search for: ipsec1

...16.0.1 with our public IP; 192.168.122.1 will be the address of the host in the VPN) ipsecadm sa add --spi=0x1000 --dst=172.16.0.1 --src=172.16.0.2 \ --cipher=3des-cbc --cipher-keyfile=/etc/ipsec/demo.ciph.key \ --digest=sha1 --digest-keyfile=/etc/ipsec/demo.auth.key --duplex ipsecadm tunnel add ipsec1 --local=172.16.0.1 --remote=172.16.0.2 ifconfig ipsec1 192.168.122.1 up route add -net 192.168.122.0/24 dev ipsec1 B) Remote host (change 172.16.0.2 with it''s public ip; 192.128.122.2 will be the addres in the VPN) psecadm sa add --spi=0x1000 --dst=172.16.0.2 --src=172.16.0.1 \ --cipher=...

...ther 00:04:5a:8a:48:05 brd ff:ff:ff:ff:ff:ff inet 192.168.168.1/24 brd 192.168.168.255 scope global eth1 180: ipsec0: <NOARP,UP> mtu 1280 qdisc pfifo_fast qlen 10 link/ether 00:c0:9f:1e:fa:99 brd ff:ff:ff:ff:ff:ff inet 208.10.57.129/28 brd 208.10.57.143 scope global ipsec0 181: ipsec1: <NOARP,UP> mtu 1280 qdisc pfifo_fast qlen 10 link/ether 00:c0:9f:1e:fa:99 brd ff:ff:ff:ff:ff:ff inet 208.10.57.130/28 brd 208.10.57.143 scope global ipsec1 182: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10 link/ipip 183: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10 li...

...----------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can SNAT/MASQUERADE packets to the tunnel address (10.253.0.2) it shall work. This would have been possible with FreeSwan, as it created network interfaces (ipsec0, ipsec1..), however with setkey there is no way of making it. The VPN starts on the gateway, simply all traffic destinate to 192.168.0.0/22 should get an SNAT to 10.253.0.2 and go via the tunnel. SNAT however is available only in POSTROUTING chain, and no outgoing interface really exists with setkey...

Tuomo Soini wrote: > You don''t happen to read shorewall-devel mailinglist ? I read it -- I just didn''t know what to make of your post and it arrived while I was on vacation. What exactly are you trying to accomplish that Shorewall isn''t doing for you now? e.g. /etc/shorewall/zones rw Roadwarriors Road Warriors /etc/shorewall/interfraces rw ipsec+

...the other leased line. Both leased lines have their own public ip adress. The setup looks kinda like this: eth1(ipsec0)--ISP0--Internet--eth1-Linux1-eth0--Subnet1 / (ipsec-tunnel0) Intranet--eth0-Linux-HQ \ (ipsec-tunnel1) eth2(ipsec1)--ISP1--Internet--eth1-Linux2-eth0--Subnet2 I wanted to use the advanced routing features (ip command) of the linux kernel to solve the routing issues. When advanced routing is activated I can start tunnel0. After a few seconds their is still traffic on ipsec0 but not eth1. When I deactivate advan...

Hello, I use Julian Anastasov ''routes'' (to be more specific: static_routes, alt_routes and nf_reroute) patches on a 2.4.32 kernel. On the same host I run IPSec. I have discovered after a few hours of networking problems that, when IPSec is enabled on that patched kernel, inspecting packets with tcpdump while arping-ing a host from a network physically connected to this

...link/ether 00:04:e2:18:ad:60 brd ff:ff:ff:ff:ff:ff inet 192.168.10.1/24 brd 192.168.100.255 scope global eth2 12: ipsec0: <NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 10 link/ether 00:04:e2:1c:f5:db brd ff:ff:ff:ff:ff:ff inet 64.42.53.202/29 brd 64.42.53.207 scope global ipsec0 13: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10 link/void 14: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10 link/void 15: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10 link/void [root@ns1 root]#

...T,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 10 link/ppp inet 10.1.1.1 peer 10.1.1.2/32 scope global tun0 6: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10 link/ether 00:02:e3:13:02:78 brd ff:ff:ff:ff:ff:ff inet 216.12.22.89/26 brd 216.12.22.127 scope global ipsec0 7: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10 link/ipip 8: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10 link/ipip 9: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10 link/ipip firewall: -root- # ip route sho 216.12.22.89 via 10.1.1.2 dev tun0 10.1.1.2 dev tun0 proto kernel scope link...

...econdary eth0:1 inet6 fe80::2ba:acff:fe8a:bfca/64 scope link 5: tunl0@NONE: <NOARP> mtu 1480 qdisc noop link/ipip 0.0.0.0 brd 0.0.0.0 6: gre0@NONE: <NOARP> mtu 1476 qdisc noop link/gre 0.0.0.0 brd 0.0.0.0 7: ipsec0: <NOARP> mtu 0 qdisc noop qlen 10 link/void 8: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10 link/void 9: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10 link/void 10: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10 link/void 11: sit0@NONE: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 $ ip route show 66.17.244.0/2...

Hello! I am using shorewall shorewall-2.0.11-1 on fedora core2 (iptables-1.2.9-95.7). My box has 2 physical nic´s plus one virt. ipsec interface for a freeswan-vpn connection. A few days ago, portsentry spit out a lot of connections from windows clients (port 135, 445). Ooops. I review my shorewall settings but could not find a mistake. So I took a win-client and established a second

...OARP,UP> mtu 1405 qdisc pfifo_fast qlen 10 link/ppp inet 172.16.1.1 peer 172.16.1.2/32 scope global tun0 13: ipsec0: <NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 10 link/ether 00:04:e2:1c:f5:db brd ff:ff:ff:ff:ff:ff inet 64.42.53.202/29 brd 64.42.53.207 scope global ipsec0 14: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10 link/void 15: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10 link/void 16: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10 link/void [root@ns1 root]# ip route show 172.16.1.2 dev tun0 proto kernel scope link src 172.16.1.1 64.42.53.203 dev eth2...