[Leaf-user] Ipsec

 Hi I'm trying to set up 2 Dachstein CD systems to create a VPN. The CD  version is wonderful by the way. All seems well but the networks don't see each other. Running 'ipsec  look' shows a connection between the 2 firewalls and there are  appropriate routes set up on each machine but no tra

[Leaf-user] IPSec

Does anyone know what version of IPsec is included on the Dachstein-CD? Also, is there a limit to the number of VPN connections it can concurrently support? Does it support PPTP clients? Thanks. ___ Leaf-user mailing list [EMAIL PROTECTED] https://li

[leaf-user] IPSec

Ok, my fears were correct :( I have a problem with a race condition the involves IPSec and Shorewall with Bering 1rc3... Here's the bad ASCII art again: 10.0.0.0/24firewall 192.168.0.0/24 | | firewall - Internet |

[leaf-user] IPSec

Chad has made Win2K configuration using IPSec look simple in his documentation. It does not seem as if the description is enough to get it to work well first shot. I've had a horrid time going thro' a Win2K configuration. I've been in the Windows world for over 12 years and Win2K IPSec configurati

[leaf-user] IPSEC

Hope everyone had a happy Christmas, can anyone point me to documentation about the Bering uClib2.0 IPSEC package ? The links at Freeswan don't seem very relevant to the config in Bering. I'm trying to set the RSA keys up but not having any success so far. Best wishes for the new year, robert vo

[leaf-user] ipsec

I was wondering if there is any documentation for using ipsec or some form of vpn and Bering uClibc. Specifically, I am using 3.0 beta 2 BuC with a standard 3 nic setup. I was wanting to setup (a secure) remote desktop to multiple windows servers on my dmz and possibly also a workstation on the l

[Leaf-user] IPSEC problems

Hey guys,   I'm trying to get ipsec 1.5 working on eigerstein. I have gone through the configs and set everything up. It appears to come up and start ok with no errors. I was getting a error about the rp_filter setting being to 1 instead of 0 but I managed to compensate for that. Still I'm su

[Leaf-user] IPSec 1.9

I've got the Dachstein RC5 up and running and I copied over the configs for IPSec 1.5. I just copied over all the previous configs from 1.5 and everything connects (ipsec manual connection) without any errors that I can see, even poking thru all the debug output shows everything as 'success'. I

Re: [Leaf-user] Ipsec

I'm trying to set up 2 Dachstein CD systems to create a VPN. The CD version is wonderful by the way. All seems well but the networks don't see each other. Running 'ipsec look' shows a connection between the 2 firewalls and there are appropriate routes set up on each machine but no traffic goe

Re: [Leaf-user] Ipsec

BH> 50 & 51 tcp are on the accept list with 0 byte counts. 500 udp is also open with traffic. Nothing shows up in the logs on either end indicating where the packets are going. I'm looking in syslog. Thanks for your help >I'm trying to set up 2 Dachstein CD systems to create a VPN. The CD > ve

[Leaf-user] IPSEC ERRORS

Hi everyone. I am using Oxygen 1.8.0 and I am trying to configure ipsec on it. since the ipsec module i have is too big (494K) to put on a disk. I have two ways of actually mounting it: I either load the cd and pick the option that load ipsec tools or I copy the ipsec pkg on a floppy and then I

[Leaf-user] ipsec errors

Mar 8 13:25:08 firewall ipsec_setup: Starting FreeS/WAN IPsec 1.91... Mar 8 13:25:08 firewall ipsec_setup: KLIPS debug `none' Mar 8 13:25:08 firewall ipsec_setup: KLIPS ipsec0 on eth0 66.25.44.147/255.255.254.0 broadcast 255.255.255.255 Mar 8 13:25:08 firewall ipsec_setup: WARNING: ipsec0 has rout

Re: [Leaf-user] IPSec

> Does anyone know what version of IPsec is included on the Dachstein-CD? Version 1.91 > Also, is there a limit to the number of VPN connections it can concurrently > support? The short answer is "Lots". See documentation on the FreeS/WAN site, but the CPU workload is primarily dependant on ho

