*)  v="$1"  ;;
esac
if test ! -f $sysflags/$4
then
if test " $v" != " $3"
then
echo "cannot do $2=$v, $sysflags/$4 does not exist"
exit 1
else
return  # can't set, but it's the default anyway
fi
fi
case "$v" in
yes|no) ;;
*)  echo "unknown (not yes/no) $2 value \`$1'"
exit 1
;;
esac
case "$v" in
yes)echo 1 >$sysflags/$4;;
no) echo 0 >$sysflags/$4;;
esac
}

# set up a Klips interface
klipsinterface() {
# pull apart the interface spec
# 
#   virt=`expr $1 : '\([^=]*\)=.*'`
#   phys=`expr $1 : '[^=]*=\(.*\)'`
virt=`echo $1 | sed 's/=.*//g'`
phys=`echo $1 | sed 's/[^=]*=//g'`
# 
case "$virt" in
ipsec[0-9]) ;;
*)  echo "invalid interface \`$virt' in \`$1'" ; exit 1 ;;
esac
# figure out ifconfig for interface
addr=
#
#   eval `ifconfig $phys |
#   awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
#   gsub(/:/, " ", $0)
#   print "addr=" $3
#   other = $5
#   if ($4 == "Bcast")
#   print "type=broadcast"
#   else if ($4 == "P-t-P")
#   print "type=pointopoint"
eval `ip addr show $phys |
awk '$1 == "inet" {
print "addr=" $2
other = $4
if ($3 == "brd")
print "type=broadcast"
else if ($3 == "peer")

RE: [leaf-user] IPSec doesn't found public interface

2002-08-09 Thread François BERGERET 

Thanks Erich and others, my CD problem is resolved now !
And, I don't know what !

I have probably modify something in one file, may be isolinux, that
previously stroked my CD capacity...

It is realy possible to overload the superfloppy, a contrario my
previous e-mails. I apologyze myself to have left a doubt about this.
This is due to my lack of knowledge about linux and ISO image.

But, I have not be able to start correctly my Bering with IPSec.
Always Pluto saying not found public interface (with a dynamic IP),
and IPSec stoped each time.

I have tested this :

ipsec tncfg --attach --virtual ipsec0 --physical ppp0

and this have changed  ipsec tncfg by aparently linking IPSec to PPP0,
and if I ping PCs to other side of my tunnel, activity is seen at my
ADSL modem output.

But, if I type :

ipsec setup --restart, nothing seems occur and I have the same error
messages as Bering starting : no public interface founded.

I plan to connect an IP traffic analyser to see what is outgoing...

Some ideas ?

Best Regards to all readers,
François BERGERET,
France.

-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]De la part de Erich Titl
Envoyé : lundi 5 août 2002 23:38
À : [EMAIL PROTECTED]
Objet : RE: [leaf-user] IPSec doesn't found public interface


Salut François

François BERGERET wrote the following at 23:15 05.08.2002:
>Hi Chad !
>
>Thanks in advance for your wondefull job.
>
>Is it possible to modify your actual cd image to increase the capacity
>that is only superfloppy image and no a 'normal' hard disk image ?
>
>I don't know how to insert IPSec in my actual CD because my requirements
>increase Bering floppy to more than 2 Mega Bytes and do the CD bugging at
>boot. So, I am waiting for a solution and, during this time, I use
>external supplementary modules and packages for IPSec loaded from the floppy.
>But I could prefer to have all the distro on the CD, of course...
>CD is more reliable !

Do you use isolinux or syslinux to boot your CD?Isolinux is not limited to
any floppy size.

regards

Erich

THINK
Püntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024  8D8A B7D4 FF9D 05B8 0A16



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] IPSec doesn't found public interface

2002-08-03 Thread Francois BERGERET 

Hi all folks,

Always turning around IPSec on my Bering rc3...
My two similar boxes have a lot of miles far from themselves and not realy 
time to check often.

It seems that Pluto doesn't "sniff" my public interface, see bellow :

...SNIP...
Aug 3 14:18:53 firewall root: Shorewall Started
Aug 3 14:18:54 firewall ipsec_setup: Starting FreeS/WAN IPsec 1.97...
Aug 3 14:18:54 firewall ipsec_setup: Using /lib/modules/ipsec.o
Aug 3 14:18:54 firewall ipsec_setup: unable to determine address of `ppp0'
Aug 3 14:18:54 firewall ipsec_setup: ...FreeS/WAN IPsec started
Aug 3 14:18:54 firewall /usr/sbin/cron[3400]: (CRON) INFO (pidfile fd = 3)
Aug 3 14:18:54 firewall /usr/sbin/cron[1734]: (CRON) STARTUP (fork ok)
Aug 3 14:18:54 firewall ipsec__plutorun: 003 no public interfaces found
Aug 3 14:18:54 firewall ipsec__plutorun: 022 "savigny-paris": we have no ipsecN 
interface for either end of this connection
Aug 3 14:18:54 firewall ipsec__plutorun: ...could not route conn "savigny-paris"
Aug 3 14:18:54 firewall ipsec__plutorun: 022 "savigny-paris": we have no ipsecN 
interface for either end of this connection
Aug 3 14:18:54 firewall ipsec__plutorun: ...could not start conn "savigny-paris"
...SNIPT...

In what case this could be happen ?
I have described from interfaces=%default the first time to interfaces="ipsec0=ppp0",
then interfaces="ipsec0=eth0 ipsec1=ppp0" because this was no good and no more success 
!

I think have done all that it is described in the Bering user's manual.

If I take a look at ipsec tncfg, I can see no link between ipsec's and interfaces.
I attach manualy ipsec0 to ppp0 nothing more, then ipsec0 to eth0 and ipsec1 to ppp0, 
no more...

Somebody could be send a copy of his running settings in ipsec and shorewall or other 
important 
files for tunneling ?
I have read all papers founded on the net, from all LEAF distros family and I have not
noticed what I can miss...

Thanks for all suggestion or idea.

Best Regards,
Francois BERGERET / France


---
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html