RE: [leaf-user] IPSec doesn't found public interface - RESOLVED -
Hi Chad, Thanks for your corrected /usr/lib/ipsec/_startklips file. It is ok now. But I have another error, may be a bad parameter in my IPSec config files. I have not the time this days to check it more... I will start another request thread whan I will seen what is the problem. Thanks for your efforts. Best Regards, Francois BERGERET, France. Chad Carr [EMAIL PROTECTED] # BEGIN /usr/lib/ipsec/_startklips # #!/bin/sh # KLIPS startup script # Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer. # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See http://www.fsf.org/copyleft/gpl.txt. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: _startklips,v 1.6.2.6 2002/06/21 05:05:01 mcr Exp $ ... SNIP SNIP SNIP ... --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSec doesn't found public interface
On Sun, 11 Aug 2002 13:47:20 +0200 Francois BERGERET [EMAIL PROTECTED] wrote: Hi Chad, Thanks to spend your time to help me (and others). I have understood that you have trieve a bug in the IPSec package, but I don't know how correct it by myself, due to my lack of competence with Linux. I have tempted an idiot editing with ae without success, of course. How can I proceed ? Could you, please, correct this bug for me (and the community) and post the file to replace ? Sorry about that. Attached inline below. Please excuse the bug. It will be fixed in the next release. After this bug correction, how can I start correctly IPSec tunnels between my two boxes ? As described by Jacques Nilo's user manual ? Yes. The users manual has a section on ipsec. If you have additional questions, please post to the list. http://leaf.sourceforge.net/devel/jnilo/buipsec.html -- Chad Carr [EMAIL PROTECTED] # BEGIN /usr/lib/ipsec/_startklips # #!/bin/sh # KLIPS startup script # Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer. # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See http://www.fsf.org/copyleft/gpl.txt. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: _startklips,v 1.6.2.6 2002/06/21 05:05:01 mcr Exp $ me='ipsec _startklips' # for messages # KLIPS-related paths sysflags=/proc/sys/net/ipsec modules=/proc/modules # full rp_filter path is $rpfilter1/interface/$rpfilter2 rpfilter1=/proc/sys/net/ipv4/conf rpfilter2=rp_filter ipsecversion=/proc/net/ipsec_version moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec bareversion=`uname -r | sed -e 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9-]*\).*/\1.\2.\3/'` moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec modulename=ipsec.o info=/dev/null log=daemon.error for dummy do case $1 in --log) log=$2 ; shift;; --info) info=$2 ; shift ;; --debug)debug=$2 ; shift ;; --omtu) omtu=$2 ; shift ;; --fragicmp) fragicmp=$2 ; shift ;; --hidetos) hidetos=$2 ; shift;; --default) packetdefault=$2 ; shift ;; --) shift ; break ;; -*) echo $me: unknown option \`$1' 2 ; exit 2 ;; *) break ;; esac shift done # some shell functions, to clarify the actual code # set up a system flag based on a variable # sysflag value shortname default flagname sysflag() { case $1 in '') v=$3 ;; *) v=$1 ;; esac if test ! -f $sysflags/$4 then if test $v != $3 then echo cannot do $2=$v, $sysflags/$4 does not exist exit 1 else return # can't set, but it's the default anyway fi fi case $v in yes|no) ;; *) echo unknown (not yes/no) $2 value \`$1' exit 1 ;; esac case $v in yes)echo 1 $sysflags/$4;; no) echo 0 $sysflags/$4;; esac } # set up a Klips interface klipsinterface() { # pull apart the interface spec # Bering # virt=`expr $1 : '\([^=]*\)=.*'` # phys=`expr $1 : '[^=]*=\(.*\)'` virt=`echo $1 | sed 's/=.*//g'` phys=`echo $1 | sed 's/[^=]*=//g'` # /Bering case $virt in ipsec[0-9]) ;; *) echo invalid interface \`$virt' in \`$1' ; exit 1 ;; esac # figure out ifconfig for interface addr= #Bering # eval `ifconfig $phys | # awk '$1 == inet $2 ~ /^addr:/ $NF ~ /^Mask:/ { # gsub(/:/, , $0) # print addr= $3 # other = $5 # if ($4 == Bcast) # print type=broadcast # else if ($4 == P-t-P) # print type=pointopoint eval `ip addr show $phys | awk '$1 == inet { print addr= $2 other = $4 if ($3 == brd) print type=broadcast else if ($3 == peer) print type=pointopoint else if (NF