[Leaf-user] Ipsec problems

Charles, it appears you are FreeSWAN very aware. I'll appeal to you first but if you don't want to handle I'll turn to freeswan because technically I'm working on non LEAF right now. And it looks like I'm going to have quite a few questions. IPSec(1.5) works like a charm on Eiger but I wante

[leaf-user] ipsec error

Hi Charles, I am running a Dachstein CD 1.0.2. I got it working as a gateway. Now I am tring to configure the ipsec module and when I start my machine I get an error in /var/log/daemon.log Jun 30 01:11:24 babylon ipsec_setup: (/etc/ipsec.conf, line 2) section header ^M has wrong number of fiel

[leaf-user] Ipsec module

What is the url for the ipsec.o module? Thanks --- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim -

[leaf-user] Ipsec module

What is the URL for ipsec.o modules, please? Thanks! --- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim

[leaf-user] IPSec status ??

I want to turn on an LED if any vpn connection is up. I'd like to minitor every couple seconds, 5 at most. I can:ipsec auto --status and grep for an up connection but that's a lot of overhead every few seconds. Does anyone know if IPSec puts anything in /proc that signifies the status

[leaf-user] IPSec tunnel

Hello, I have setup an IPSec vpn for our office network. Our firewall is a Debian Woody box with shorewall 1.2. It shares our DSL connection. Following the documentation, I have enabled a roadwarrior type tunnel like this: # TYPE ZONEGATEWAY GATEWAY ZONE ips

[leaf-user] IPSec tunnels

I'm having a bit of fun with a kinda unique setup... Let's see if I can explain this where someone besides me understands what I'm talking about: Firewall A 64.216.xxx.xxx eth0 Public 10.0.0.0/24 eth1Private 10.0.1.0/24 eth2Secret Firewall B 192.168.1.0/24

[leaf-user] ipsec Bering

Hi all, I have a problem with the last distro Bering-rc4 and ipsec.lrp package. I try to conect with a road-warrior and every seems ok (SA established) except that the /var/log/auth.log mention a problem with the impossibility to write the "route add" for the IP of my road warrior. I follow all

[leaf-user] ipsec x509

Have been trying out the ipsec chapter in Bering stable 1.0. In the host certificates, fswcert command needs to be executed. However, Redhat distro with openssl does not have it. Googling also showed me a few posts where some say fswcert was removed from the package as it was no longer needed and t

[leaf-user] ipsec connectivity

I'm trying to setup a VPN connection between a Win2K box and LEAF using a preshared key setup. I went as per the steps given inthe Microsoft site tosetup IPSec negotiations from IP to IP. The URL is http://http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp and the

[leaf-user] IPsec routing

Hi I am planning ro route a remote location on a wireless link through a ipsec tunnel to the internet. The set up specifies a 0.0.0.0/0 subnet behind the tunnel, but this is what I get in the route after issuing ipsec start. This is on Bering 1_0.stable 2.4.18 before ipsec start # ip route 192

[leaf-user] IPSEC warnings

Hello all, I use an IPSEC client (SafeNet SoftRemote 9) to connect to Bering (v 1.2) FreeSWAN and got a lot of warnings like that in the auth.log file on the router: Aug 12 12:06:53 router pluto[14353]: packet from 209.139.216.225:4500: not enough room in input packet for ISAKMP Message Aug 12 12

Re: [leaf-user] IPSEC

Robert, The ipsec package for Bering uClibc is based on the superfreeswan code, you can find links to documentation from the homepage: http://www.freeswan.ca/code/super-freeswan/ The source also contains extensive documentatoin. Eric Spakman > Hope everyone had a happy Christmas, > > can any

Re: [leaf-user] IPSEC

Am Freitag, 26. Dezember 2003 12:28 schrieb Robert & Sabine von Knobloch: > Hope everyone had a happy Christmas, > > can anyone point me to documentation about the Bering uClib2.0 IPSEC > package ? > The links at Freeswan don't seem very relevant to the config in Bering. I'm > trying to set the RSA

