Displaying 11 results from an estimated 11 matches for "ipsec1".
Did you mean:
ipsec
2003 Mar 14
5
ipsec for linux 2.4 eventually made easy?!
...16.0.1 with our public IP; 192.168.122.1 will
be the address of the host in the VPN)
ipsecadm sa add --spi=0x1000 --dst=172.16.0.1 --src=172.16.0.2 \
--cipher=3des-cbc --cipher-keyfile=/etc/ipsec/demo.ciph.key \
--digest=sha1 --digest-keyfile=/etc/ipsec/demo.auth.key --duplex
ipsecadm tunnel add ipsec1 --local=172.16.0.1 --remote=172.16.0.2
ifconfig ipsec1 192.168.122.1 up
route add -net 192.168.122.0/24 dev ipsec1
B) Remote host (change 172.16.0.2 with it''s public ip; 192.128.122.2
will be the addres in the VPN)
psecadm sa add --spi=0x1000 --dst=172.16.0.2 --src=172.16.0.1 \
--cipher=...
2004 Feb 26
4
Help! Martians invading through IPSec. :-)
...ther 00:04:5a:8a:48:05 brd ff:ff:ff:ff:ff:ff
inet 192.168.168.1/24 brd 192.168.168.255 scope global eth1
180: ipsec0: <NOARP,UP> mtu 1280 qdisc pfifo_fast qlen 10
link/ether 00:c0:9f:1e:fa:99 brd ff:ff:ff:ff:ff:ff
inet 208.10.57.129/28 brd 208.10.57.143 scope global ipsec0
181: ipsec1: <NOARP,UP> mtu 1280 qdisc pfifo_fast qlen 10
link/ether 00:c0:9f:1e:fa:99 brd ff:ff:ff:ff:ff:ff
inet 208.10.57.130/28 brd 208.10.57.143 scope global ipsec1
182: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
183: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
li...
2006 May 03
5
SNAT on IPSEC tunnel with kernel 2.6/KAME tools?
...----------- remote network
10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22
All traffic starts on my side, so if I can SNAT/MASQUERADE packets to the
tunnel address (10.253.0.2) it shall work. This would have been possible with
FreeSwan, as it created network interfaces (ipsec0, ipsec1..), however with
setkey there is no way of making it.
The VPN starts on the gateway, simply all traffic destinate to 192.168.0.0/22
should get an SNAT to 10.253.0.2 and go via the tunnel. SNAT however is
available only in POSTROUTING chain, and no outgoing interface really exists
with setkey...
2002 Sep 29
7
[Fwd: Building custom _updown script for freeswan to make it talk with shorewall]
Tuomo Soini wrote:
> You don''t happen to read shorewall-devel mailinglist ?
I read it -- I just didn''t know what to make of your post and it arrived
while I was on vacation.
What exactly are you trying to accomplish that Shorewall isn''t doing for
you now?
e.g.
/etc/shorewall/zones
rw Roadwarriors Road Warriors
/etc/shorewall/interfraces
rw ipsec+
2004 Aug 12
0
Advanced Routing and FreeSwan
...the other leased
line. Both leased lines have their own public ip adress.
The setup looks kinda like this:
eth1(ipsec0)--ISP0--Internet--eth1-Linux1-eth0--Subnet1
/
(ipsec-tunnel0)
Intranet--eth0-Linux-HQ
\
(ipsec-tunnel1)
eth2(ipsec1)--ISP1--Internet--eth1-Linux2-eth0--Subnet2
I wanted to use the advanced routing features (ip command) of the linux
kernel to solve the routing issues. When advanced routing is activated I
can start tunnel0. After a few seconds their is still traffic on ipsec0
but not eth1.
When I deactivate advan...
2007 Jun 25
4
Using Julian Anastasov''s ''routes'' patches on 2.4 kernel in conjunction with IPSec
Hello,
I use Julian Anastasov ''routes'' (to be more specific: static_routes,
alt_routes and nf_reroute) patches on a 2.4.32 kernel. On the same host I run
IPSec. I have discovered after a few hours of networking problems that,
when IPSec is enabled on that patched kernel, inspecting packets with tcpdump
while arping-ing a host from a network physically connected to this
2004 Dec 30
5
Proxy Arp
...link/ether 00:04:e2:18:ad:60 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.1/24 brd 192.168.100.255 scope global eth2
12: ipsec0: <NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 10
link/ether 00:04:e2:1c:f5:db brd ff:ff:ff:ff:ff:ff
inet 64.42.53.202/29 brd 64.42.53.207 scope global ipsec0
13: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
link/void
14: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/void
15: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
link/void
[root@ns1 root]#
2004 Dec 11
5
Problem report -- shorewall 1.4
...T,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen
10
link/ppp
inet 10.1.1.1 peer 10.1.1.2/32 scope global tun0
6: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10
link/ether 00:02:e3:13:02:78 brd ff:ff:ff:ff:ff:ff
inet 216.12.22.89/26 brd 216.12.22.127 scope global ipsec0
7: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
8: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
9: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
firewall: -root-
# ip route sho
216.12.22.89 via 10.1.1.2 dev tun0
10.1.1.2 dev tun0 proto kernel scope link...
2004 Oct 29
8
No entries in the syslog, even though the LOG chains show counts
...econdary
eth0:1
inet6 fe80::2ba:acff:fe8a:bfca/64 scope link
5: tunl0@NONE: <NOARP> mtu 1480 qdisc noop
link/ipip 0.0.0.0 brd 0.0.0.0
6: gre0@NONE: <NOARP> mtu 1476 qdisc noop
link/gre 0.0.0.0 brd 0.0.0.0
7: ipsec0: <NOARP> mtu 0 qdisc noop qlen 10
link/void
8: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
link/void
9: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/void
10: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
link/void
11: sit0@NONE: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
$ ip route show
66.17.244.0/2...
2004 Dec 04
7
vpn-zone wide open
Hello!
I am using shorewall shorewall-2.0.11-1 on fedora core2
(iptables-1.2.9-95.7). My box has 2 physical nicĀ“s plus one virt. ipsec
interface for a freeswan-vpn connection.
A few days ago, portsentry spit out a lot of connections from windows
clients (port 135, 445). Ooops.
I review my shorewall settings but could not find a mistake. So I took a
win-client and established a second
2005 Jan 09
22
Dmz
...OARP,UP> mtu 1405 qdisc pfifo_fast qlen 10
link/ppp
inet 172.16.1.1 peer 172.16.1.2/32 scope global tun0
13: ipsec0: <NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 10
link/ether 00:04:e2:1c:f5:db brd ff:ff:ff:ff:ff:ff
inet 64.42.53.202/29 brd 64.42.53.207 scope global ipsec0
14: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
link/void
15: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/void
16: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
link/void
[root@ns1 root]# ip route show
172.16.1.2 dev tun0 proto kernel scope link src 172.16.1.1
64.42.53.203 dev eth2...