search for: kame

TITLE: KAME Project "ipcomp6_input()" Denial of Service CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote DESCRIPTION: A vulnerability has been reported in the KAME Project, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused...

I need vtun working over IPv6. The version from rpmforge does not seem to support IPv6 (binds to 0.0.0.0:5000 if I specify binding to the interface, and won't let me put in an IPv6 address for address binding). So I was pointed to the KAME (which does not provide any FC/RHEL support. The person who sent me there provided a makefile that he said works on Linux, but did not work for me: Makefile from KAME: install_dir = /usr/local/v6/bin v6tun: v6tun.o cc -o $@ $> install: v6tun -rm -f $(install_dir)/v6tun install -c -o ro...

...vironment is so poor (but the modern C++ environment is a monster). |So the first impression is quite nice, but in retrospective, it was one |of the truly bad ideas in IPv6 socket API design - and I do applaud the |OpenBSD people for being stubborn here. All the BSDs (started off) use(ing) the KAME stack, which has a nice read in https://github.com/kame/kame/blob/master/IMPLEMENTATION RFC3493: Basic Socket Interface Extensions for IPv6 * IPv4 mapped address (3.7) and special behavior of IPv6 wildcard bind socket (3.8) are, - supported and turned on by default on...

On 13 Aug 2001, "William F. Maton" <wmaton@ryouko.dgim.crc.ca> wrote: > On 13 Aug 2001, Heikki Vatiainen wrote: > > > The rsync daemon we use is plain 2.4.6 patched with KAME rsync patch > > rsync-246-v6-20000907.diff.gz [1]. It looks like there is a good > > possibility to get IPv6 merged in, since just today a rsync developer > > was asking if anyone wants it [2]. If no one objects, I can reply and > > say that Debian IPv6 project has interest...

Hi, On Sun, Jul 14, 2024 at 10:25:46AM +0100, Brian Candler wrote: > On 14/07/2024 03:49, Steffen Nurpmeso wrote: > > I have read > > > > https://datatracker.ietf.org/doc/html/draft-cmetz-v6ops-v4mapped-api-harmful-01 > > > > but as an application developer i find it ugly not to be able to > > "simply do it", and get back a mapped address.

...ke the usual way to do ipsec on centos5 won't work anymore on centos6 I installed ipsec-tools but an interface type IPsec is not recognized by the kernel ifup ipsec0 Device does not seem to be present, delaying initialization. I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5 any hints ? thank you Rick

...pport. Does anybody knows if is possible to make my FreeBSD box connect a VPN with the Linux box? If so, could point me to a documentation about how to install IPSec with RSA authentication and how to make it work with FreeS/WAN? I have already read the pages on the sites www.freeswan.org and www.kame.org but I didn?t find it. Thank?s Ronan

Hi, I am trying to setup ipsec tunnel between Freebsd (host1) and Linux (host2) systems.And I also interested in executing some ipsec test cases( Like TAHI conformance test suite) on the same connection. Please, suggest me some details regarding this setup and Specify any materials which can be obtained from from any locations(site).. I have enabled IPSec support for FreeBSD (4.11 Release) and

...hase 1 main or aggressive mode, racoon does not verify the client's RSA signature. Any installations using X.509 authentication are strongly urged to upgrade. Installations using pre-shared keys are believed to be unaffected. References CVE CAN-2004-0155 Name URL http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/ crypto_openssl.c?rev=1.84&content-type=text/x-cvsweb-markup -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org

...3.2.2 of the changes I made to fix the problem. *** /tmp/ipsec.key.c Thu Sep 11 14:26:07 2003 --- /usr/src/sys/netipsec/key.c Thu Sep 11 14:27:42 2003 *************** *** 1,4 **** ! /* $FreeBSD: /repoman/r/ncvs/src/sys/netipsec/key.c,v 1.3.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ /* --- 1,4 ---- ! /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.2 2003/07/01 01:38:13 sam Exp $*/ /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ /* *************** *** 133,138 **** --- 133,139 ---- #endif static LIS...