[leaf-user] ipsec problem

Dear list, sorry for long post. I am having an issue with IPsec. I have a WinXP machine that can build a successful SA just outside "office" firewall (Bering 1.2) in road-warrior mode, but not from behind another bering 1.2 "home" firewall. Nat traversal patch is on WinXP. home-subnet -

[leaf-user] IPSec qeustion

Hello list, Quick question, for Bering-uClibc. To use a box as an IPSec server, is it still FreeS/WAN that gets used? And is all the same documentation that was used for original Bering still valid? Thanks, James. The information in this email is confidential and may be legally privileged. It

Re: [leaf-user] ipsec

Hi Andrew, Documentation about openvpn is in the following location: http://leaf.sourceforge.net/doc/bk05ch07.html Ipsec (openswan) documentation: http://leaf.sourceforge.net/doc/bk05ch08.html Additional information on the shorewall site (www.shorewall.net) Regards, Eric >I was wondering if the

[leaf-user] ipsec setup

Hi guys, This has been fun dragging my old leaf boxes up to the new builds. I was running openvpn, and figured I'd upgrade to openswan (ipsec) for my vpns. The guide on the site "Configuring openswan(ipsec)" talks about openswan.lrp (but can't find it) so I'm guessing it's now ipsec.lrp. The guid

Re: [Leaf-user] IPSEC problems

> I also get a paste not found error when I do a ipsec look following the first chunk of tunnel data. This is normal...it's an oversight when I migrated the scripts to LRP's limited environment. I don't have time right now, but I'll try to look over your barf output tomorrow...I'll let you know

[Leaf-user] IPSec automatic setup.

Hi- I currently have a working system. But I keep on stubbling on a small issue with my file rc.firewall this files contains all the ipchains rules. When I boot my system and it runs, I can see that the new rules have been applied from the browser(I am using routerst from Ed). However I still d

Re: [Leaf-user] ipsec errors

> can someone point out the obvious mistake that I have made.. How about starting with: > Mar 8 13:25:08 firewall ipsec__plutorun: ipsec_auto: fatal error in > "office": (/etc/ipsec.conf, line 25) duplicated parameter "auto" > Mar 8 13:25:08 firewall ipsec__plutorun: ipsec_auto: fatal error in "

RE: [Leaf-user] ipsec errors

any erros, and am wondering if there is something I am missing... any thoughts... joey -Original Message- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED]] Sent: Friday, March 08, 2002 12:47 PM To: [EMAIL PROTECTED]; LRP Support Subject: Re: [Leaf-user] ipsec errors > can som

Re: [Leaf-user] ipsec errors

> Ok, I've modified the config and am no longer getting any errors, however I > cannot get to the other machine. I've tried to ping, and also tried to do a > > traceroute -i eth0 -f 20 192.168.1.1 > > and have gotten only the * * * as output from the traceroute. At anyrate.. > I'm not seeing any

RE: [Leaf-user] ipsec errors

a little assistance... Joey -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Charles Steinkuehler Sent: Friday, March 08, 2002 4:57 PM To: [EMAIL PROTECTED]; LRP Support Subject: Re: [Leaf-user] ipsec errors > Ok, I've modified the config and am

Re: [Leaf-user] ipsec errors

> Where do I check to see if protocol 50 packets are being allowed through? > I'll be working more on it this weekend.. I'd really like to get this > working so I'll try just about anything.. even possibly step/by/step support > via phone (I'd beg someone to call my 800 number for a little assista

Re: [Leaf-user] ipsec errors

All, If I remember correctly, and please correct me if I am wrong, the documentation with the ipsec lrp with the Dachstein CD says that using the leftfirewall=yes or rightfirewall=yes will automatically append the scripts to allow protocol 50 through. If I remember from the first post, the "offi

Re: [Leaf-user] ipsec errors

further. Thats about where I am .. and am stuck... joey - Original Message - From: "Charles Steinkuehler" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "LRP Support" <[EMAIL PROTECTED]> Sent: Friday, March 08, 2002 5:46 PM Subject: Re: [Leaf-user] ipse

