S Mohan said:
If you are using Win2K clients, Chad has put up a good chapter.
I am not using Win2K clients.
(Not yet, anyway. Eventually, but that's a bit far in the distance)
What I want is for my Bering 1.0 to make an IPSec connection to my Pix. No
Win2K involved, at this point in time.
--
K.-P. Kirchdörfer said:
Am Montag, 10. Februar 2003 06:19 schrieb Mike Leone:
OK; so I think I'm making progress ...
Anyway, when ipsec starts, I get:
# svi ipsec start
ipsec_setup: Starting FreeS/WAN IPsec 1.99...
ipsec_setup: Using /lib/modules/ipsec.o
ipsec_setup: WARNING: eth0 has
John Mullan wrote:
OK Charles. I understand. As you know by now, I only really do this stuff
at home. I have helped a buddy by putting a LEAF router at his office.
So, not being the guru and not having a great amount of time, I will
eventually read bits and pieces.
I only ended up with Win2K
I had replied privately, but I'll include the list (BTW, please don't send
me private copies of list mail; it just means twice the bandwidth, since I
will see the message on the list anyway).
S Mohan said:
If you are using Win2K clients, Chad has put up a good chapter. It would
No, I am not
On Monday 10 February 2003 08:08 am, Michael Leone wrote:
However, I have changed /etc/network/options, and changed spoofprotect
to no. Doesn't that turn off route filtering?
It's set in shorewall configuration (interfaces(?)).
I thought it might, but the Bering docs indicate otherwise
On Monday 10 February 2003 12:18 am, David Pitts wrote:
Thanks Lynn. The RCDLinks = in your uDHCPC is S,S38 6,K38 . I will
try RCDLINKS=2,S38 3,S38 6,K38 which looks more consistent with other
packages (including uDHCPD which I hadn't noticed earlier).
No, No the 2 in your example is
Lynn Avants said:
It would definately be in your best interest to read the Shorewall
Ipsec/VPN page on http://www.shorewall.net . IPSec definately won't
work with Shorewall unless you configure shorewall correct. Do not use
OK. Haven't gotten that far yet; was just following the Bering docs
However, I have changed /etc/network/options, and changed spoofprotect
to no. Doesn't that turn off route filtering?
It's set in shorewall configuration (interfaces(?)).
I thought it might, but the Bering docs indicate otherwise - that the
easiest way is by changing
I'm using Lynn Avants' Dachstein v1.0.2 with IPSEC from
http://lrp.steinkuehler.net/contrib_disk_images.htm.
I want to configure a subnet-to-subnet ipsec tunnel where both subnets
are linked through a wireless bridge. The diagram below shows what I'm
trying to accomplish:
+---+++
Hi all,
I'm getting the following kernel panic on my bering1.0_stable box with
kernel 2.4.20 This is running on a Soekris net4501 . Anyone else see
this?
Hello Steve, Kernel panic with the kernel is often a problem of a
corrupt media, or corrupt download.
From what kind of media
Charles is correct, Windows 2000 should handle it's own DNS if you are using
AD. For Windows 2000, outside of AD, it doesn't matter, but AD wants to
create a bunch of DNS records for AD to work properly as a name and service
resolution tool. You can run it with a properly configured *nix DNS
At 05:36 PM 2/10/03 +0100, Eric Wolzak wrote:
Hi all,
I'm getting the following kernel panic on my bering1.0_stable box with
kernel 2.4.20 This is running on a Soekris net4501 . Anyone else see
this?
