AW: [leaf-user] Bering NAT Traversal stuff
Craig, Thank you Alex for your input! Do I need to do a kernel recompile and stuff like that (it seems like I do), or do I simply download your kernel, the new IPSec.lrp package, necessary modules...and then substitute those in place on my current working Bering CD? Thank you! You should be able to use the kernel, modules and ipsec.lrp on my page without a recompile. Don't forget to replace all modules in /boot/lib/modules (initrd.lrp) and /lib/modules (modules.lrp). The LEAF construction kit on my page would do that for you :-) If you want to compile your own kernel, you might find my description useful Cheers Alex --- This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
AW: [leaf-user] Bering NAT Traversal stuff
Alex - One final question: Is there a .lrp package for the Super FreeS/WAN, or is it compiled within the kernel on your site? Is all I need to do what you mention, You should be able to use the kernel, modules and ipsec.lrp on my page without a recompile. Don't forget to replace all modules in /boot/lib/modules (initrd.lrp) and /lib/modules (modules.lrp).??? For Super-FreeS/WAN, you need the kernel, the ipsec.lrp package and the modules, but not more. I might eventually rename the package and call it sfsipsec.lrp or something like that (I hate 8.3 filenames) - Alex --- This SF.net email is sponsored by: Tablet PC. Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
AW: [leaf-user] Bering NAT Traversal stuff
1.) Do I understand it correctly that the latest Bering(s)(Bering-uClibc Bering) both support NAT traversal? I'm a little confused because of the earlier post entitled Bering 1.1 and NAT-Traversal that referred to Alex Rhomberg's LEAF Page at http://leaf-project.org/mod.php?mod=userpagemenu=1402page_id=49 seemed to suggest you might need to do something different if you wanted your Bering box to support traversal. Bering 1.1 should support NAT traversal, but there still seem to be some problems. I use my own kernel available on the page you referenced, and I have tested it successfully with NAT traversal, plus it includes some more stuff (ipsec algorithm patches and some netfilter things) 2.) Is it difficult (or even possible) to connect to a box behind Bering using IPSec? (I have a Windows 2000 Server on my LAN that I would like to securely connect to.) I see that Jacques says NAT-Traversal patch allows FreeS/WAN to be used behind any NAT device by encapsulating ESP in UDP., That's the point of IPSec, secure connections to boxes behind firewalls. NAT Traversal is needed for this setup: Server --- Bering --- Internet --- NAT-box --- IPSec Client If your IPSec Client uses a public IP address, you don't need nat traversal. It doesn't matter if your Bering box does NAT for your server, as through the tunnel, you will address the server by its private address without NAT - Alex --- This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html