Re: [Leaf-user] ipsec errors

en ready to go.. u almost there... good luck Upnet Joe. - Original Message - from: "joey officer" <[EMAIL PROTECTED]> To: "Charles Steinkuehler" <[EMAIL PROTECTED]>; "LRP Support" <[EMAIL PROTECTED]> Sent: Saturday, March 09, 2002 11:21 AM Sub

Re: [Leaf-user] ipsec errors

AIL PROTECTED]> To: <[EMAIL PROTECTED]>; "LRP Support" <[EMAIL PROTECTED]> Sent: Friday, March 08, 2002 5:46 PM Subject: Re: [Leaf-user] ipsec errors > > Where do I check to see if protocol 50 packets are being allowed through? > > I'll be workin

Re: [Leaf-user] ipsec errors

On Saturday 09 March 2002 10:21, joey officer wrote: > i did not find that specific line in the net ipfilter list command, > however I did change the setting in the networ.conf file. however I > still did not find that line in the above command. I got to thinking > about the specific problem i'm

Re: [Leaf-user] ipsec errors

t;[EMAIL PROTECTED]> Sent: Saturday, March 09, 2002 6:21 PM Subject: Re: [Leaf-user] ipsec errors > On Saturday 09 March 2002 10:21, joey officer wrote: > > i did not find that specific line in the net ipfilter list command, > > however I did change the setting in the networ.conf

[Leaf-user] ipsec and nat

I understand that ipsec cannot run behind nat. But could someone explain why this is necessarily so? Nat does not alter the dest address therefore the packet would end up in the right place. Then after deencapsulation, ipsec could see that the inner packet was valid. For that matter, I cannot s

Re: [leaf-user] Ipsec module

Le Mardi 16 Juillet 2002 22:01, Godfried Duodu a écrit : > What is the url for the ipsec.o module? Original (i.e. 1.97 version) for Bering 3: http://leaf.sourceforge.net/devel/jnilo/bering/rc3/modules/net/ipsec/ New beta (1.98b version) for Bering 3: http://leaf.sourceforge.net/devel/jnilo/beri

Re: [leaf-user] Ipsec module

On Tuesday 16 July 2002 15:01, Godfried Duodu wrote: > What is the url for the ipsec.o module? > Thanks What LEAF release and how would you like to setup ipsec? Are you looking to use LEAF as an ipsec gateway or just pass-through the firewall with a computer to use a remote network? ~Lynn Avant

[leaf-user] Ipsec or Ipsec509 ???

Hi folks, I'm using Dachstein 1.0.2. How do I know which Ipsec.lrp (or Ipsec509.lrp) to use to set up my VPN? I will likely be using the Ipsec capabilities built into my Windows clients and not Sentinel. I found what looks to be a good tutorial at http://www.natecarlson.com/include/showpage.php?ca

[leaf-user] IPSec-SSH conflict?

Hi folks, I want to set up SSH on my currently working great Bering CD, so I added the libz, sshd, and sshkey .lrp packages to my existing CD, and apparently declared them O.K., because they seem to load upon start-up. But...I get this error message that is new- ipsec_setup...unable to create /va

[leaf-user] IPSec-SSH conflict?

Hi folks, This is strange. For some reason the dhcpd service isn't starting on my new CD with the ssh stuff. When I type ps ax, I don't see the "/usr/bin/dhcpd eth1" that I normally see. Any suggestions? Thank you. Craig --- This sf.net emai

[leaf-user] IPSec-SSH conflict?

Hi Erich, Here's the results of df- Filesystem 1k-blocks UsedAvailable Use%Mounted On /dev/root 614461440 100%/ Tmpfs 15292 4 15288 0% /tmp Tmpfs 2048

[leaf-user] IPSec-SSH conflict?

