On Wed, 13 Dec 2017 12:44:55 -0500
Bill Shirley wrote:
> I don't see that SSH tunneling or running IPSEC in a VM as a security
> gain. It would be very complex with multiple points of failure. If
> you don't trust the traffic from the other endpoint, filter it with
> Shorewall after it's decryp
> As one of the Libreswan authors I'd note it's "Libreswan" - no capital
> letters in the middle of the name, please.
>
> When suggesting manual keying, please note it is horribly insecure and should
> not be used:
>
> https://tools.ietf.org/html/rfc8221#section-3
>
> Tuomo Soini t...@foobar.fi
T
I currently have a workflow set up here where any time I have an IP
address that I want blocked/blacklisted I add it to an ipset which is
referenced in the blrules file.
After adding a new entry to an ipset I run:
# /etc/shorewall-lite/state/firewall run save_ipsets
/etc/shorewall-lite/state/ips
Shorewall 5.1.10.1 is now available for download.
Problems Corrected:
5.1.10.1
1) The Shorewall-core installer previously failed to update the shell
library files correctly when SHAREDIR was not set to /usr/share/.
That has been corrected.
2) Previously, the installer modified the sho
I am at a complete loss. I know this is not the Strongswan forum, but they are
unresponsive with all methods of communication -- and now I see why. My
personal opinion is that Strongswan is only rumored to work, but actually works
in the sense that a puppet does.
Sure Tom says he got it to wo
Hi
Am 28.12.2017 um 22:51 schrieb Colony.three via Shorewall-users:
> I am at a complete loss. I know this is not the Strongswan forum,
Yes it is not and Tom in his incredible helpfulness tried to get you
through shallows of networking.
Now it appears that you had problems understanding the bui
Am 28.12.2017 um 22:51 schrieb Colony.three via Shorewall-users:
>> I am at a complete loss. I know this is not the Strongswan forum,
>
> Yes it is not and Tom in his incredible helpfulness tried to get you
> through shallows of networking.
>
> Now it appears that you had problems understanding t
Like I mentioned before, I have OpenVPN working on my Android phone. It
has a passphrase associated with the certificate on the phone. Minimizes
the exposure if my phone gets lost/stolen.
Bill
On 12/28/2017 6:29 PM, Colony.three via Shorewall-users wrote:
Am 28.12.2017 um 22:51 schrieb Colony
On 12/28/2017 11:51 PM, Colony.three via Shorewall-users wrote:
> I am at a complete loss. I know this is not the Strongswan forum, but
> they are unresponsive with all methods of communication -- and now I see
> why. My personal opinion is that Strongswan is only /rumored/ to work,
> but actuall
