search for: leftsubnet

https://bugzilla.netfilter.org/show_bug.cgi?id=1082 Bug ID: 1082 Summary: Hard lockup when inserting nft rules (esp. ct rule) Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: blocker Priority: P5 Component: kernel Assignee:

...l) routes will drop. They usually recover after a few minutes, but it's still long enough for our monitoring to detect downtime. The configuration we have on each device is: conn site-a keyingtries=0 keylife=1h ikelifetime=8h left=1.1.1.1 right=2.2.2.2 leftsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24} rightsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24} pfs=yes auto=start authby=secret dpddelay=30 dpdtimeout=120 dpdaction=hold phase2alg=aes256-...

...BPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== authby=secret|rsasig # load and initiate automatically auto=start conn site1 also=tunnel leftsubnet=10.0.128.0/22 rightsubnet=192.168.1.222/32 conn site2 also=tunnel On 1 April 2016 at 15:58, Eero Volotinen <eero.volotinen at iki.fi> wrote: > So you are using pkcs12 on centos: > > https://www.sslshopper.com/article-most-common-openssl-commands.html > -- > Eer...

...I thought I would ask here. http://forum.vyos.net/showthread.php?tid=26504&pid=29703#pid29703 Basically our Openswan configuration is as follows: conn VYOS keyingtries=0 keylife=20m ikelifetime=2h left=<VYOS IP> right=<OPENSWAN IP> leftsubnets={ 10.1.1.0/24,10.1.2.0/24,10.1.3.0/24,10.1.4.0/24,10.1.5.0/24} rightsubnets={10.2.1.0/24,10.2.2.0/24,10.2.3.0/24,10.2.4.0/24} auto=start authby=secret dpddelay=30 dpdtimeout=120 dpdaction=hold phase2alg=aes256-sha1;modp1536 phase2=esp...

...aRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== >> authby=secret|rsasig >> # load and initiate automatically >> auto=start >> >> conn site1 >> also=tunnel >> leftsubnet=10.0.128.0/22 >> rightsubnet=192.168.1.222/32 >> >> conn site2 >> also=tunnel >> >> >> >> >> >> >> >> >> On 1 April 2016 at 15:58, Eero Volotinen <eero.volotinen at iki.fi> wrote: >> > So you are us...

IF you are not stuck to IPSec, you might want to take a look at OpenVPN (www.openvpn.org). I found OpenVPN easier to install than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution between my German office and our mainoffice in a matter of hours. Thom van der Boon E-Mail: Thom.van.der.Boon at vdb.nl ===== Thom.H. van der Boon b.v. Havens 563 Jan Evertsenweg 2-4 NL-3115 JA Schiedam

...but it's still long enough for our monitoring > to detect downtime. > > The configuration we have on each device is: > > conn site-a > keyingtries=0 > keylife=1h > ikelifetime=8h > left=1.1.1.1 > right=2.2.2.2 > > > leftsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24} > > > rightsubnets={x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24,x.x.x.x/24} > pfs=yes > auto=start > authby=secret > dpddelay=30 > dpdtimeout=120 >...

...e, "all" for lots. klipsdebug=none plutodebug=none interfaces=%defaultroute uniqueids=yes # Add connections here conn GDC1 authby=secret auto=start left=%defaultroute leftsourceip=192.168.1.97 leftid=@rx1000test leftsubnet=192.168.1.96/28 ike=aes128-md5-modp1024 esp=aes128-md5 right=160.96.97.248 rightsubnet=192.168.1.0/28 rightsourceip=192.168.1.1 type=tunnel pfs=yes keyingtries=0 #Disable Opportunistic Encryption include /etc/ipsec.d/examples...

Is there a "cookbook" for setting this up? There are examples for setting up a tunnel between two fixed-address networks (e.g. a remote LAN that needs to be "integrated" with a central LAN over IPSec but I can't find anything addressing the other situation -- remote user(s) where the connecting IPs are not known in advance, such as a person with a laptop or smartphone in a

...UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > authby=secret|rsasig > # load and initiate automatically > auto=start > > conn site1 > also=tunnel > leftsubnet=10.0.128.0/22 > rightsubnet=192.168.1.222/32 > > conn site2 > also=tunnel > > > > > > > > > On 1 April 2016 at 15:58, Eero Volotinen <eero.volotinen at iki.fi> wrote: > > So you are using pkcs12 on centos: > > > > https://www.ss...

...SK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > >> authby=secret|rsasig > >> # load and initiate automatically > >> auto=start > >> > >> conn site1 > >> also=tunnel > >> leftsubnet=10.0.128.0/22 > >> rightsubnet=192.168.1.222/32 > >> > >> conn site2 > >> also=tunnel > >> > >> > >> > >> > >> > >> > >> > >> > >> On 1 April 2016 at 15:58, Eero Volotinen &l...

Sorry but I have looked for over two days. Trying every command I could find. There is obviously a misunderstanding somewhere. After generating a key pair with ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets I exported to a file with ipsec showhostkey --ipseckey > file The man pages says ipsec showhostkey outputs in ipsec.conf(5) format, Ie ***.server.net.

Hi Tom, I nearly completed the test and installation related to http://www.shorewall.net/PPTP.htm. However, there is no serious problem when it is operated as it is in the general companies, but there is Client Program for MS-Window that is operated only by Public IP. So I am very concerned about it. I would like to use Internet through Gateway in (B) as local computers in (A) receive Public