Displaying 5 results from an estimated 5 matches for "netkey".
Did you mean:
setkey
2009 Aug 12
6
Shorewall (Openswan) IPSEC VPN MASQ Problem
Hi,
I have setup a IPSEC VPN using Openswan to connect a Draytek router to a
CentOS 5.2/Shorewall 4.2.9 firewall. The VPN establishes OK but I''m
getting a problem with packets from the left hand subnet getting
masqueraded rather than routed down the IPSEC VPN as though they were
going out onto the net. I''ve spent the last day searching Google and so
far I''ve hit a
2014 Feb 08
1
openswan and ipsec
# ipsec verify
...
If you encounter network related SElinux errors, especially when using KLIPS,
try disabling SElinux
...
Well, it is not running KLIPS but netkey, anyways
I feel not comfortable about disabling selinux on a ipsec router.
I am not sure how to handle possible probems in this case, too.
If I decide not to disable selinux, and I run into problems, should I
a) report it to redhat as a bug, because it is
b) disable selinux because ipsec is not m...
2003 Sep 11
2
FAST_IPSEC doesn't seem to honor net.key.prefered_oldsa=0
...of the SA is expired and do
a setkey -F on the remote and then ping through the tunnel. Because
the old SA's are preferred and the remote no longer has the old SA's
the server and the remote cannot talk through the tunnel. Looking
at the source code in netipsec/key.c and comparing it with
netkey/key.c I see the there is some differences that didn't make it
into netipsec/key.c.
Here is a context diff applied to 1.3.2.2 of the changes I made to fix
the problem.
*** /tmp/ipsec.key.c Thu Sep 11 14:26:07 2003
--- /usr/src/sys/netipsec/key.c Thu Sep 11 14:27:42 2003
***************
***...
2006 May 23
0
ipsec and Centos3.7
Hi,
I want to connect to a Cisco Pix using ipsec.
In RH9 I was able to compile openswan 2.4.0 and use it, but
in Centos 3.7 I can apply the openswan klips patch.
I noted that the centos 3.7 kernel has a ipsec patch from redhat,
does this NETKEY patch works with openswan?
What ipsec solution do I have in centos 3.7? Should I
use another kernel?
many thanks
Oliver
--
Oliver Schulze L.
<oliver at samera.com.py>
2014 Mar 07
2
Latest openswan update does no longer connect to Cisco VPN 3000 Series
...tf-ipsec-nat-t-ike-05
Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: ASSERTION FAILED
at /builddir/build/BUILD/openswan-2.6.32/programs/pluto/ikev1_main.c:1112:
st->st_sec_in_use==FALSE
Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: using kernel
interface: netkey
....
Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: #2:
"ciscovpntest":500 STATE_MAIN_I1 (sent MI1, expecting MR1);
EVENT_RETRANSMIT in 39s; nodpd; idle; import:admin initiate
Mar 7 16:24:53 firewall pluto[7647]: "ciscovpntest" #2: #2: pending Phase
2 for &q...