search for: spdflush

Hi everyone, First of all, this is my first post in this ML, so I''m not sure that this is the right place for my question (please don''t shoot me down ;)). For the record, I''ve been reading and using LARTC for almost 3 years now, and it''s a great help for anyone who wants to learn linux networking. My problem: I want to setup a tunnel for the following

...___________________________________________ How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com -------------- next part -------------- ########The 'ipsec.conf' file at Host2 ######### # flush configs flush ; spdflush ; # add a SAD entry add fe80::2b0:d0ff:fe48:7ce7 fe80::2b0:d0ff:fe6f:dfa0 esp 0xFEAD -m transport -E 3des-cbc "ipv6readylogo3descbcout1" -A hmac-sha1 "ipv6readylogsha1out1"; add fe80::2b0:d0ff:fe6f:dfa0 fe80::2b0:d0ff:fe48:7ce7 esp 0xFEED -m transport -E 3des-cbc "ipv6read...

...e add -net 10.70.1.0/24 gw 10.70.3.1'' was executed in C2) - Using Linux kernel 2.6.14.2 in all hosts. R1 and R2 use with native IPSec support, ipsec-tool version 0.5.2, racoon version 0.5.2. - A IPSec tunnel is configured R1-R2. Configuration for setkey in R1: #!/usr/sbin/setkey -f flush; spdflush; spdadd 10.70.1.0/24 10.70.3.0/24 any -P out ipsec esp/tunnel/10.1.1.123-10.1.1.106/require; spdadd 10.70.3.0/24 10.70.1.0/24 any -P in ipsec esp/tunnel/10.1.1.106-10.1.1.123/require; Configuration for setkey in R2. #!/usr/sbin/setkey -f flush; spdflush; spdadd 10.70.1.0/24 10.70.3.0/24 any...

...When I run setkey on the following file, I end up with The result of line 33: File exists. That error isn''t overly helpful, so I was hoping that someone could explain the issue. Here''s the file, with line 33 highlighted. Help appreciated. Mike # Flush the SAD and SPD flush; spdflush; # Add SA for 10.33.15.145 to 10.31.8.96 in tunnel mode add 10.33.15.145 10.31.8.96 esp 0x201 -m tunnel -E 3des-cbc 0xB1A03D22D78D6357084B13E930A27F72ECAFB61B5D398A22 -A hmac-md5 0x2F9FCE98685ED329C2E9A5C6CC7C5E20; # Add SA for 10.31.8.96 to 10.33.15.145 in tunnel mode add 10.31.8.96 10.33...

...lifetime time 300 sec; encryption_algorithm rijndael 256; authentication_algorithm hmac_sha1; compression_algorithm deflate; } padding { randomize on; randomize_length on; strict_check on; } script for setting up policy: #!/usr/bin/setkey -f flush; spdflush; spdadd 192.168.2.10/32 192.168.2.11/32 any -P out ipsec esp/tunnel/192.168.2.10-192.168.2.11/require ah/tunnel/192.168.2.10-192.168.2.11/require; spdadd 192.168.2.11/32 192.168.2.10/32 any -P in ipsec esp/tunnel/192.168.2.11-192.168.2.10/require a...

...ohan. _______________________________________________________ Too much spam in your inbox? Yahoo! Mail gives you the best spam protection for FREE! http://in.mail.yahoo.com -------------- next part -------------- ########The 'ipsec.conf' file at Host1 ######### # flush configs flush ; spdflush ; # add a SAD entry add fe80::2b0:d0ff:fe6f:dfa0 fe80::2b0:d0ff:fe48:7ce7 esp 0xFEED -m transport -E 3des-cbc "host1tohost2host1tohost2" -A hmac-sha1 "host1tohost2hmacsha1"; add fe80::2b0:d0ff:fe48:7ce7 fe80::2b0:d0ff:fe6f:dfa0 esp 0xFEAD -m transport -E 3des-cbc "host2toh...

...___________________________________________ How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com -------------- next part -------------- ########The 'ipsec.conf' file at Host2 ######### # flush configs flush ; spdflush ; # add a SAD entry add fe80::2b0:d0ff:fe48:7ce7 fe80::2b0:d0ff:fe6f:dfa0 esp 0xFEAD -m transport -E 3des-cbc "ipv6readylogo3descbcout1" -A hmac-sha1 "ipv6readylogsha1out1"; add fe80::2b0:d0ff:fe6f:dfa0 fe80::2b0:d0ff:fe48:7ce7 esp 0xFEED -m transport -E 3des-cbc "ipv6read...

class wrote on 06/10/2004 11:18:48: > Hello, I have the following situation: > > 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24 > 192.168.176.2 pop3 ipsec > racoon > > > policy: (Machine A and B) > ------- > loc vpn ACCEPT > vpn loc ACCEPT > all

class wrote on 06/10/2004 11:18:48: > Hello, I have the following situation: > > 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24 > 192.168.176.2 pop3 ipsec > racoon > > > policy: (Machine A and B) > ------- > loc vpn ACCEPT > vpn loc ACCEPT > all