Hey thanks guys, I have 32 Mb in this box, should I just make the "syst_size" twice as big, for example, by adding the entry syst_size=12M after the log_size=4M ? Will that work do you think? Thank you. Craig --- This sf.net email is sponsor

[leaf-user] IPSec-SSH conflict?

Hi Cass, Hey, that's a pretty cool idea. Since I'm creating my cd's on CD-RW's and I'm not burning (no pun intended) through oodles of CD's, should I just experiment and "incrementally" increase the syst_size= comment by, say, 1Mb at a time until it works? Is there anything wrong with doing it tha

Re: [leaf-user] IPSec tunnel

On Monday 28 October 2002 13:11, Mathieu Gauthier-Pilote wrote: > The exact problem with this one Win2k box is that the firewall drops > packets arriving on UDP port 500. Do I need to setup the tunnel > differently with Shorewall? I guess I could just apply global rules > to let all IPSec traffic

Re: [leaf-user] IPSec tunnels

Homer Parker wrote: Firewall A 3: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:30:1b:09:d3:ee brd ff:ff:ff:ff:ff:ff inet 64.216.xxx.xxx/xx brd 64.216.105.127 scope global eth0 4: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:40:f4:5e:e1:57 brd ff:ff:ff:ff:ff:ff

Re: [leaf-user] IPSec tunnels

On Fri, 15 Nov 2002 11:00:55 -0600 Charles Steinkuehler <[EMAIL PROTECTED]> wrote > Um...there should be no race condition in the assignment of ipsecN > interface numbering. This is done by the ipsec software. Normally, Ok, maybe I don't understand the tunneling as well as I thoug

Re: [leaf-user] ipsec Bering

On Friday 15 November 2002 16:55, Stef wrote: > Hi all, > > I have a problem with the last distro Bering-rc4 and ipsec.lrp > package. > > I try to conect with a road-warrior and every seems ok (SA > established) except that the /var/log/auth.log mention a problem with > the impossibility to write t

Re:Re:[leaf-user] ipsec Bering

As you ask me, i put below the output of ipsec barf and the output of auth.log : The ipsec barf command was launch after i try to initiate the tunnel from my road-warrior (using a RAS connection to an ISP). The problem seems to come from the 3 lines from auth.log : Nov 16 13:39:21 firewall pluto[2

[leaf-user] IPsec troubleshooting pointers

Hi, I'm trying to create a host subnet connection from an XP box to a subnet behind a Bering V1 rc4 NAT firewall. When the XP client pings an interface on the firewalled subnet, it returns one "Negotiating IP security" response followed by "Request timed out" for its other ping packets. Judgin

Re:[leaf-user] ipsec Bering

OK, now that we have a lot of information, let's go through what's here. > # defaults for subsequent connection descriptions > conn %default > # How persistent to be in (re)keying negotiations (0 means very). > keyingtries=0 > # RSA authentication with keys from DNS. > # a

Re: [leaf-user] ipsec Bering

Just have to say many thanks Lynn for your explanation and your patience I'm going to try to connect with another ISP, giving away the "firewall=yes" and trace packets with tcpdump. Ill' inform the list with my investigation. Thanks a lot Stephane guitarlynn wrote: OK, now that we have a lot

[leaf-user] ipsec in bering

I'm trying to generate keys using ipsec on Bering. It seems to take for ever. Do not know if I've not given all arguments and hence program is waiting or it is just taking time. Any help please. Chad's chapter talks of using another machine for generating the certificates etc. Are these utilities

Re: [leaf-user] ipsec connectivity

S Mohan wrote: I'm trying to setup a VPN connection between a Win2K box and LEAF using a preshared key setup. I went as per the steps given inthe Microsoft site tosetup IPSec negotiations from IP to IP. The URL is http://http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.

