Hi Erich,
I prefer this method over the other Eric said yesterday as the change is
less and you can have a backup in case something goes wrong and you do not
have the time to fix it. With PXE, I do not know if you always need another
machine to boot WRAP or you just use that to install new fil
Hello Cpu,
I just commited iptables-1.3.5 to CVS, you may give that one a try.
Eric
> With iptables 1.3.4, shorewall (2.4.7) reports connection tracking is
> not available.
>
> I checked /usr/share/shorewall/firewall and found this line:
>
>
> qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 19
Hello Cpu,
I compiled openssh with the option enabled and disabled but with the same
result. Do you have opensc installed on your host computer? Maybe the
Configure script find it there.
I have removed the line anyway, because it indeed doesn't make a difference.
Eric
> Yup.
>
>
> Eric Spakman
Hi
M Lu wrote:
> I should add that I have 256M CF, so there is plenty of room for new
> /old files if needed.
>
>
> - Original Message - From: "M Lu" <[EMAIL PROTECTED]>
> To:
> Sent: Monday, February 13, 2006 5:38 PM
> Subject: [leaf-user] Upgrading to new version of Bering-U on WRAP b
smime.p7s
Description: S/MIME cryptographic signature
Hello Cpu,
I think the fix to support cryptoapi is rather simple, it's just broken in
the openswan sources (patch).
If you change the following line in the kernel's linux/net/ipsec/Config.in
from:
bool ' IPsec Modular Extensions' CONFIG_KLIPS_ALG
if [ "$CONFIG_KLIPS_ALG" != "n" ]; then
Hi Cpu,
In makefile.inc
But a much better fix will be to enable cryptoapi in the kernel config and
rebuild openswan against it. Only the standard openswan patch doesn't
contain that option and I have to make a patch against it.
Eric
> Hmmm... Where/how do you set USE_EXTRACRYPTO?
> -cpu
>
>
> E
Hmmm... Where/how do you set USE_EXTRACRYPTO?
-cpu
Eric Spakman wrote:
> Hi Cpu,
>
>> Eric,
>>
>>
>> Regarding openswan 2.x. It looks like one is supposed to use cryptoapi
>> instead of Juanjo's crypto algorithms. But there is no real info on how
to
>>
> The cryptoapi stuff is optional and the ot
Hi Cpu,
> Eric,
>
>
> Regarding openswan 2.x. It looks like one is supposed to use cryptoapi
> instead of Juanjo's crypto algorithms. But there is no real info on how to
>
The cryptoapi stuff is optional and the other ciphers are internal to pluto:
LIBDESSRCDIR=${OPENSWANSRCDIR}/linux/crypto/ciph
Eric,
Regarding openswan 2.x. It looks like one is supposed to use cryptoapi
instead of Juanjo's crypto algorithms. But there is no real info on how to
go from 1.x to 2.x. After getting stuck on SHA2_256 I gave up. Also, on
1.0.9 I made some modifications to ./pluto/kernel.c to allow for multip
Hello Cpu,
A pity 2.4.4 is not working ok for you. You are the first reporting a
problem with it.
I looked through various documents and it seems like all those ciphers are
supported but probably internal.
Does the _startklips fix still suports plain ethx interfaces?
Eric
> Hi Eric,
>
>
> I'm
Yup.
Eric Spakman wrote:
> Hello Cpu,
>
> Ok, thanks for reporting! If I understand correctly the
"--without-opensc"
> Configure option is broken, removing the line will disable opensc
anyway.
>
> Eric
>
>> Hello Eric,
>>
>>
>> I'd get compile errors. This might explain it:
>>
>>
>> 20050317
>>
Hi Eric,
I'm not using openswan 2.4.4, I'm using 1.0.9. But I did look at the newer
_startklips and the line is the same. To me, this suggests it's making the
same assumptions about the interface. My guess is that it will work.
original 2.4.4
/usr/lib/ipsec/_startklips:
eval `ip addr show $phy
Hello Cpu,
Ok, thanks for reporting! If I understand correctly the "--without-opensc"
Configure option is broken, removing the line will disable opensc anyway.
Eric
> Hello Eric,
>
>
> I'd get compile errors. This might explain it:
>
>
> 20050317
> - (tim) [configure.ac] Bug 998. Make path for -
Hello Eric,
I'd get compile errors. This might explain it:
20050317
- (tim) [configure.ac] Bug 998. Make path for --with-opensc optional.
Make --without-opensc work.
- (tim) [configure.ac] portability changes on test statements. Some
shells
have problems with -a operator.
- (tim) [c
Hello Jim,
I doubt this will be added. You can get the patch from here:
http://ftp.die.net/pub/linux-kernel-tarpit/
What I did to get this working (actually, compiled--haven't really
tested)...
Step 1:
Download linux-2.4.18-tarpit.patch to ./source/linux/.
Step 2:
Edit ./source/linux/buildto
Hello Cpu,
I looked through the openswan source, it seems that those ciphers are
linked into pluto.
Eric
> Hello Arne,
>
>
> I don't understand openswan 2.x. It doesn't have SHA2 (which I use).
> Can't
> modularize ciphers; no blowfish (missing usual ALGs). I tried using
> cryptoapi's sha512 but
Hello cpu,
> ...you get rid of this line in buildtool.mk:
>
>
> --without-opensc
>
>
> This appears to be an old problem not related to ucbering. I did not
> save my log messages so I can't report the errors, unfortunately. -cpu
>
Never had a problem with building, what does "--without-opensc" do?
Hello,
Did anybody try sangoma wan adapters with leaf uclibc?
I have seen the wanpipe.o in the module package. What else in required?
Appreciate any help or reference to a webpage describing the installation
requirements/process.
Thanks.
Sherif bahaa
---
Cpu,
If I'm not mistaken you have to use the standard kernel ciphers, openswan
doesn't use its own anymore.
#
# Cryptographic options
#
CONFIG_CRYPTO=y
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_NULL=m
CONFIG_CRYPTO_MD4=m
CONFIG_CRYPTO_MD5=m
CONFIG_CRYPTO_SHA1=m
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA51
Hello Cpu,
Does the same fix applies to our current openswan-2.4.4?
Eric
> Hello,
>
>
> In addition to specifying a label I couldn't get openswan to work with
> secondary IPs unless I changed this line in _startklips:
>
> eval `ip addr show $phys primary | grep inet | sed -n 1p |
>
> to:
>
>
> e
Hello CPU,
Yes, buildtool should handle dependencies. But it has to be explicitly
listed. I will look at it later.
Eric
> Using buildtool, mawk won't compile unless bison is installed. Under most
> circumstances, shouldnt buildtool handle dependencies?
>
> _
Hello,
In addition to specifying a label I couldn't get openswan to work with
secondary IPs unless I changed this line in _startklips:
eval `ip addr show $phys primary | grep inet | sed -n 1p |
to:
eval `ip addr show ${phys%%:*} label $phys | grep inet | sed -n 1p
-cpu
Charles Steinkuehler w
23 matches
Mail list logo