Hi, Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey on which I have one address on my side acting as an SNAT router for all traffic from my network to a network segment on the far side. my network --- my gateway ---------------------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can

FYI, looks like support for Racoon is ending. Does anyone have any experience with the version in ipsec-tools ? ---Mike >Racoon users, > >This is the announcement that the kame project will quit providing >a key management daemon, the racoon, and that "ipsec-tools" will become >the formal team to release the racoon. >The final release of the racoon in the kame project will be on 4/25. > >Because there were some problem for users currently, >...

I see support in shorewall for the KAME-tools, how about strongswan ? I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my vpn-gateway for the subnet behind it. # Shorewall version 3.4 - Zones File #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall fil...

...+0200 +++ src/rsync-3.0.6/configure.in 2009-09-17 06:53:08.927125000 +0200 @@ -196,8 +196,18 @@ AC_ARG_ENABLE(ipv6, [don't even try to use IPv6])) if test x"$enable_ipv6" != x"no"; then AC_MSG_CHECKING([ipv6 stack type]) - for i in inria kame linux-glibc linux-inet6 toshiba v6d zeta; do + for i in cygwin inria kame linux-glibc linux-inet6 toshiba v6d zeta; do case $i in + cygwin) + AC_EGREP_CPP(yes, [ +#include <netinet/in.h> +#ifdef _CYGWIN_IN6_H +yes +#endif], +...

...uct sockaddr *)&ss, length, addr_buf, sizeof(addr_buf), NULL, 0, NI_NUMERICHOST); return addr_buf; } The patch replaces struct sockaddr with struct sockaddr_storage and prints some length information into the syslog. The idea of using struct sockaddr_storage came from KAME's patch for 2.4.6 and Itojun's AF-independent application paper at http://www.kame.net/newsletter/19980604/ The results were: rsyncd[32707]: length 28, sizes: sockaddr 16, sockaddr_storage 128 rsyncd[32707]: reverse name lookup failed rsyncd[32707]: rsync: forward name lookup for failed...

I have the following network: External Interface External Interface ccc.ccc.ccc.ccc aaa.aaa.aaa.aaa | | --> VPN <--> Internet <--> FreeBSD Client (NATed extip: bbb.bbb.bbb.bbb) | FW-1 Protected Net ddd.ddd.ddd.ddd/24 VPN: ipsec freeswan (UDP encapsulated tunnel) ccc.ccc.ccc.ccc has port 136/UDP open for

Hi everyone, First of all, this is my first post in this ML, so I''m not sure that this is the right place for my question (please don''t shoot me down ;)). For the record, I''ve been reading and using LARTC for almost 3 years now, and it''s a great help for anyone who wants to learn linux networking. My problem: I want to setup a tunnel for the following

...v6. When I install it (v 3.0.2-1) and bind it to an interface that does NOT have IPv4 defined (only v6), start the service, and do a 'netstat -nat|grep 5000', I see it bound to 0.0.0.0:5000, not to the IPv6 0::/128 equiv address. What gives? IPv6 support or not? Meanwhile I found the kame vtun: http://orange.kame.net/dev/cvsweb.cgi/v6tun/?cvsroot=apps And was given the following 'changes' to compile it on linux. Do I need this??? v6tun: v6tun.o gcc v6tun.c v6tun.h -o v6tun install: v6tun -rm -f $(install_dir)/v6tun install -c -o root -g wheel -...

Hi I was asking about the fedora 14 kernel if it is good enough for cgroup usage because I am trying to set a cgroup under cpu subsytem ( /dev/cgroup/cpu/group1/ ) that have /cpu.rt_runtime_us of 100000 while cpu.rt_period_us has a value of 1000000 i.e a ratio of 1/10 . still when I run a task (endless loop) in that group (cgexec -g cpu,cpuset:group1 ./test) it gets all the cpu core time

...c.statd 1724 root 9u IPv6 100695714 TCP *:18139 (LISTEN) rpc.idmap 1824 root 9u IPv6 100695714 TCP *:18139 (LISTEN) ruby 32249 root 9u IPv6 100695714 TCP *:18139 (LISTEN) This is under Linux and what from what I''ve read this might not be the case under KAME based IPv6 network stacks (such as FreeBSD). Anybody else seen this? Cheers, Ryan