PM
Subject: Re: [Leaf-user] VPN error, please help
On Sun, 28 Apr 2002 09:41:41 -0400
Upali Weerasinghe [EMAIL PROTECTED] wrote:
Here is another one http://vpn.ebootis.de/
I downloaded some stuff from above, and right now its working with
Windows-XP no problem
if you guys need
with that
package 10 Minutes..
Upnet Joe
- Original Message -
From: Chad Carr [EMAIL PROTECTED]
To: Charles Steinkuehler [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Saturday, April 27, 2002 10:31 PM
Subject: Re: [Leaf-user] VPN error, please help
On Sat, 27 Apr 2002
PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Charles
Steinkuehler
Sent: Friday, April 26, 2002 8:07 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN error, please help
192.168.9 and .3 are my private, so adding the rule as you suggested
is
for them only, right
On Saturday 27 April 2002 02:11, MLU wrote:
Thank you very very much, Charles, I could ping the other private
machines and I am asking them to ping me and use a couple of services
on my private server for thorough test. I hope it will be fine.
The next step for me is to setup for the Road
1. Do you know of any free client for Windows which works with
Free/SWAN?
The newer windows systems have IPSec built-in, although configuring them to
talk to a non-microsoft IPSec implementation can be quite a challange. Most
of the reports I see on the FreeS/WAN mailing list seem to indicate
On Sat, 27 Apr 2002 14:12:14 -0500
Charles Steinkuehler [EMAIL PROTECTED] wrote:
1. Do you know of any free client for Windows which works with
Free/SWAN?
The newer windows systems have IPSec built-in, although configuring them
to talk to a non-microsoft IPSec implementation can be quite
192.168.9 and .3 are my private, so adding the rule as you suggested is for them only,
right.
For accessing 192.168.1 (the remote ipsec private), do I have to do the similar thing,
i.e.:
$IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b
192.168.9 and .3 are my private, so adding the rule as you suggested is
for them only, right.
For accessing 192.168.1 (the remote ipsec private), do I have to do the
similar thing, i.e.:
$IPCH -A forward -j ACCEPT -s 192.168.9.0/24 -d 192.168.1.0/24 -b
Oops! If the 192.168.9 and .3
From: MLU [EMAIL PROTECTED]
I strongly hope that's my mistake somewhere and not the ISP's. If the ISP
blocks the IPSEC, could I connect to my office's VPN server? I still can do
that before this experiment (removing ipsec module...).
The bad (and probably good -:)) news is that I do not see
PROTECTED]
Subject: Re: [Leaf-user] VPN error, please help
From: MLU [EMAIL PROTECTED]
I strongly hope that's my mistake somewhere and not the ISP's. If the
ISP
blocks the IPSEC, could I connect to my office's VPN server? I still can
do
that before this experiment (removing ipsec module...).
The bad
Below are my routes on both left and right sides. Charles, if you can
confirm them correct, I think there must be some rule on my left-side
denying packets destined for 192.168.1 even reach left-side eth0.
I accidentally found this in one old log:
Apr 23 19:14:06 router kernel: Packet log:
Hi Charles MLu
Look at your local routing setup (ip route or netstat -nr). Make sure there
is a route directing packets destined for the far end of the VPN to the
ipsec device.
Ok, so what you are saying is that on the ipsec router, I should
associate the external private subnet with
Look at your local routing setup (ip route or netstat -nr). Make sure
there
is a route directing packets destined for the far end of the VPN to the
ipsec device.
Ok, so what you are saying is that on the ipsec router, I should
associate the external private subnet with device ipsec0, ie
Hi Charles,
Thanks, leftfirewall=yes lets me ping a machine on the other subnet
now. I think I added a few too many extra ipchains rules, but now that
it is working I can back off on them.
