RE: [leaf-user] IPSec doesn't found public interface - RESOLVED -
Hi Chad, Thanks for your corrected /usr/lib/ipsec/_startklips file. It is ok now. But I have another error, may be a bad parameter in my IPSec config files. I have not the time this days to check it more... I will start another request thread whan I will seen what is the problem. Thanks for your efforts. Best Regards, Francois BERGERET, France. Chad Carr [EMAIL PROTECTED] # BEGIN /usr/lib/ipsec/_startklips # #!/bin/sh # KLIPS startup script # Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer. # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See http://www.fsf.org/copyleft/gpl.txt. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: _startklips,v 1.6.2.6 2002/06/21 05:05:01 mcr Exp $ ... SNIP SNIP SNIP ... --- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1refcode1=vs3390 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] IPSec doesn't found public interface
On Sun, 11 Aug 2002 13:47:20 +0200
Francois BERGERET [EMAIL PROTECTED] wrote:
Hi Chad,
Thanks to spend your time to help me (and others).
I have understood that you have trieve a bug in the IPSec package,
but I don't know how correct it by myself, due to my lack of competence
with Linux.
I have tempted an idiot editing with ae without success, of course.
How can I proceed ?
Could you, please, correct this bug for me (and the community) and
post the file to replace ?
Sorry about that. Attached inline below. Please excuse the bug. It will be fixed in
the next release.
After this bug correction, how can I start correctly IPSec tunnels
between my two boxes ? As described by Jacques Nilo's user manual ?
Yes. The users manual has a section on ipsec. If you have additional questions,
please post to the list.
http://leaf.sourceforge.net/devel/jnilo/buipsec.html
--
Chad Carr [EMAIL PROTECTED]
# BEGIN /usr/lib/ipsec/_startklips #
#!/bin/sh
# KLIPS startup script
# Copyright (C) 1998, 1999, 2001, 2002 Henry Spencer.
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See http://www.fsf.org/copyleft/gpl.txt.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: _startklips,v 1.6.2.6 2002/06/21 05:05:01 mcr Exp $
me='ipsec _startklips' # for messages
# KLIPS-related paths
sysflags=/proc/sys/net/ipsec
modules=/proc/modules
# full rp_filter path is $rpfilter1/interface/$rpfilter2
rpfilter1=/proc/sys/net/ipv4/conf
rpfilter2=rp_filter
ipsecversion=/proc/net/ipsec_version
moduleplace=/lib/modules/`uname -r`/kernel/net/ipsec
bareversion=`uname -r | sed -e 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9-]*\).*/\1.\2.\3/'`
moduleinstplace=/lib/modules/$bareversion/kernel/net/ipsec
modulename=ipsec.o
info=/dev/null
log=daemon.error
for dummy
do
case $1 in
--log) log=$2 ; shift;;
--info) info=$2 ; shift ;;
--debug)debug=$2 ; shift ;;
--omtu) omtu=$2 ; shift ;;
--fragicmp) fragicmp=$2 ; shift ;;
--hidetos) hidetos=$2 ; shift;;
--default) packetdefault=$2 ; shift ;;
--) shift ; break ;;
-*) echo $me: unknown option \`$1' 2 ; exit 2 ;;
*) break ;;
esac
shift
done
# some shell functions, to clarify the actual code
# set up a system flag based on a variable
# sysflag value shortname default flagname
sysflag() {
case $1 in
'') v=$3 ;;
*) v=$1 ;;
esac
if test ! -f $sysflags/$4
then
if test $v != $3
then
echo cannot do $2=$v, $sysflags/$4 does not exist
exit 1
else
return # can't set, but it's the default anyway
fi
fi
case $v in
yes|no) ;;
*) echo unknown (not yes/no) $2 value \`$1'
exit 1
;;
esac
case $v in
yes)echo 1 $sysflags/$4;;
no) echo 0 $sysflags/$4;;
esac
}
# set up a Klips interface
klipsinterface() {
# pull apart the interface spec
# Bering
# virt=`expr $1 : '\([^=]*\)=.*'`
# phys=`expr $1 : '[^=]*=\(.*\)'`
virt=`echo $1 | sed 's/=.*//g'`
phys=`echo $1 | sed 's/[^=]*=//g'`
# /Bering
case $virt in
ipsec[0-9]) ;;
*) echo invalid interface \`$virt' in \`$1' ; exit 1 ;;
esac
# figure out ifconfig for interface
addr=
#Bering
# eval `ifconfig $phys |
# awk '$1 == inet $2 ~ /^addr:/ $NF ~ /^Mask:/ {
# gsub(/:/, , $0)
# print addr= $3
# other = $5
# if ($4 == Bcast)
# print type=broadcast
# else if ($4 == P-t-P)
# print type=pointopoint
eval `ip addr show $phys |