...two subnets: 10.10.42.0/24 and 10.1.1.0/24 using a cisco router "ned" and a linux box "phaedrus". ned has external IP 192.168.1.250 phaedrus has external IP 192.168.1.42 10.10.42.0/24[ned]192.168.1.250 <==> 192.168.1.42[phaedrus]10.1.1.0/24 setkey on phaedrus: flush; spdflush; spdadd 10.10.42.0/24 10.1.1.0/24 any -P in ipsec esp/tunnel/192.168.1.250-192.168.1.42/require ah/tunnel/192.168.1.250-192.168.1.42/require; spdadd 10.1.1.0/24 10.10.42.0/24 any -P out ipsec esp/tunnel/192.168.1.42-192.168.1.250/require ah/tunnel/192.168.1.42-...

...I exchanged data between Memphis and internet, the ip header is not protected by AH , I can see the destination adress with tcpdump! Can somebody help me? Thanks in advance! Here is my configuration file for Zeus (it''s nearly the same for Memphis) Setkey : #!/user/sbin/setkey -f flush; spdflush; spdadd 192.168.1.2/32 0.0.0.0/0 any -P out ipsec esp/tunnel/192.168.1.2-192.168.1.1/require ah/tunnel/192.168.1.2-192.168.1.1/require; spdadd 0.0.0.0/0 192.168.1.2/32 any -P in ipsec esp/tunnel/192.168.1.1-192.168.1.2/require ah/tunnel/192.168.1.1-192.168.1.2/require; Racoon.conf remote 192.168...

...So, is it possible to do what I want?? Origian my traffic to 192.168.10.0/24 directly from Host B, using IPSec? Is it a matter of my IPSec conf, or I must do some NAT trick or something to achieve this?? This is my actual configuration for Host A: #/etc/ipsec.conf # #!/sbin/setkey -f flush; spdflush; spdadd 192.168.10.0/24 192.168.20.0/24 any -P out ipsec esp/tunnel/192.168.0.67-192.168.0.254/require; spdadd 192.168.20.0/24 192.168.10.0/24 any -P in ipsec esp/tunnel/192.168.0.254-192.168.0.67/require; -------- #/etc/raccon/raccon.conf # path include "/etc/raco...

Hi everyone, I wrote up a post on the FreeBSD forums about the issue I am having. It's rather long so I am providing a link to it here: http://forums.freebsd.org/showthread.php?t=39595 In summary, it seems that when the packets are routed in to the gateway from local network hosts, the src and dst addresses are changed to the public IPs of the tunnel -- at least from the perspective of the

Hi, When a IPSec tunnel is established between two peers, I understand that the "normal" situation is to have in a given moment two SAs, one for each direction of the tunnel. However, in one of my tunnels (peer P1 running GNU/Linux with setkey and racoon; peer P2 is a Cisco router) there is a large number (around 19) of SAs established (this has been observed in P1 with

[FreeBSD 7-STABLE/i386] Hello, I've got a 100 % reproductible panic with ipsec when using a 'ping -s 4000'. It works without ipsec My ipsec setup is very simple, i just use setkey: /etc/ipsec.conf flush; spdflush; add 192.168.1.21 192.168.1.200 esp 1011 -E rijndael-cbc "0123456789012345"; add 192.168.1.200 192.168.1.21 esp 1012 -E rijndael-cbc "0123456789012345"; spdadd 192.168.1.200 192.168.1.21 any -P out ipsec esp/transport//require; spdadd 192.168.1.21 192.168.1.200 any -P in ipse...

Hi, Thanks to some pointers from Christian Kratzer, I am now able to join the office VPN from a random WiFi hotspot. With the configuration files changes detailed below, from a public WiFi hotspot I can now use this 3 step procedure to login to the office VPN. 1) While at hotspot, boot up my -STABLE laptop. 2) Insert wireless card. 3) "rsh server" This procedure works for a DHCP

...address 1.2.3.4/32 any > { > pfs_group 2; > lifetime time 12 hour ; > encryption_algorithm blowfish ; > authentication_algorithm hmac_sha1, hmac_md5 ; > compression_algorithm deflate ; > } /etc/racoon/setkey.conf (dynamically generated): > flush; > spdflush; > spdadd 5.6.7.8/32 1.2.3.4/32 any -P out ipsec esp/tunnel/5.6.7.8- 1.2.3.4/require; > spdadd 1.2.3.4/32 5.6.7.8/32 any -P in ipsec esp/tunnel/1.2.3.4- 5.6.7.8/require; > spdadd 1.2.3.4/32 192.168.3.0/24 any -P out ipsec esp/tunnel/1.2.3.4- 5.6.7.8/require; > spdadd 192.168.3.0/24...