- Jon
Charles Steinkuehler wrote:
Look at your local routing setup (ip route or
: Thursday, April 25, 2002 8:47 AM
To: MLU
Cc: [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN error, please help
The error is probably due to trying to ping without IPSec running, but
with
some ipchains rules left over (like the forward rule that allows traffic
between your two private networks
After making the RSA right, I restarted the ipsec service on both
side and then I try to ping a machine on 192.168.1.x from 192.168.9.x
subnet but the ping times out and there is nothing in auth.log or syslog
suggesting a reason.
Could you please suggest what I should look at now? I am
Hi Charles and Lynn.
Thank you for your suggestions. Things are not changed much after
I did the following as you advised:
- As per Lynn's remark, I now use only one /etc/ipsec.conf on
both sides. The FreeSWAN doc said that you may need to change
the line interfaces=, but they are
Thank you for your suggestions. Things are not changed much after
I did the following as you advised:
- As per Lynn's remark, I now use only one /etc/ipsec.conf on
both sides. The FreeSWAN doc said that you may need to change
the line interfaces=, but they are identical in this case
I strongly hope that's my mistake somewhere and not the ISP's. If the ISP blocks the
IPSEC, could I connect to my office's VPN server? I still can do that before this
experiment (removing ipsec module...).
The bad (and probably good -:)) news is that I do not see anything logged into
I strongly hope that's my mistake somewhere and not the ISP's. If the ISP
blocks the IPSEC, could I connect to my office's VPN server? I still can do
that before this experiment (removing ipsec module...).
The bad (and probably good -:)) news is that I do not see anything logged
into
Hi Charles MLu,
I'm having similar problems, and have found this thread helpful. I've
been wondering, do we have to declare the routing on the gateways, or
shouldn't ipsec handle this? Also, what if the ipsec router is not the
default gateway for a machine that you are trying to ping from
I should probably amend that last statement - my current test setup is:
192.168.2.X - ipsec gateway {default} - 2Wire firewall - SSH Sentinel
And I am experiencing the same problems that MLu mentioned. If I try to
add a route on the subnet machines (ok, sigh windows), I get error 87.
Do I
: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN error, please help
Hi Charles MLu,
I'm having similar problems, and have found this thread helpful. I've
been wondering, do we have to declare the routing on the gateways, or
shouldn't ipsec handle this? Also, what if the ipsec
Thank you very Charles, I will modify the RSA key in the config when I
get home.
In the network.conf I have
EXTERN_PROTO0=50 0/0
EXTERN_PROTO1=51 0/0
and
EXTERN_UDP_PORTS=0/0_500
on both sides
so I think I do not have to set firewall=yes, right?
You are correct. With the above
Thank you Charles.
After making the RSA right, I restarted the ipsec service on both
side and then I try to ping a machine on 192.168.1.x from 192.168.9.x subnet but the
ping times out and there is nothing in auth.log or syslog suggesting a reason.
Could you please suggest what I should look
On Tuesday 23 April 2002 14:57, MLU wrote:
Thank you Charles.
After making the RSA right, I restarted the ipsec service on both
side and then I try to ping a machine on 192.168.1.x from 192.168.9.x
subnet but the ping times out and there is nothing in auth.log or
syslog suggesting a
Hello, I tried to connect 2 networks, both running DCD and IPSEC 1.91. One
network is 192.168.3.x and the other is 192.168.9.x. After some efforts, I
made both IPSEC start up without error.
Now pinging from 192.168.9 to 192.168.3 does not work. When I have a look at
/var/log/auth.log, I see all
Hello, I tried to connect 2 networks, both running DCD and IPSEC 1.91. One
network is 192.168.3.x and the other is 192.168.9.x. After some efforts, I
made both IPSEC start up without error.
Now pinging from 192.168.9 to 192.168.3 does not work. When I have a look
at
/var/log/auth.log, I see
: Charles Steinkuehler [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 22, 2002 2:35 PM
To: M Lu; [EMAIL PROTECTED]
Subject: Re: [Leaf-user] VPN error, please help
then I copy the part after line Modulus: 0x5652...
and put it in line leftrsasigkey (similar for rightsasigkey with the
other
key
29 matches
Mail list logo