I have 30 odd permanent vpns running pure ipsec over KLIPS, the openswan option
erroneously called 2.4 kernel in the shorewall documentation. It still works
way better than NETKEY. Switching over to KLIPS from NETKEY after using it for
years solved innumerable problems with workstations not stay
On 7/10/2014 8:41 AM, ray klassen wrote:
> I have 30 odd permanent vpns running pure ipsec over KLIPS, the openswan
> option erroneously called 2.4 kernel in the shorewall documentation. It
> still works way better than NETKEY. Switching over to KLIPS from NETKEY
> after using it for years solved i
yeah. I set ROUTE_FILTER=No and now the packets are getting through. But if
possible I'd like to just routefilter the one's coming from ipsec0.
Unfortunately I can't set that on a wildcard interface. Can I just prep up
ipsec0 as an optional interface with routefilter=0 and will routefiltering be
On 7/11/2014 8:58 AM, ray klassen wrote:
> yeah. I set ROUTE_FILTER=No and now the packets are getting through. But
> if possible I'd like to just routefilter the one's coming from ipsec0.
> Unfortunately I can't set that on a wildcard interface. Can I just prep
> up ipsec0 as an optional interface
what's the incantation in masq if you want to masquerade all possible ppp
interfaces? can you specify ppp+? As I understand it. every new connection will
create a new ppp0, ppp1, etc...
On Saturday, 12 July 2014, 7:40, Tom Eastep wrote:
On 7/11/2014 8:58 AM, ray klassen wrote:
> yeah. I
On 7/14/2014 3:45 PM, ray klassen wrote:
> what's the incantation in masq if you want to masquerade all possible
> ppp interfaces? can you specify ppp+? As I understand it. every new
> connection will create a new ppp0, ppp1, etc...
Yes -- you can specify ppp+
-Tom
--
Tom Eastep\ When I
So back to thjs question. I figured I should wait with pursuing this until was
more up to date. I am now current with the latest kernel and shorewall in
debian (issues with openswan were hindering) and I tried ppp+ in my masq file
and shorewall check gave me something like "invalid ipset ppp+ "
On Thu, Aug 14, 2014 at 06:49:00PM +0100, ray klassen wrote:
>So back to thjs question. I figured I should wait with pursuing this until
>was more up to date. I am now current with the latest kernel and shorewall
>in debian (issues with openswan were hindering) and I tried ppp+ in my
>
debian wheezy
Kernel 3.2.0-4-amd64
shorewall 4.5.5.3
On Thursday, 14 August 2014, 11:04, Roberto C. Sánchez
wrote:
On Thu, Aug 14, 2014 at 06:49:00PM +0100, ray klassen wrote:
> So back to thjs question. I figured I should wait with pursuing this until
> was more up to date. I am
On Thu, Aug 14, 2014 at 07:47:00PM +0100, ray klassen wrote:
>debian wheezy
>Kernel 3.2.0-4-amd64
>shorewall 4.5.5.3
>
That is a very old version of Shorewall. I don't use ipsets so I
haven't been particularly paying attention to the changes that Tom has
made in regard to ipsets, but
If I can, I stay current with the distro, unless there is a compelling reason
to switch.
On Thursday, 14 August 2014, 12:01, Roberto C. Sánchez
wrote:
On Thu, Aug 14, 2014 at 07:47:00PM +0100, ray klassen wrote:
> debian wheezy
> Kernel 3.2.0-4-amd64
> shorewall 4.5.5.3
>
That
On Thu, Aug 14, 2014 at 09:17:11PM +0100, ray klassen wrote:
>If I can, I stay current with the distro, unless there is a compelling
>reason to switch.
>
I understand.
If it helps you decide, the packages available on my site are virtually
identical to the packages I upload into Debian.
Aha, so you're the maintainer of those packages are you... Didn't see that. So
at least you could reliably tell me if running the latest shorewall won't
trigger any other issues with any other wheezy package? generally I avoid sid
on production machines. (that said, to solve a specific problem I
On Thu, Aug 14, 2014 at 10:29:26PM +0100, ray klassen wrote:
>Aha, so you're the maintainer of those packages are you... Didn't see
>that. So at least you could reliably tell me if running the latest
>shorewall won't trigger any other issues with any other wheezy package?
>generally
14 matches
Mail list logo