Hello Steve, Kernel panic with the kernel is often a problem of a
corrupt media, or
Steve,
You might want to try the kernal and drivers Jaques compiled for the
Elan hardware target. They're at:
http://leaf.sourceforge.net/devel/jnilo/testing/
Ignore the busybox stuff that's in there. I had asked Jaques to
recompile the 2.4.20 kernal for the Elan target specifically for use
Michael Leone wrote:
Lynn Avants said:
the 509 package if you are not using certs, the 509 package probably
will not work with PSK's. --
It won't? Shoot. I do want to move to using certs, both between my Pix and
for any remote clients to my Bering box that I may have in future. But at
the
João Miguel Neves wrote:
I'm using Lynn Avants' Dachstein v1.0.2 with IPSEC from
http://lrp.steinkuehler.net/contrib_disk_images.htm.
I want to configure a subnet-to-subnet ipsec tunnel where both subnets
are linked through a wireless bridge. The diagram below shows what I'm
trying to
I use wisp in all my wireless station, and for everything works just fine!
But im getting a problem that i can't understand!
I got 0% of packet loss, the ping responds in 3 ms to 10 ms! very stable,
the distance between the antenas are 2km!
The signal in AP Manager (The station is connected in a
Hello Samuel,
I have a feeling that your system ran out of memory. Try telnet. It is
lighter on resources. If you cannot login remotely, try to login via
serial cable.
You can see memory usage by running ps auxw and cat /proc/meminfo.
Also see what messages you have in the system log. Please
Ok, new to the list. I have been looking to set up a floppy based router
for a vpn connection (bering looks ideal for this) so ditched the Intel
3240 in favour of a speedtouch - only to receive a 330 which appears
only to be supported in the latest beta at speedtouch.sourceforge.net,
and for which
Hi All,
I'm fairly new to shorewall and have a unique environment to setup,
currently have two building connected via Orinoco AP.
Both building are part of the same subnet and must stay that way.
I want to incress secury of the wirelless segment and have decided to
user Bering, VTunnel and
# cat /proc/meminfo
total:used:free: shared: buffers: cached:
Mem: 62746624 25681920 370647040 3182592 12390400
Swap:000
MemTotal:61276 kB
MemFree: 36196 kB
MemShared: 0 kB
Buffers: 3108 kB
Cached: 12100
Strange. I also saw things going out of control under high load of
small packets, when the CPU cannot keep up with them. Could it be the
case?
Samuel Abreu wrote:
# cat /proc/meminfo
total:used:free: shared: buffers: cached:
Mem: 62746624 25681920 370647040 3182592
I want to port forward any packets sent to port 25 on the external interface
to an internal email server but I seem to be having trouble doing so. I've
made the necessary changes to the network config file but the changes aren't
taking hold. I've rebooted the server twice to no avail (I'm a M$
Hello,
Looking at my firewall via the webbrowser I have the following situation within the
current connections:
Masqueraded Connections::
udp src=192.168.1.44 1276 dst=194.109.6.65 123 --90 sec.
unknown src=599 dst=10.0.0.138 dst=src=10.0.0.2 src=10.0.0.138 --47 sec. use=1
tcp
Hello,
Looking at my firewall via the webbrowser I have the following situation within the
current connections:
Masqueraded Connections::
udp src=192.168.1.44 1276 dst=194.109.6.65 123 --90 sec.
unknown src=599 dst=10.0.0.138 dst=src=10.0.0.2 src=10.0.0.138 --47 sec. use=1
tcp
Doug Sampson wrote:
I want to port forward any packets sent to port 25 on the external interface
to an internal email server but I seem to be having trouble doing so. I've
made the necessary changes to the network config file but the changes aren't
taking hold. I've rebooted the server twice to
New test release available from leaf.sf.net/devel/hzdrus/files,
it fixes traffic shaping and a few other small glitches compared
to previous test release.
--
Best Regards,
Vladimir
Systems Engineer (RHCE)
---
This SF.NET email is sponsored
What you described is all correct including the fact that I my wired machine can
ping my wireless machine and vice versa (which I didn't state in the previous
mail).
