Displaying 7 results from an estimated 7 matches for "keyingtries".
2016 Aug 17
6
[Bug 1082] New: Hard lockup when inserting nft rules (esp. ct rule)
https://bugzilla.netfilter.org/show_bug.cgi?id=1082
Bug ID: 1082
Summary: Hard lockup when inserting nft rules (esp. ct rule)
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: blocker
Priority: P5
Component: kernel
Assignee:
2016 Feb 09
4
OpenSwan Drop Out Issue
...the middle of the night (so I don't believe it's traffic
related), certain (and sometimes all) routes will drop. They usually
recover after a few minutes, but it's still long enough for our monitoring
to detect downtime.
The configuration we have on each device is:
conn site-a
keyingtries=0
keylife=1h
ikelifetime=8h
left=1.1.1.1
right=2.2.2.2
leftsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
rightsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
pfs=yes
auto=start
authby...
2016 Feb 17
2
Openswan <-> VyOS
...an server
with a Vyos server via IPSec.
I've posted this on the VyOS forums, but haven't had many helpful
responses, so I thought I would ask here.
http://forum.vyos.net/showthread.php?tid=26504&pid=29703#pid29703
Basically our Openswan configuration is as follows:
conn VYOS
keyingtries=0
keylife=20m
ikelifetime=2h
left=<VYOS IP>
right=<OPENSWAN IP>
leftsubnets={
10.1.1.0/24,10.1.2.0/24,10.1.3.0/24,10.1.4.0/24,10.1.5.0/24}
rightsubnets={10.2.1.0/24,10.2.2.0/24,10.2.3.0/24,10.2.4.0/24}
auto=start
authby=sec...
2003 Jan 09
0
AW: IPSec pass through
...p would be to create a tunnel
> between the linux box and the FW-1 server. (freeswan / ipsec)
I think this would be easier than to tunnel ipsec through from a
windows client behind your firewall.
Add these config options to your ipsec.conf if you
want to connect vom linux to checkpoint:
keyingtries=0
pfs=no
Currently I try exactly this, migrating from manuall configured
iptables/ipsec to shorewall. Your experiences may help me.
> I''m fairly new to the linux firewalling and ipsec etc so any
> help would
> be greatly appreciated.
Hope this helps,
Frerk Meyer
Syst...
2016 Feb 09
0
OpenSwan Drop Out Issue
...t believe it's traffic
> related), certain (and sometimes all) routes will drop. They usually
> recover after a few minutes, but it's still long enough for our monitoring
> to detect downtime.
>
> The configuration we have on each device is:
>
> conn site-a
> keyingtries=0
> keylife=1h
> ikelifetime=8h
> left=1.1.1.1
> right=2.2.2.2
>
>
> leftsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
>
>
> rightsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24}
&...
2006 Jul 20
2
GRE over IPsec Cisco<-> Linux
...ltroute
leftsourceip=192.168.1.97
leftid=@rx1000test
leftsubnet=192.168.1.96/28
ike=aes128-md5-modp1024
esp=aes128-md5
right=160.96.97.248
rightsubnet=192.168.1.0/28
rightsourceip=192.168.1.1
type=tunnel
pfs=yes
keyingtries=0
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
The IPsec works fine except for the following caveats:
1. Spoke routers cannot ping each other,
2. The cisco has no interfaces for the scope routers so no qos can be done.
Linux GRE setup:
modprobe ip_gre
ip tu...
2013 Apr 11
2
IKEv2/IPSEC "Road Warrior" VPN Tunneling?
Is there a "cookbook" for setting this up? There are examples for
setting up a tunnel between two fixed-address networks (e.g. a remote
LAN that needs to be "integrated" with a central LAN over IPSec but I
can't find anything addressing the other situation -- remote user(s)
where the connecting IPs are not known in advance, such as a person with
a laptop or smartphone in a