RE: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?
Wonderful! Thank you! :) On Thu, 2005-06-09 at 16:01, Mike Noyes wrote: On Fri, 2005-04-29 at 11:51, Calvin Webster wrote: It would sure be nice to have a single source for the docs, since there are so many of them. Calvin, I hope to do that when I upgrade our docbook build script. XIncludes are the key, and all the documents in doc should end up in a single browse-able entity. http://leaf-project.org/doc/ Note: our FAQs will end up in a phpWebSite wiki. --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?
On Fri, 2005-04-29 at 11:51, Calvin Webster wrote: It would sure be nice to have a single source for the docs, since there are so many of them. Calvin, I hope to do that when I upgrade our docbook build script. XIncludes are the key, and all the documents in doc should end up in a single browse-able entity. http://leaf-project.org/doc/ Note: our FAQs will end up in a phpWebSite wiki. -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: leaf, phpwebsite, phpwebsite-comm, sitedocs --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?
Thanks Mike. However I'm working on a RHL9 workstation and it doesn't have much in the way of XML handling tools, at least not using the latest DTD's and libs. I tried using the xsltproc installed but I'm getting tag mismatch and balance errors. I'll just muddle through with what I have and post questions for what I don't for now. My focus right now is in getting this network runningn in virtual space so I can finish modeling it. --Cal On Sun, 2005-05-22 at 15:24, Mike Noyes wrote: On Fri, 2005-04-29 at 09:51, Calvin Webster wrote: I need to get local copies of all the documentation for Bering-uClibc and all its packages, especially for OpenSwan which is what's contained in the Bering-uClibc IPSEC package (ipsec.lrp). First, I cannot find a complete documentation package in any form for Bering-uClibc. There is a link to a PDF file supposedly containing the LEAF Guide Collection, but it is dead. I'd really like to get the HTML version, but a comprehensive PDF would be okay. Calvin, PDF generation was disabled. FOP was eating to many resources on the SF shell. All of our documentation is in cvs in docbook xml format. You can build pdf or any other target using the xslt tool-chain of your choice. Note: I'm evaluating local pdf build options for publishing on our SF shell space. LEAF Guides (DocBook XML) http://cvs.sourceforge.net/viewcvs.py/leaf/doc/guide DocBook Wiki http://wiki.docbook.org/ --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?
On Fri, 2005-04-29 at 09:51, Calvin Webster wrote: I need to get local copies of all the documentation for Bering-uClibc and all its packages, especially for OpenSwan which is what's contained in the Bering-uClibc IPSEC package (ipsec.lrp). First, I cannot find a complete documentation package in any form for Bering-uClibc. There is a link to a PDF file supposedly containing the LEAF Guide Collection, but it is dead. I'd really like to get the HTML version, but a comprehensive PDF would be okay. Calvin, PDF generation was disabled. FOP was eating to many resources on the SF shell. All of our documentation is in cvs in docbook xml format. You can build pdf or any other target using the xslt tool-chain of your choice. Note: I'm evaluating local pdf build options for publishing on our SF shell space. LEAF Guides (DocBook XML) http://cvs.sourceforge.net/viewcvs.py/leaf/doc/guide DocBook Wiki http://wiki.docbook.org/ -- Mike Noyes mhnoyes at users.sourceforge.net http://sourceforge.net/users/mhnoyes/ SF.net Projects: leaf, phpwebsite, phpwebsite-comm, sitedocs --- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412alloc_id=16344op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?
Hello, The documentation for freeswan/*swan (any that you may find on the net) leaves much to be desired. And that is putting it mildly according to some. There is lots of information, but typically hard follow. One problem that I have is not being able to understand how it routes/desides to route traffic. I actually gave up learning this part with out first trying. Instead, I setup GRE tunnels and use kernel routing and now zebra/ospfd for load balancing and failover. So far this is working super. But I am still testing. Anyway, try here: http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/index.html Looks the same but more organized: http://www.linuxsecurity.com/resource_files/cryptography/FreeSWAN-HOWTO/HowTo.html The man pages: http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/manpage.d/ Download and untar openswan-1.0.9.tar.gz and read the READMES and CHANGES docs. I find them useful: http://cvs.sourceforge.net/viewcvs.py/leaf/src/bering-uclibc/apps/openswan/ More links: http://www.av8n.com/vpn/ipsec+routing.htm My two biggest hurdles were: a) learning through trial and error instead of instructions, b) figuring out how to manage multiple *swan installations (sooner or later you will have to start scripting). Now, since we're on the subject, does any one know the specs for using the ipsec_null.o module? Despite hours of searching, I still can't figure this out. __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?