1. What LAN IP address is assigned to the Linksys, and is it different from
the LAN IP address of the Bering? If not, fix it;
On Monday 10 February 2003 03:43 pm, Camille King wrote:
Right after my wireless machine starts up, the arp table contains two
entries, 192.168.1.253 (which is the Linksys) and 192.168.1.254 (which is
Bering). Pinging doesn't work and there is no difference in the arp table
except that
David
David Howe wrote the following at 19:15 10.02.2003:
Ok, new to the list. I have been looking to set up a floppy based router
for a vpn connection (bering looks ideal for this) so ditched the Intel
3240 in favour of a speedtouch - only to receive a 330 which appears
only to be supported in
OK, are several things that could be going wrong, besides
mis-configuration (it looks like you've got everything setup
properly,
but I can't tell for sure without the full output of net
ipfilter list).
1) Your ISP is blocking port 25. This is fairly common, and is
typically
Comments inline below.
At 04:43 PM 2/10/03 -0500, Camille King wrote:
What you described is all correct including the fact that I my wired
machine can
ping my wireless machine and vice versa (which I didn't state in the previous
mail).
1. What LAN IP address is assigned to the Linksys, and is
The wireless network, is to use one particular system, made by other
company!
99,5% of the traffic is for that intranet system, made in cobol, with
servers running linux, through apache!
I spent all my afternoon in the roof of a building trying to set-up this
thing!
I change the SBC, the
OK. Nothing like looking at a real ruleset to sort things out. The input
chain appears to be working properly to allow port-25 traffic in, since
this rule shows matching packets:
20 800 ACCEPT tcp -- 0xFF 0x00 eth0
0.0.0.0/00.0.0.0/0 * - 25
Since you
On Monday 10 February 2003 04:32 pm, Doug Sampson wrote:
20 800 ACCEPT tcp -- 0xFF 0x00 eth0
0.0.0.0/00.0.0.0/0 * - 25
0 0 MASQ tcp -- 0xFF 0x00 *
192.168.1.4 0.0.0.0/0 25 - *
:: Port FW ::
prot localaddr
On Monday 10 February 2003 04:06 pm, Erich Titl wrote:
Lynn
snip
Unless you are using pcmcia adapter cards only, or maybe USB devices
(wireless??).
I ran into a similar issue with dhclient and had to wait quite some time
until all adapters were ready.
True, but that isn't an init problem,
On Monday 10 February 2003 10:58 am, Charles Steinkuehler wrote:
I am unaware of any issue that would prevent you from continuing to use
PSKs after switching to the 509 version of FreeS/WAN. As far as I know,
PSKs work identically between the plain and x.509 patched versions.
That might be,
-Original Message-
From: Camille King [mailto:[EMAIL PROTECTED]]
Sent: February 10, 2003 7:12 PM
To: 'Ray Olszewski'
Subject: RE: [leaf-user] problems with BEFW11S (wireless router) and LEAF
(Bering)
Just a thought here ... does the wireless host run any sort of firewalling
package?
Thnkas Michael. However it seems he's got the IDE support as modules
and it fails to boot. I was hoping for one compiled with IDE :)
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Michael
Bonner
Sent: Monday, February 10, 2003 12:02 PM
To: [EMAIL
Try to find out if there is something that triggers this
behavior.
Do you have the same problem when you connect to CPE through
normal Ethernet?
Samuel Abreu wrote about Re: [leaf-user] Bizarre behaviour in wisp dist?:
The wireless network, is to use one particular system, made by other
On Sunday 09 February 2003 08:58 pm, Sean wrote:
I have been using Dachstein for a few years. I recently decided to give
Bering a try. I use an app, EyeBall chat, to video chat to relatives.
It worked just fine under Dachstein. It is NOT working under Bering.
It appears the app uses a
Ray,
But with all of that, I cannot connect (using telnet) to your
mail server
from here (though I can ping you and connect to the Web server).
You couldn't- all attempts to port 23 are blocked.
