hi there, I just wanted to share a recent discovery I did on how to setup a secure VPN implementation for linux 2.4.x (I''m using 2.4.20 but it should be working, as far as documentation states, for > 2.4.18) without using FreeS/WAN. The tool (ipsec_tunnel: http://ringstrom.mine.nu/ipsec_tunnel/, by Tobias Ringström) is a kernel module based on ipip and ip_gre. It uses CyptoAPI to carry out actual encryption, as in the 2.5 implementation. Installation and setup are a matter of few seconds: get CrypotAPI (http://www.kernel.org/pub/linux/kernel/crypto/v2.4/cryptoapi-0.1.0.tar.gz), untar and compile as modules: tar xvfz cryptoapi-0.1.0.tar.gz cd cryptoapi-0.1.0 make modules KDIR=/path/to/running/kernel make modules_install modprobe cryptoapi modprobe cipher-3des modprobe digest-sha1 Get ipsec_tunnel (http://ringstrom.mine.nu/ipsec_tunnel/download/ipsec_tunnel-0.9.tar.gz) tar xvfz ipsec_tunnel-0.9.tar.gz cd ipsec_tunnel-0.9 ./configure (it will ask you the path to cryptoapi source and to you running kernel) make make install modprobe ipsec_tunnel create an encryption key and an autenthication key: mkdir /etc/ipsec chmod 500 /etc/ipsec ipsecadm key create 3des --file=/etc/ipsec/demo.ciph.key ipsecadm key create sha1 --file=/etc/ipsec/demo.auth.key copy them in the remote host (with scp) scp /etc/ipsec/* root@remote.host:/etc/ipsec/ Now the actual setup (clearly explained in the ipsec_tunnel documentation): A) Local host (change 172.16.0.1 with our public IP; 192.168.122.1 will be the address of the host in the VPN) ipsecadm sa add --spi=0x1000 --dst=172.16.0.1 --src=172.16.0.2 \ --cipher=3des-cbc --cipher-keyfile=/etc/ipsec/demo.ciph.key \ --digest=sha1 --digest-keyfile=/etc/ipsec/demo.auth.key --duplex ipsecadm tunnel add ipsec1 --local=172.16.0.1 --remote=172.16.0.2 ifconfig ipsec1 192.168.122.1 up route add -net 192.168.122.0/24 dev ipsec1 B) Remote host (change 172.16.0.2 with it''s public ip; 192.128.122.2 will be the addres in the VPN) psecadm sa add --spi=0x1000 --dst=172.16.0.2 --src=172.16.0.1 \ --cipher=3des-cbc --cipher-keyfile=/etc/ipsec/demo.ciph.key \ --digest=sha1 --digest-keyfile=/etc/ipsec/demo.auth.key --duplex ipsecadm tunnel add ipsec1 --local=172.16.0.2 --remote=172.16.0.1 ifconfig ipsec1 192.168.122.2 up route add -net 192.168.122.0/24 dev ipsec1 You have now your secure VPN up and running. I think it''s quite cool. What do you think? Shouldn''t this get into LARTC? I believe it definitely should! Best regards, Andrea Rossato _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Given a running router/firewall machine, there may be many ''routing connections'' going on at same time. I am stucked with a basic question unanswered, how do I know which are the applications using the heaviest routing traffic ? I could do a trial and error by using ''iptables'', say using a port range, but there are still too many possibilities. I thought ''netstat'' could solve my problem, apparently not. It seems netstat only shows the connection originating and terminating in the machine and not ''routing connections''. I am looking for a simple and light weight program which can meet this requirement. Any recommendation ? __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
iptraf could perhaps solve your problems, i donno the url to it but you should find it via google. -tomas On Fri, Mar 14, 2003 at 04:48:26AM -0800, Ming-Ching Tiew wrote:> > Given a running router/firewall machine, there may be > many ''routing connections'' going on at same time. > I am stucked with a basic question unanswered, how do > I know which are the applications using the heaviest > routing traffic ? > > I could do a trial and error by using ''iptables'', say > using a port range, but there are still too many > possibilities. > > I thought ''netstat'' could solve my problem, apparently > not. It seems netstat only shows the connection > originating and terminating in the machine and not > ''routing connections''. I am looking for a simple and > light weight program which can meet this requirement. > Any recommendation ? > > > > > __________________________________________________ > Do you Yahoo!? > Yahoo! Web Hosting - establish your business online > http://webhosting.yahoo.com > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi there Ming-Ching, : Given a running router/firewall machine, there may be many ''routing : connections'' going on at same time. I am stucked with a basic question : unanswered, how do I know which are the applications using the heaviest : routing traffic ? Try iptraf or ntop. http://iptraf.seul.org/ # -- quick/easy; visual; curses http://www.ntop.org/ntop.html # -- can keep historical data See also the following thread: http://mailman.ds9a.nl/pipermail/lartc/2003q1/007051.html : I could do a trial and error by using ''iptables'', say : using a port range, but there are still too many : possibilities. : I thought ''netstat'' could solve my problem, apparently : not. It seems netstat only shows the connection : originating and terminating in the machine and not : ''routing connections''. I am looking for a simple and : light weight program which can meet this requirement. : Any recommendation ? -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Thanks for the info. Haven''t checked ''ntop'' but iptraf does not mean my requirement because I am looking for a simple program ( low foot-print !!) which I could script it and display the result remotely. :-) Rgds. --- "Martin A. Brown" <mabrown-lartc@securepipe.com>> > Try iptraf or ntop. > > http://iptraf.seul.org/ # -- quick/easy; > visual; curses > http://www.ntop.org/ntop.html # -- can keep > historical data >__________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On March 14, 2003 15:57 pm, Ming-Ching Tiew wrote:> Thanks for the info. Haven''t checked ''ntop'' but iptraf > does not mean my requirement because I am looking > for a simple program ( low foot-print !!) which I > could > script it and display the result remotely. :-)You can use iptraf without the ncurses interface. The -B switch throws it in the background, the -t switch sets the interval to watch and you can choose which interface to monitor and in what way with other switches. Its default for logging is /var/log/iptraff/ I''ve never put it on a cron, but I often nohup it and log out. -- Regards, Paul Evans _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/