[leaf-user] ipsec vs ipsec509

Hy I´m setting up a VPN conection with ipsec.lrp. I also seen a ipsec509.lrp module. In few words, what is the main difference between ipsec.lrp and ipsec509.lrp? Regards Heriberto Ahora podés usar Yahoo! Messenger desde tu celular. Aprendé cómo hacerlo en Yahoo! Móvil: http://ar.mobile.ya

Re: [leaf-user] IPsec routing

Erich Titl wrote: Hi I am planning ro route a remote location on a wireless link through a ipsec tunnel to the internet. The set up specifies a 0.0.0.0/0 subnet behind the tunnel, but this is what I get in the route after issuing ipsec start. This is on Bering 1_0.stable 2.4.18 before ipsec s

Re: [leaf-user] IPsec routing

Charles Charles Steinkuehler wrote the following at 22:56 11.02.2003: The routes might puzzle you, but they are correct. Bingo, thanks, sometimes it helps if someone explains netmasks... :-( Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954

[leaf-user] ipsec and Shorewall

Hi all, i have setup a Bering-uClibc 1.1 version with ipsec.lrp and shorewall. I have some tunnels running with out a problem. No i like to setup some Road Warrior users. I follow the settings under . In /etc/shorewall/zones i put: ZONEDISPLAY COMMENTS m

[leaf-user] IPSec Bering 1.2

I checked the packages for Bering 1.2. Only one IPSec package called ipsec.lrp exists while in 1.0, we had ipsec.lrp and ipsec509.lrp. Does the ipsec.lrp for bering 1.2 support X509 certificates? Mohan --- This SF.net email is sponsored by: VM

[leaf-user] IPSEC help needed....

I am using Dachstein 1.02 and need IPSEC enabled to get the work VPN software to work correctly. I do not see a module IPSEC that is loaded, should I have one to make this work correctly? Here are the modules loaded: Linux version 2.2.19-3-LEAF ([EMAIL PROTECTED]) (gcc version 2.7.2.3) #1 Sat D

[leaf-user] IPSEC subnet routing

Hello all, This may seem a silly question but I have not been able to find any info in any how-to or docs and I am hoping someone here can help me out. The question is : How do I setup the IPSEC config so that I route only specific subnets over the IPSEC tunnel. Currently, I have set it up by sim

[leaf-user] IPSEC pluto errors

Hi All, I'm also back on the subnet-to-subnet ipsec setup. Even with all the info on the list and archives, I'm at a loss. Both ends of connection are bering-uclibc v2.2.1 boxes w/ipsec. According to the bering userguide chapter 15, you don't need certificates if your using pre-shared keys. But

Re: [leaf-user] ipsec problem

Tibbs, Richard wrote: Dear list, sorry for long post. I am having an issue with IPsec. I have a WinXP machine that can build a successful SA just outside "office" firewall (Bering 1.2) in road-warrior mode, but not from behind another bering 1.2 "home" firewall. Nat traversal patch is on WinXP.

RE: [leaf-user] ipsec problem

PM To: Tibbs, Richard Cc: leaf-user@lists.sourceforge.net Subject: Re: [leaf-user] ipsec problem Tibbs, Richard wrote: > Dear list, sorry for long post. > > I am having an issue with IPsec. > I have a WinXP machine that can build a successful SA just outside > "office"

Re: [leaf-user] ipsec problem

Tibbs, Richard wrote: Charles, On the nat-traversal issue in bering fws -- I thought that parameter was if there was a router downstream that would subsequently nat the connection. I had an exchange with Microsoft about the need for a patch on the XP (or any machine) going through a nat box like

Re: [leaf-user] IPSec qeustion

On Wed, 2005-10-19 at 15:35 +0100, James Neave wrote: > Hello list, Hi James, > > Quick question, for Bering-uClibc. > To use a box as an IPSec server, is it still FreeS/WAN that gets used? No, openswan is used (1.0.X Version) which is mostly compatible to FreeS/Wan. > And is all the same docu

[leaf-user] ipsec/openswan 2.4.2

Hi all, i just finished packaging openswan 2.4.2 for bering-uclibc and did some initial testing, i am just wondering if someone else is using openswan/ipsec and is willing to test it, too. --arne -- Arne Bernin <[EMAIL PROTECTED]> http://www.ucBering.de ---

