thr3ads.net - LARTC - IPSec with 2.6.9 and Windows clients [Oct 2004]

If this information is useful, please help other people find it:
Share via:

Lopsch

2004-Oct-26 01:54 UTC

IPSec with 2.6.9 and Windows clients

Hi,

is there a good howto for a Linux VPN-Gateway using racoon and IPSec 
provided with the actual kernel 2.6.9? Also one for how to set up a 
connection to the gateway using Windows XP and the client shipped with it?

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

James Lista

2004-Oct-26 03:43 UTC

head link

mark

folks,

when marking a packet to band control , what is the diffent between:

iptables -t mangle -A PREROUTING -m p2p --p2p all -j CONNMARK --set-mark
$P2P_MARK
iptables -t mangle -A PREROUTING -m connmark --mark $P2P_MARK -j
CONNMARK --restore-mark

and

iptables -t mangle -A PREROUTING -m p2p --p2p all -j MARK --set-mark
$P2P_MARK

??????

tried to "patch-o-matic" with connmark and didnot work out (kernel
2.6.9)...
.. it works ok with 2.4.x

thanks any help


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Tomasz Chilinski

2004-Oct-26 07:19 UTC

head link

Re: mark

On Tue, 26 Oct 2004 01:43:43 -0200, James Lista wrote> folks,
Hello James.
> when marking a packet to band control , what is the diffent between:
> 
> iptables -t mangle -A PREROUTING -m p2p --p2p all -j CONNMARK --set-mark
> $P2P_MARK
> iptables -t mangle -A PREROUTING -m connmark --mark $P2P_MARK -j
> CONNMARK --restore-mark
> 
> and
> 
> iptables -t mangle -A PREROUTING -m p2p --p2p all -j MARK --set-mark
> $P2P_MARK
Each p2p connection is composed of many ip packets. p2p match is sensible for
some specific data fields in some these packets. So if you mark only these
packets all other packets (with p2p application data) wont be marked and you
wont limit transfer. Second line in first example marks CONNECTIONs (not
packets) belonged to p2p connection (detected by p2p match). Using second
method has not effect as you would wish.
> ??????
> 
> tried to "patch-o-matic" with connmark and didnot work out
(kernel
> 2.6.9)... .. it works ok with 2.4.x
It works for me with 2.4.x too. I didnt tried with 2.6.x.

--
Kind regards,
Tomasz Chilinski

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Maybe Matching Threads

Search for more seemingly similar threads

LARTC - Oct 2004 - IPSec with 2.6.9 and Windows clients

IPSec with 2.6.9 and Windows clients

mark

Re: mark

Maybe Matching Threads