RE: [leaf-user] IPSec doesn't found public interface
Hi again Dear Chad, Thanks for your effort for servicing Bering distro. I am very found of it, and all of you who works on this project are very gentlemen and your quick replies welcome ! Thanks for sharing. Very, very cool ! I use a windows box for Internet mailing, and I have some doubt if I do a simple copy/paste with your text script to feel the /usr/lib/ipsec/_startklips file with an intermediate relay floppy for transfert from windows box to Bearing box... Is it possible for you to send me the complete file as attachment ? I will copy it directly on the floppy without change anything in it. Thanks again. Best Regards, Francois BERGERET, France. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]De la part de Chad Carr Envoye : dimanche 11 aout 2002 16:47 A : [EMAIL PROTECTED]; [EMAIL PROTECTED] Objet : Re: [leaf-user] IPSec doesn't found public interface On Sun, 11 Aug 2002 13:47:20 +0200 Francois BERGERET [EMAIL PROTECTED] wrote: Hi Chad, Thanks to spend your time to help me (and others). I have understood that you have trieve a bug in the IPSec package, but I don't know how correct it by myself, due to my lack of competence with Linux. I have tempted an idiot editing with ae without success, of course. How can I proceed ? Could you, please, correct this bug for me (and the community) and post the file to replace ? Sorry about that. Attached inline below. Please excuse the bug. It will be fixed in the next release. After this bug correction, how can I start correctly IPSec tunnels between my two boxes ? As described by Jacques Nilo's user manual ? Yes. The users manual has a section on ipsec. If you have additional questions, please post to the list. http://leaf.sourceforge.net/devel/jnilo/buipsec.html -- Chad Carr [EMAIL PROTECTED] # BEGIN /usr/lib/ipsec/_startklips # ...SNIP SNIP SNIP... --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSec doesn't found public interface
Thanks Erich and others, my CD problem is resolved now ! And, I don't know what ! I have probably modify something in one file, may be isolinux, that previously stroked my CD capacity... It is realy possible to overload the superfloppy, a contrario my previous e-mails. I apologyze myself to have left a doubt about this. This is due to my lack of knowledge about linux and ISO image. But, I have not be able to start correctly my Bering with IPSec. Always Pluto saying not found public interface (with a dynamic IP), and IPSec stoped each time. I have tested this : ipsec tncfg --attach --virtual ipsec0 --physical ppp0 and this have changed ipsec tncfg by aparently linking IPSec to PPP0, and if I ping PCs to other side of my tunnel, activity is seen at my ADSL modem output. But, if I type : ipsec setup --restart, nothing seems occur and I have the same error messages as Bering starting : no public interface founded. I plan to connect an IP traffic analyser to see what is outgoing... Some ideas ? Best Regards to all readers, François BERGERET, France. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]De la part de Erich Titl Envoyé : lundi 5 août 2002 23:38 À : [EMAIL PROTECTED] Objet : RE: [leaf-user] IPSec doesn't found public interface Salut François François BERGERET wrote the following at 23:15 05.08.2002: Hi Chad ! Thanks in advance for your wondefull job. Is it possible to modify your actual cd image to increase the capacity that is only superfloppy image and no a 'normal' hard disk image ? I don't know how to insert IPSec in my actual CD because my requirements increase Bering floppy to more than 2 Mega Bytes and do the CD bugging at boot. So, I am waiting for a solution and, during this time, I use external supplementary modules and packages for IPSec loaded from the floppy. But I could prefer to have all the distro on the CD, of course... CD is more reliable ! Do you use isolinux or syslinux to boot your CD?Isolinux is not limited to any floppy size. regards Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html