Re: [leaf-user] ipsec setup

Hi Adam at 19.07.2007 00:57, Adam Niedzwiedzki wrote: > Hi guys, > > > insmod /lib/modules/ipsec.o has no issues (no errors) but I can't > find af_key.o anywhere in the modules download. > > Any help appreciated Paul Wouters left the OpenSwan Project and it appears to be a dead duck now. AFA

Re: [leaf-user] ipsec setup

Am Montag, 10. November 2014, 22:56:28 schrieb Erich Titl: > Hi Adam > > at 19.07.2007 00:57, Adam Niedzwiedzki wrote: > > Hi guys, > > > > > insmod /lib/modules/ipsec.o has no issues (no errors) but I can't > > find af_key.o anywhere in the modules download. > > > > Any help appreciated >

[Leaf-user] IPSEC, VPN et al

Hi all, I have two LRP (Eigerstein), one at work, one at the office. I would like to be able to connect my home W98 to my office network. So far I'm using ssh at both LRP so I can admin them remotely. So far so good!! Home ---

[Leaf-user] IPSec 1.5 on EigerStein

When attempting to bring up an automatic rsasig connection, Pluto seems to die. The following series of messages appears in /tmp/core: pfkey_lib_debug:pfkey_x_satype_build: pfkey_lib_debug:pfkey_x_satype_build:why is pfkey_x_satype already pointing to something?pfkey_lib_debug:pfkey_x_satype_b

[Leaf-user] IPSec on D-CD

I saw reference to the requirement to load two additional packages if I want to use IPSec on D-CD: mawk and (I can't remember but it wasn't bash). Are these two necessary? If so, is there a "dependencies" file that I would have seen that in? What is the second package??? Keith Laidlaw Manager

[Leaf-user] IPSEC 1.91 and EigerStein

I have not upgraded to Dachstein yet, but will soon. I am still running EigerStein and I am attempting to upgrade to the newest IPSEC 1.91 that Charles just released. I have installed the required LRP files, ifconfig, mawk, and IPSEC. Upon booting and before the logon prompt, I get the followin

[Leaf-user] IPSEC performance (asymetrically) slow

I am using EigerStein LRP boxes as endpoints to my VPN. They have been up and running solidly for over a year, but I get poor performance asymetrically. I used the samedisk as a template for each, so all are the same version (kernel, modules, binaries, etc.). They are each connected to SHAW@HOME c

[Leaf-user] IPsec error in logs

Anyone know how to get rid of this error in the logs? Running IPSec 1.91 from Charles site on Dachstien CD 1.02. router kernel: ip_demasq_esp(): Inbound from 65.xx.xx.xx SPI EBC4FE83 has no masq table entry Thanks ___ Leaf-user mailing list [EMAIL

Re: [Leaf-user] IPSec automatic setup.

malik menzong wrote: > > Hi- > I currently have a working system. But I keep on stubbling on a small issue > with my file rc.firewall > this files contains all the ipchains rules. When I boot my system and it > runs, I can see that the new rules have been applied from the browser(I am > using rou

[Leaf-user] IPSEC + Ethernet2Ethernet NAT gateway.

Hello All! Is there any ready to use floppy images that includes LAN2LAN NAT Gateway and IPSEC (Client2LAN)? Thanks in advance, Dmitri. ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user

Re: [Leaf-user] ipsec and nat

ipsec traffic I believe, but I have not experience doing this. Hopefully some else knows more. (they can't know less :-) Jason Massey [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 04/18/2002 09:10 AM To: [EMAIL PROTECTED] cc: Subject:[Leaf-user]

Re: [Leaf-user] ipsec and nat

> I understand that ipsec cannot run behind nat. > > But could someone explain why this is necessarily so? > Nat does not alter the dest address therefore the packet would > end up in the right place. > Then after deencapsulation, ipsec could see that the inner > packet was valid. > For that matte

[leaf-user] IPSEC Howto for LRP

A while ago I saw a HOWTO on implementing IPSEC on LRP with 4 different scenario's, may have been on Jacques' web site on sourceforge. Now I cannot find it for the life of me, there is plenty of other documentation around but it was the easiest read. I have IPSEC up and going sort of, but I want

[leaf-user] IPSEC Howto for LRP

Hi Matt, It's not the source you requested, but I've found what I think is a pretty well described and simple to follow explanation of IPSEC using the FreeS/WAN project in a book called Red Hat Linux Security and Optimization by Mohammed J. Kabir. He describes setting up the road warrior scenario,

Re: [leaf-user] Ipsec or Ipsec509 ???