Calvin Webster wrote: Second, the IPSEC documentation on the Shorewall site all refers to FreeSwan which does not match the contents of ipsec.lrp. The proliferation of Swan species has been an absurd spectacle to observe to be sure but from the point of view of Shorewall, there are only two kinds of IPSEC: A) Kernel 2.4 using *Swan. B) Kernel 2.6 using any configuration manager/IKE daemon combination. This includes 2.4 systems running the backported 2.6 Native IPSEC code. Given that Bering* only runs on the 2.4 kernel and to my knowledge does not include the backport of the Kernel 2.6 Native IPSEC code, you want the Kernel 2.4 docs (http://shorewall.net/IPSEC.htm) regardless of what color your Swans are. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?
On Fri, 2005-04-29 at 13:16, Tom Eastep wrote: Calvin Webster wrote: Second, the IPSEC documentation on the Shorewall site all refers to FreeSwan which does not match the contents of ipsec.lrp. ... Given that Bering* only runs on the 2.4 kernel and to my knowledge does not include the backport of the Kernel 2.6 Native IPSEC code, you want the Kernel 2.4 docs (http://shorewall.net/IPSEC.htm) regardless of what color your Swans are. -Tom Thanks Tom. I've been referencing that page already. It's great for the configuration items. What about initial IPSEC setup, though (i.e. generating keys, etc.). That's supposed to be in the *Swan docs that are missing. What is everyone else using? Am I the only one trying to survive on pre-built packages? --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?
Calvin Webster wrote: Thanks Tom. I've been referencing that page already. It's great for the configuration items. What about initial IPSEC setup, though (i.e. generating keys, etc.). That's supposed to be in the *Swan docs that are missing. What is everyone else using? Am I the only one trying to survive on pre-built packages? Can't answer that, I'm afraid -- I haven't run *Swan in years. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?
Calvin Webster wrote: -Tom/ Can I ask what you are using for IPSEC, then? It might be better for me than flying blind. I'm using the 2.6 kernel under Debian/Sarge with ipsec-tools/racoon -- not an option with Bering. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?
Given that Bering* only runs on the 2.4 kernel and to my knowledge does not include the backport of the Kernel 2.6 Native IPSEC code, you want the Kernel 2.4 docs (http://shorewall.net/IPSEC.htm) regardless of what color your Swans are. -Tom Thanks Tom. I've been referencing that page already. It's great for the configuration items. What about initial IPSEC setup, though (i.e. generating keys, etc.). That's supposed to be in the *Swan docs that are missing. What is everyone else using? Am I the only one trying to survive on pre-built packages? http://leaf.sourceforge.net/doc/guide/buipsec.html Jacques's documentation is still relevant and nice :). Bering-uClibC is basically bering that's more up to date with a smaller compiler. P --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] Bering-uClibc Docs and IPSEC: FreeSwan or OpenSwan?
On Fri, 2005-04-29 at 14:06, Peter Mueller wrote: Given that Bering* only runs on the 2.4 kernel and to my knowledge does not include the backport of the Kernel 2.6 Native IPSEC code, you want the Kernel 2.4 docs (http://shorewall.net/IPSEC.htm) regardless of what color your Swans are. -Tom Thanks Tom. I've been referencing that page already. It's great for the configuration items. What about initial IPSEC setup, though (i.e. generating keys, etc.). That's supposed to be in the *Swan docs that are missing. What is everyone else using? Am I the only one trying to survive on pre-built packages? http://leaf.sourceforge.net/doc/guide/buipsec.html Jacques's documentation is still relevant and nice :). Bering-uClibC is basically bering that's more up to date with a smaller compiler. P Thank you Peter! I keep forgetting about going back to the Bering docs. Even though often I have to extrapolate for Bering-uClibc, it's better than no docs. You should see my desktop right now. I've got 4 Firefox browsers with 8 or more tabs in each, along with several terminal windows for mounted LEAF images, running QEMU sessions, gedit, mail and whatnot. It would sure be nice to have a single source for the docs, since there are so many of them. --- This SF.Net email is sponsored by: NEC IT Guy Games. Get your fingers limbered up and give it your best shot. 4 great events, 4 opportunities to win big! Highest score wins.NEC IT Guy Games. Play to win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20 leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html