So ... how thoroughly have you checked the Exchange server for
configuration problems? Is
Lynn Avants ([EMAIL PROTECTED]) had this to say on 02/10/03 at 19:17:
On Monday 10 February 2003 10:58 am, Charles Steinkuehler wrote:
I am unaware of any issue that would prevent you from continuing to use
PSKs after switching to the 509 version of FreeS/WAN. As far as I know,
PSKs
All,
Some more info on this...
I recompiled the kernel for natsemi Module support instead of native
kernel support for the dp83815. The module loads fine on bootup and
detects all three integrated interfaces. But as soon as the load
progresses to Configuring Network Interface.., sure enough,
I've been inspecting the various versions of LEAF, and can't
readily identify which of them might work in my 486SX, i.e. Non-FPU.
I'm quite interested in the Bering, Dachstein, and Oxygen
distributions.
Could someone let me know which of these would work in my ancient
machine?
Many thanks
Nick
I'm responding via leaf-user rather than privately mainly because I'm
running out of ideas, so I'm hoping the additional information you provided
here will give someone else an idea.
Based on this new information, it looks like whatever the problem is, it is
NOT a problem at the network layer
On Monday 10 February 2003 06:31 pm, Mike Leone wrote:
Hopefully, we'll find out soon. I followed the Shorewall VPN document to
the letter, and now will be trying to verify my ipsecrets.conf entries.
(left is me, right is them - do I have that right? If so, I have all the
entries, except for
The solution was posted on their website. Apparently by default it uses
dynamic UDP and TCP but there is a static port patch for v2.2 located
here:
http://www.eyeballchat.com/download/patches/fixed_ports_patch22.reg
Then you need to open up these ports:
Open the following ports in your
Sorry if this sounds stupid, but using LRP version 3.1.0 (2.2 kernel) I can't
use the remount option with the mount command. Using for example either mount
-n -o remount,ro /somedir or mount /somedir -o -n remount ,ro doesn't work.
Options like these are used in a checkroot script I'm using for
Lynn Avants ([EMAIL PROTECTED]) had this to say on 02/10/03 at 22:05:
On Monday 10 February 2003 06:31 pm, Mike Leone wrote:
Hopefully, we'll find out soon. I followed the Shorewall VPN document to
the letter, and now will be trying to verify my ipsecrets.conf entries.
(left is me, right
pn] Thanks Ray, Lynn and Todd for your replies!
pn] Yes, what I want is simply an access point for my notebook PC. Not
just to be more mobile in the house, but one of the few irritants with
my notebook is that the NIC connector on the left side near the front.
What a PITA.
pn] Todd, you
On Monday 10 February 2003 10:03 pm, Spiro Philopoulos wrote:
Sorry if this sounds stupid, but using LRP version 3.1.0 (2.2 kernel) I
can't use the remount option with the mount command. Using for example
either mount -n -o remount,ro /somedir or mount /somedir -o -n remount
,ro doesn't work.
Ok, detailing more!
That particular station, have 3 interfaces, netcs0, netcs1 and eth0
all with same ip! and with parprouted on!
netcs0 is connected to one Orinoco AP1000, both with Orinoco Gold Cards,
netcs1 is a Orinoco Gold Card, and is connected to another wisp station,
with one orinoco
On Mon, 2003-02-10 at 20:03, Spiro Philopoulos wrote:
Sorry if this sounds stupid, but using LRP version 3.1.0 (2.2 kernel)
Spiro,
It looks like you're using one of Matthew Grant's Mountain releases.
Specifically Eiger. The only way we'll know for sure is if you paste the
output from 'uname -a'
On Mon, 2003-02-10 at 23:41, Mike Noyes wrote:
On Mon, 2003-02-10 at 20:03, Spiro Philopoulos wrote:
Sorry if this sounds stupid, but using LRP version 3.1.0 (2.2 kernel)
It looks like you're using one of Matthew Grant's Mountain releases.
Specifically Eiger. The only way we'll know for sure
54 matches
Mail list logo