> I'm using Dachstein 1.0.2. How do I know which Ipsec.lrp (or > Ipsec509.lrp) to use to set up my VPN? I will likely be using the Ipsec > capabilities built into my Windows clients and not Sentinel. I found > what looks to be a good tutorial at > http://www.natecarlson.com/include/showpage.php?ca

Re: [leaf-user] IPSec-SSH conflict?

Craig, On Mon, 26 Aug 2002 07:51:57 MST Craig wrote: > Hi folks, > I want to set up SSH on my currently working great Bering CD, so I added > the libz, sshd, and sshkey .lrp packages to my existing CD, and > apparently declared them O.K., because they seem to load upon start-up. > But...I get t

Re: [leaf-user] IPSec-SSH conflict?

Hi Craig, --- Craig <[EMAIL PROTECTED]> wrote: > Hi folks, > This is strange. For some reason the dhcpd service isn't starting on my > new CD with the ssh stuff. When I type ps ax, I don't see the > "/usr/bin/dhcpd eth1" that I normally see. Any suggestions? Thank you. I'm gonna guess that when

Re: [leaf-user] IPSec-SSH conflict?

At 17:22 26.08.2002, you wrote: >Hi Erich, >Here's the results of df- > >Filesystem 1k-blocks UsedAvailable >Use%Mounted On >/dev/root 614461440 now what about this available 0 too many packages or too small root parti

Re: [leaf-user] IPSec-SSH conflict?

Hi Craig, --- Craig <[EMAIL PROTECTED]> wrote: > Hey thanks guys, > I have 32 Mb in this box, should I just make the "syst_size" twice as > big, for example, by adding the entry syst_size=12M after the > log_size=4M ? Will that work do you think? Thank you. I'd suggest allocating the minimum amo

Re: [leaf-user] IPSec-SSH conflict?

Hi Craig, --- Craig <[EMAIL PROTECTED]> wrote: > Hi Cass, > Hey, that's a pretty cool idea. Since I'm creating my cd's on CD-RW's > and I'm not burning (no pun intended) through oodles of CD's, should I > just experiment and "incrementally" increase the syst_size= comment by, > say, 1Mb at a time

RE: [leaf-user] IPSec-SSH conflict?

Curious to know if this is reported in the FAQ. Have not checked myself. Mohan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brad Fritz Sent: 26 August 2002 21:00 To: Craig Cc: LEAF Subject: Re: [leaf-user] IPSec-SSH conflict? Craig, On Mon, 26 Aug 200

[leaf-user] IPSec shared secret problem

I have a Bering RC3 firewall with an IPSec tunnel to a SonicWall that works fine... Until the Bering box gets a new IP... Here's what I have in ipsec.secrets: 64.216.xxx.xxx 208.189.yyy.yyy @0040100F1311 : PSK "PreSharedKey" Of course, the first IP is Bering, the second SonicWall

[leaf-user] ipsec connect to this?

Received following set of requirements for one of our DCD's to connect to a remote non-DCD site: ISAKMP Policy: Encryption: 3DES Hash: MD5 Authentication: pre shared keys Diffie Helman group 1 or 2 Use the following key: IPSec

Re: [leaf-user] IPsec troubleshooting pointers

On Saturday 16 November 2002 15:49, Lee Kimber wrote: > Hi, > > I'm trying to create a host subnet connection from an XP box to a > subnet behind a Bering V1 rc4 NAT firewall. > > When the XP client pings an interface on the firewalled subnet, it > returns one "Negotiating IP security" response fol

  1   2   3   >