Eric,
I'm not a Bering user but the tasks you need to accomplish are simple.
There are two ways ( in short ) to use IPSEC server and client. The IPSEC
server requires the kernel be able to handle the IPSEC packets directly
through either compiling IPSEC into the kernel or
Unless you are referring to changing over to using Dachstein, I don't
believe the modules will work for the Bering distribution. Surely though
someone else here is running a separate IPSec server (non-gateway) that they
too would need a Bering version of the ip_x_ipsec.o module to be compile
hi,
Does anyone have a link to the pcmcia.lrp for Dachstein?
Thanks,
j.
--
..
. Jason C. Leach
..
Current PGP/GPG Key ID: 43AD2024
___
Leaf-user mailing list
[EMAIL PROTECTED]
On Wed, 24 Apr 2002 00:27:23 -0400
Eric B Kiser [EMAIL PROTECTED] wrote:
damn... I have just been sitting here staring at my monitor while the
reality of what I am trying to do has dawned on me. When Tom pointed me
in the direction of the files ip_conntrack_ipsec.o and ip_nat_ipsec.o I
began
Yes, I am definetly referring to using a Dachstein diskette.
;-)
Steve
-Original Message-
From: Joey Officer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 24, 2002 8:08 AM
To: Steve Fink; Eric B Kiser
Cc: [EMAIL PROTECTED]
Subject: RE: [Leaf-user] ip_masq_ipsec.o for bering
Although you could compile a kernel for your specific needs (always
recommended, but not necessary), I think for your particular needs just
using a module at boot time would be sufficient. Something you might
consider however, if you do not specifically need something from Bering, I
know that
After making the RSA right, I restarted the ipsec service on both
side and then I try to ping a machine on 192.168.1.x from 192.168.9.x
subnet but the ping times out and there is nothing in auth.log or syslog
suggesting a reason.
Could you please suggest what I should look at now? I am
On Wed, 24 Apr 2002 10:17:22 -0400
Simon Bolduc [EMAIL PROTECTED] wrote:
Don't most people log to ram? Assuming this is the case with bering
(which it should be as it is a floppy dist) moving over to CF shouldn't
matter unless Paul decided to log to CF - and leave his CF mounted all
the
Sorry, I didn't mean no logging.
I was just warning you not consider compact flash
an acceptable logging device.
Many people are not happy with ramdisk capacity.
Some log to a remote syslogd.
I mail logs to an admin every 2 hours or 1MB.
If you want to mail logs and don't want to install
Thanks for Dachstein suggestion (and, yes, Charles is amazingly patient and
helpful) but I have to stick with Bering due to other requirements that I
have set on myself. Specifically, the desire to learn iptables. If I end up
having to figure out how to compile my own kernel then so it has to be.
Thanks for Dachstein suggestion (and, yes, Charles is amazingly patient and
helpful) but I have to stick with Bering due to other requirements that I
have set on myself. Specifically, the desire to learn iptables. If I end up
having to figure out how to compile my own kernel then so it has to
Hi Charles and Lynn.
Thank you for your suggestions. Things are not changed much after
I did the following as you advised:
- As per Lynn's remark, I now use only one /etc/ipsec.conf on
both sides. The FreeSWAN doc said that you may need to change
the line interfaces=, but they are
Thank you for your suggestions. Things are not changed much after
I did the following as you advised:
- As per Lynn's remark, I now use only one /etc/ipsec.conf on
both sides. The FreeSWAN doc said that you may need to change
the line interfaces=, but they are identical in this case
I strongly hope that's my mistake somewhere and not the ISP's. If the ISP blocks the
IPSEC, could I connect to my office's VPN server? I still can do that before this
experiment (removing ipsec module...).
The bad (and probably good -:)) news is that I do not see anything logged into
Hello Joe
If I understand your drawing correctly you want to forward the
request on your external addres 207.5.x.y for port 80 (www) to the
computer in the internal net with the ip number 192.168.1.200
In general :
The information about portforwarding, you can find on the shorewall
page
I strongly hope that's my mistake somewhere and not the ISP's. If the ISP
blocks the IPSEC, could I connect to my office's VPN server? I still can do
that before this experiment (removing ipsec module...).
The bad (and probably good -:)) news is that I do not see anything logged
into
Hi Charles MLu,
I'm having similar problems, and have found this thread helpful. I've
been wondering, do we have to declare the routing on the gateways, or
shouldn't ipsec handle this? Also, what if the ipsec router is not the
default gateway for a machine that you are trying to ping from
I should probably amend that last statement - my current test setup is:
192.168.2.X - ipsec gateway {default} - 2Wire firewall - SSH Sentinel
And I am experiencing the same problems that MLu mentioned. If I try to
add a route on the subnet machines (ok, sigh windows), I get error 87.
Do I
I am still trying to figure out what the cause is. So far I believe that
there must be something wrong in my network.conf (I have 2 internal, 1
DMZ and for IPSEC testing I had to change 192.168.1 to 192.168.9 so I
could have messed something up). If I understand correctly, the ipsec
should handle
19 matches
Mail list logo