search for: ipsec

Hi, I have tried to enable IPSec support for my FreeBSD( 4.11-RELEASE) system. First, I copied the generic kernel configuration file to a file I called MYKERNEL: #cp /usr/src/sys/i386/conf/GENERIC /usr/src/sys/i386/conf/MYKERNEL Then, I added the following three lines to the options section of /usr/src/sys/i386/conf/MYKERNEL...

Hello all -- I am trying to get Shorewall, ipsec and RedHat ES version 3 to cooperate. Before posting any specific problems, I thought I''d find out if I have the right stuff to work with. (I''ve gotten ipsec to work flawlessly with Shorewall using RH 8 and 9 kernels, so I have some experience with it. Shorewall 2.0.12 works...

Hi, Does anyone have experience using IPSEC on CentOS in order to connect to vendor IPSEC-based VPN products (specifically Checkpoint FW1) ? Is the included IPSEC implementation sufficient, or do people have to rely on OpenSWAN or FreeSWAN ? I'd be testing tomorrow and I'm interested with experiences others have had and things to...

...orking. My problem: I want to setup a tunnel for the following networks (tunnel esp 3des): 192.168.1.0/24 -|A|- 62.212.109.16 <--- INTERNET ---> 82.234.240.117 -|B|- 192.168.0.0/24 On "B", setkey -DP gives the following: 192.168.0.0/24[any] 192.168.1.0/24[any] any out ipsec esp/tunnel/82.234.240.117-62.212.109.16/require created: Apr 27 12:18:35 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=313 seq=5 pid=5812 refcnt=1 When I try to ping the A router from the B router (using 192.168. addresses of course), packets are sent...

Hi, I successfully connected quite a few servers with their associated networks using Suse 9.1/9.2 (Kernel 2.6.x) and IPSEC tunnels. But now I have to add another server that has a ADSL connection to the internet, that means it has a dynamic IP address which is likely to change every few hours, since the provider disconnects from time to time. I found a way to restart the IPSEC connection when the ASDL connection res...

Hi, I am trying to setup ipsec tunnel between Freebsd (host1) and Linux (host2) systems.And I also interested in executing some ipsec test cases( Like TAHI conformance test suite) on the same connection. Please, suggest me some details regarding this setup and Specify any materials which can be obtained from from any locations(s...

> -----Original Message----- > From: Greg Panula [mailto:greg.panula@dolaninformation.com] > Sent: 12 May 2003 11:10 > To: Matthew Braithwaite > Cc: stable@freebsd.org > Subject: Re: iHEADS UP: ipsec packet filtering change > > You don't really need the gif tunnels for ipsec. Gif is more geared > towards ipv4 <=> ipv6 type tunnels. A few of ipsec how-to's mention > using gif tunnels and I've been tripped up by it, too. > > ipsec is much easier without the...

Hello, it looks like the usual way to do ipsec on centos5 won't work anymore on centos6 I installed ipsec-tools but an interface type IPsec is not recognized by the kernel ifup ipsec0 Device does not seem to be present, delaying initialization. I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which w...

hi, I can''t get a freeswan 2.02 ipsec x509 connection at work can somebody help me? ************************************************************************************* global situation ************************************************************************************* the linux gateway (chivas) is a single machine 192.168.1.250 w...

...organise all the rules and so on (beforethat I''ve been using simple iptables rules in shell script ;-) Generally it''s quite easy to be used, but anyway found one problem which I cannot handle myself - or in other words - cannot find appropriate way :-) I''ve set up VPN (IPSEC on 2.6 and racoon) on linux machine with iptables - generally VPN traffic lan<->vpn works fine. But I would like to make this box to be a VPN hub and I would like to allow vpn<->vpn traffic. I''ve spent a lot of time making Ipsec to work and finally I''ve achieved situa...

Hi, Just seeking some clarification on the current state of play with masqing ipsec connections. I have a client who establishs many different outbound ipsec connections. So thats - many local clients, through linux firewall, to many different ipsec ''servers''. they currently assign a public ip for outbound nat to each user to connect out to the ipsec connection,...

Hello ! I have a performance issue with Kernel 2.6.X and policy match support as suggested in http://shorewall.net/IPSEC-2.6.html. My IPSEC performance doesn''t exeed about 30kbyte/sec even if my downlink is 1024kbit/sec and should reach more than 100kbyte/sec. No, its not the cpu''s performance (AMD Barton 2500+) and no it''s not the gateway (CELERON 600 Mhz) on the remote side. If I dis...

Hi! I''m testing IPSec tunnels, having the following test schemma: Host A - eth0: 192.168.1.67 eth1: 192.168.10.1 Host B - eth0: 192.168.1.254 eth1: 192.168.20.1 I''ve succesfully configured an IPSec tunnel in order to safely communicate from 192.168.10.0/24 (which is obviously behind Hos...

While I have concentrated on support for 2.6 native IPSEC in release 2.2.0, I am still of the opinion that unless you absolutely need IPSEC compatibility that OpenVPN is a much easier (and in the case of roadwarriors, a much better) solution. Having already generated all of the required X.509 certificates, it took me less than 1/2 hr to replace my IPSEC...

...w about traffic shaping/police. As far as red (chapter 9 complete) i saw that first the packet passes at the ingress qdisc, then it passes to the ip stack if the packet is directed to the box or its forwarded (is my case), then it falls to the egress classifier/s. Now, i understand if i have an ipsec vpn at the outside interface, the egress classifiers will act before the packet leave the kernel and enter to the vpn tunnel, is this correct? Here''s my situation , i have a "headquarter" box that is a database (to call it with a name) and then a lot of branches that send queri...

class wrote on 06/10/2004 11:18:48: > Hello, I have the following situation: > > 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24 > 192.168.176.2 pop3 ipsec > racoon > > > policy: (Machine A and B) > ------- > loc vpn ACCEPT > vpn loc ACCEPT > all all REJECT info > > > rules: (Machine A) > ------ > ACCE...

class wrote on 06/10/2004 11:18:48: > Hello, I have the following situation: > > 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24 > 192.168.176.2 pop3 ipsec > racoon > > > policy: (Machine A and B) > ------- > loc vpn ACCEPT > vpn loc ACCEPT > all all REJECT info > > > rules: (Machine A) > ------ > ACCE...

Hi, I have FreeBSD box with network interface having y.y.y.y ip address. On same box i configure next ipsec ploicys to process trafic from hardware ipsec enabled device. spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec esp/tunnel/y.y.y.y-z.z.z.z/require; spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec esp/tunnel/z.z.z.z-y.y.y.y/require; Is it possible to see decrypted incoming packets, and outgoing packets bef...

...ram of what I am trying to configure: http://6bit.com/img/netdiag.png Currently I only have Shorewall running on the host on the right of the diagram until I can get this working then I''ll add it to the other host as well. I''ve read the docs on GRE/IPIP tunneling and the docs on IPSec transport with the 2.6 kernel. I''ve been able to get the IPSec transport connection set up successfully and the ESP packets are successfully flowing through the firewall. I am running Kernel 2.6.18, Shorewall 3.2.4, iptables 1.3.5, and iproute iproute2-ss060323. The problem is that I ca...

Hi all, I want to allocate bandwidth for ipsec interface using CBQ/tc. Suppose the conf. file is like this, DEVICE=ipsec0,10Mbit,1Mbit RATE=128Kbit WEIGHT=10Kbit PRIO=5 RULE=192.128.1.0/24 Does it work or What else options need to be taken care like ipsec packets/protocol/port # etc.? C''d anybody suggest please? regds, Srikanth....