Displaying 14 results from an estimated 14 matches for "klips".
Did you mean:
clips
2014 Oct 06
1
openswan and klips ipsec stack
Hi List,
Is there easy way to get klips ipsec stack into centos 6? As it makes
firewalling ipsec traffic much easier..
Eero
2014 Feb 08
1
openswan and ipsec
# ipsec verify
...
If you encounter network related SElinux errors, especially when using KLIPS,
try disabling SElinux
...
Well, it is not running KLIPS but netkey, anyways
I feel not comfortable about disabling selinux on a ipsec router.
I am not sure how to handle possible probems in this case, too.
If I decide not to disable selinux, and I run into problems, should I
a) report it to r...
2006 Nov 03
5
qos inside ipsec tunnel
Hello everybody.
I would like to do some kind of shaping inside an
ipsec tunnel implemented by Openswan and linux
2.6.18.x with xfrm (no KLIPS): for example, to
limit outbound smtp traffic inside the tunnel.
Question: where should I attach the qdisc to? Eth0?
I''m asking this, because tcpdump only see the ESP
packet on the eth0 and not the ''clear'' packet.
TIA
This is my simple network schema:
____ priv...
2009 Nov 26
2
What kernel source and how to download it
Hi all,
I am running CentOS 5.3 under xen on a VPS machine (so I have a limited control on the machine)
I am playing with openswan and KLIPS and I need to build the ipsec.ko kernel module.
I would need to download kernel source but I am really confused about what source I have to get.
uname -r tells:
2.6.18-128.7.1.el5xen
ls /lib/modules tells:
ls /lib/modules
2.6.18-128.7.1.el5xen 2.6.18-164.2.1.el5 2.6.18-164.6.1.el5 2.6....
2005 Jan 12
4
Problem upgrading to 2.0.14
...9; or ''iptables --help'' for more information.
Processing /etc/shorewall/stop ...
Stopping IPsec ... Stopping Openswan IPsec...
stop ordered, but IPsec does not appear to be running!
doing cleanup anyway...
/usr/libexec/ipsec/eroute: Trouble opening PF_KEY family socket with
error: KLIPS not loaded or enabled.
/usr/libexec/ipsec/spi: Trouble opening PF_KEY family socket with error:
KLIPS not loaded or enabled.
[FAILED]
Stopping ulogd: [ OK ]
IP Forwarding Enabled
Processing /etc/...
2009 Aug 12
6
Shorewall (Openswan) IPSEC VPN MASQ Problem
Hi,
I have setup a IPSEC VPN using Openswan to connect a Draytek router to a
CentOS 5.2/Shorewall 4.2.9 firewall. The VPN establishes OK but I''m
getting a problem with packets from the left hand subnet getting
masqueraded rather than routed down the IPSEC VPN as though they were
going out onto the net. I''ve spent the last day searching Google and so
far I''ve hit a
2006 May 03
5
SNAT on IPSEC tunnel with kernel 2.6/KAME tools?
Hi,
Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey
on which I have one address on my side acting as an SNAT router for all
traffic from my network to a network segment on the far side.
my network --- my gateway ---------------------- remote network
10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22
All traffic starts on my side, so if I can
2007 Jun 25
4
Using Julian Anastasov''s ''routes'' patches on 2.4 kernel in conjunction with IPSec
Hello,
I use Julian Anastasov ''routes'' (to be more specific: static_routes,
alt_routes and nf_reroute) patches on a 2.4.32 kernel. On the same host I run
IPSec. I have discovered after a few hours of networking problems that,
when IPSec is enabled on that patched kernel, inspecting packets with tcpdump
while arping-ing a host from a network physically connected to this
2005 Sep 11
0
ERROR: no hit for procs_running
With xen-2.0.7 and a self configured 2.4.30 Kernel (+KLIPS from
strongswan) I get error messages; i have never seen before.
Can anyone tell me, what
ERROR: no hit for procs_running^M
ERROR: no hit for procs_blocked^M
means?
^Msd(8,1):Using r5 hash to sort names
^MVFS: Mounted root (reiserfs filesystem) readonly.
^MFreeing unused kernel memory: 120k free...
2006 May 23
0
ipsec and Centos3.7
Hi,
I want to connect to a Cisco Pix using ipsec.
In RH9 I was able to compile openswan 2.4.0 and use it, but
in Centos 3.7 I can apply the openswan klips patch.
I noted that the centos 3.7 kernel has a ipsec patch from redhat,
does this NETKEY patch works with openswan?
What ipsec solution do I have in centos 3.7? Should I
use another kernel?
many thanks
Oliver
--
Oliver Schulze L.
<oliver at samera.com.py>
2006 Jul 20
2
GRE over IPsec Cisco<-> Linux
...2006 i586 GNU/Linux
rx1000test:~# iptables -v
iptables v1.2.11: no command specified
rx1000test:~# shorewall version
2.2.3
rx1000test:~# ip -V
ip utility, iproute2-ss041019
rx1000test:~# ipsec version
Linux Openswan U2.2.0/K2.6.8-16-486-rx (native)
Openswan is using the Kernel 2.6 native stack NOT klips.
Here is my setup, only one spoke for now:
192.168.1.0/28 160.96.97.248 Dynamic 192.168.1.96/28
| 192.168.1.1 | | 192.168.1.97 |
| | HUB | | SPOKE | |
| | +---------...
2006 Aug 16
2
Openswan 2.4.6rc5 under CentOS 4.3
...l src rpm as well). I compiled openswan with:
make KERNELSRC=/lib/modules/`uname -r`/build/ module minstall (and same for
progs)
Module seems to load fine, lsmod shows as loaded. I do get quite a bit of
output on the console that I don't know is normal:
----
Aug 15 12:44:15 INAKFW001 kernel: klips_debug:ipsec_eroute_get_info:
buffer=0pc9cce000, *start=0p00000000, offset=61, length=1024
Aug 15 12:44:15 INAKFW001 kernel: klips_debug:rj_walktree: for:
rn=0pcce7a5a8 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Aug 15 12:44:15 INAKFW001 kernel: klips_debug:rj_walktree: processing
leaves...
2005 Jul 27
2
QoS and IPSec...
Hi, I have what to me is an interesting issue. I am wanting to
prioritize (QoS) traffic that will be passing through an IPSec
(OpenS/WAN) VPN between two (identical) Linux routers. I know that I
can apply the IPSec patches (1-4) to the kernel and IPTables (if they
are not already applied by now) filter traffic before and after IPSec
encapsulation. My problem is that I don''t know
2005 May 02
9
Sanity check for Shorewall and Openswan VPN and 2.6
...at I''m finding
is really all necessary here.
I''m upgrading a gateway/firewall from Linux 2.4 to 2.6 using Mandrake 10.1.
In the old 2.4 kernel I structured my firewall rules around the ipsec0
interface, which I understand isn''t present with Openswan
running under 2.6 (no KLIPS). Ok,
So as I start to tackle the new problem, here is
what I''m finding, at least with Mandrake 10.1...
Shorewall 2.2.0+ has nice features to simplify new ipsec rules.
Mandrake is several versions behind, so I upgrade with
Jack Coates rpms, very helpful; so far so good.
Except it requ...