awk '$1 == inet {
print addr= $2
other = $4
if ($3 == brd)
print type=broadcast
else if ($3 == peer)
print type=pointopoint
else if (NF
RE: [leaf-user] IPSec doesn't found public interface
Hi again Dear Chad, Thanks for your effort for servicing Bering distro. I am very found of it, and all of you who works on this project are very gentlemen and your quick replies welcome ! Thanks for sharing. Very, very cool ! I use a windows box for Internet mailing, and I have some doubt if I do a simple copy/paste with your text script to feel the /usr/lib/ipsec/_startklips file with an intermediate relay floppy for transfert from windows box to Bearing box... Is it possible for you to send me the complete file as attachment ? I will copy it directly on the floppy without change anything in it. Thanks again. Best Regards, Francois BERGERET, France. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]De la part de Chad Carr Envoye : dimanche 11 aout 2002 16:47 A : [EMAIL PROTECTED]; [EMAIL PROTECTED] Objet : Re: [leaf-user] IPSec doesn't found public interface On Sun, 11 Aug 2002 13:47:20 +0200 Francois BERGERET [EMAIL PROTECTED] wrote: Hi Chad, Thanks to spend your time to help me (and others). I have understood that you have trieve a bug in the IPSec package, but I don't know how correct it by myself, due to my lack of competence with Linux. I have tempted an idiot editing with ae without success, of course. How can I proceed ? Could you, please, correct this bug for me (and the community) and post the file to replace ? Sorry about that. Attached inline below. Please excuse the bug. It will be fixed in the next release. After this bug correction, how can I start correctly IPSec tunnels between my two boxes ? As described by Jacques Nilo's user manual ? Yes. The users manual has a section on ipsec. If you have additional questions, please post to the list. http://leaf.sourceforge.net/devel/jnilo/buipsec.html -- Chad Carr [EMAIL PROTECTED] # BEGIN /usr/lib/ipsec/_startklips # ...SNIP SNIP SNIP... --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] IPSec doesn't found public interface
Thanks Erich and others, my CD problem is resolved now ! And, I don't know what ! I have probably modify something in one file, may be isolinux, that previously stroked my CD capacity... It is realy possible to overload the superfloppy, a contrario my previous e-mails. I apologyze myself to have left a doubt about this. This is due to my lack of knowledge about linux and ISO image. But, I have not be able to start correctly my Bering with IPSec. Always Pluto saying not found public interface (with a dynamic IP), and IPSec stoped each time. I have tested this : ipsec tncfg --attach --virtual ipsec0 --physical ppp0 and this have changed ipsec tncfg by aparently linking IPSec to PPP0, and if I ping PCs to other side of my tunnel, activity is seen at my ADSL modem output. But, if I type : ipsec setup --restart, nothing seems occur and I have the same error messages as Bering starting : no public interface founded. I plan to connect an IP traffic analyser to see what is outgoing... Some ideas ? Best Regards to all readers, François BERGERET, France. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]De la part de Erich Titl Envoyé : lundi 5 août 2002 23:38 À : [EMAIL PROTECTED] Objet : RE: [leaf-user] IPSec doesn't found public interface Salut François François BERGERET wrote the following at 23:15 05.08.2002: Hi Chad ! Thanks in advance for your wondefull job. Is it possible to modify your actual cd image to increase the capacity that is only superfloppy image and no a 'normal' hard disk image ? I don't know how to insert IPSec in my actual CD because my requirements increase Bering floppy to more than 2 Mega Bytes and do the CD bugging at boot. So, I am waiting for a solution and, during this time, I use external supplementary modules and packages for IPSec loaded from the floppy. But I could prefer to have all the distro on the CD, of course... CD is more reliable ! Do you use isolinux or syslinux to boot your CD?Isolinux is not limited to any floppy size. regards Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
