Displaying 17 results from an estimated 17 matches for "spdflush".
Did you mean:
pdflush
2005 Apr 27
5
26sec kame ipsec tunnel : packets leave unencrypted...
Hi everyone,
First of all, this is my first post in this ML, so I''m not sure that this
is the right place for my question (please don''t shoot me down ;)). For
the record, I''ve been reading and using LARTC for almost 3 years now, and
it''s a great help for anyone who wants to learn linux networking.
My problem:
I want to setup a tunnel for the following
2005 Jun 30
0
Problem with IPSec tunnel, using IPv6 addresses, .........
...___________________________________________
How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com
-------------- next part --------------
########The 'ipsec.conf' file at Host2 #########
# flush configs
flush ;
spdflush ;
# add a SAD entry
add fe80::2b0:d0ff:fe48:7ce7 fe80::2b0:d0ff:fe6f:dfa0 esp 0xFEAD -m transport -E 3des-cbc
"ipv6readylogo3descbcout1" -A hmac-sha1 "ipv6readylogsha1out1";
add fe80::2b0:d0ff:fe6f:dfa0 fe80::2b0:d0ff:fe48:7ce7 esp 0xFEED -m transport -E 3des-cbc
"ipv6read...
2006 May 31
0
IPSec tunnels and routing: strange behaviour
...e add -net 10.70.1.0/24
gw 10.70.3.1'' was executed in C2)
- Using Linux kernel 2.6.14.2 in all hosts. R1 and R2 use with native IPSec
support, ipsec-tool version 0.5.2, racoon version 0.5.2.
- A IPSec tunnel is configured R1-R2. Configuration for setkey in R1:
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 10.70.1.0/24 10.70.3.0/24 any -P out ipsec
esp/tunnel/10.1.1.123-10.1.1.106/require;
spdadd 10.70.3.0/24 10.70.1.0/24 any -P in ipsec
esp/tunnel/10.1.1.106-10.1.1.123/require;
Configuration for setkey in R2.
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 10.70.1.0/24 10.70.3.0/24 any...
2007 Mar 05
1
File exists?
...When I run setkey on the following file, I end up with
The result of line 33: File exists.
That error isn''t overly helpful, so I was hoping that someone could explain
the issue.
Here''s the file, with line 33 highlighted.
Help appreciated.
Mike
# Flush the SAD and SPD
flush;
spdflush;
# Add SA for 10.33.15.145 to 10.31.8.96 in tunnel mode
add 10.33.15.145 10.31.8.96 esp 0x201 -m tunnel -E 3des-cbc
0xB1A03D22D78D6357084B13E930A27F72ECAFB61B5D398A22
-A hmac-md5 0x2F9FCE98685ED329C2E9A5C6CC7C5E20;
# Add SA for 10.31.8.96 to 10.33.15.145 in tunnel mode
add 10.31.8.96 10.33...
2004 Sep 24
2
strange behavior of ipsec tunnel mode
...lifetime time 300 sec;
encryption_algorithm rijndael 256;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
padding {
randomize on;
randomize_length on;
strict_check on;
}
script for setting up policy:
#!/usr/bin/setkey -f
flush;
spdflush;
spdadd 192.168.2.10/32 192.168.2.11/32 any -P out ipsec
esp/tunnel/192.168.2.10-192.168.2.11/require
ah/tunnel/192.168.2.10-192.168.2.11/require;
spdadd 192.168.2.11/32 192.168.2.10/32 any -P in ipsec
esp/tunnel/192.168.2.11-192.168.2.10/require
a...
2005 Jul 01
1
Problem with IPSec tunnel, using IPv6 addresses, between Two FreeBSD systems.....
...ohan.
_______________________________________________________
Too much spam in your inbox? Yahoo! Mail gives you the best spam protection for FREE! http://in.mail.yahoo.com
-------------- next part --------------
########The 'ipsec.conf' file at Host1 #########
# flush configs
flush ;
spdflush ;
# add a SAD entry
add fe80::2b0:d0ff:fe6f:dfa0 fe80::2b0:d0ff:fe48:7ce7 esp 0xFEED -m transport -E 3des-cbc
"host1tohost2host1tohost2" -A hmac-sha1 "host1tohost2hmacsha1";
add fe80::2b0:d0ff:fe48:7ce7 fe80::2b0:d0ff:fe6f:dfa0 esp 0xFEAD -m transport -E 3des-cbc
"host2toh...
2005 Jun 30
1
Problem with IPSec tunnel, using IPv6 addresses, between Two FreeBSD systems...?
...___________________________________________
How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com
-------------- next part --------------
########The 'ipsec.conf' file at Host2 #########
# flush configs
flush ;
spdflush ;
# add a SAD entry
add fe80::2b0:d0ff:fe48:7ce7 fe80::2b0:d0ff:fe6f:dfa0 esp 0xFEAD -m transport -E 3des-cbc
"ipv6readylogo3descbcout1" -A hmac-sha1 "ipv6readylogsha1out1";
add fe80::2b0:d0ff:fe6f:dfa0 fe80::2b0:d0ff:fe48:7ce7 esp 0xFEED -m transport -E 3des-cbc
"ipv6read...
2004 Oct 06
7
Re: IPsec problems with tunneled networks
class wrote on 06/10/2004 11:18:48:
> Hello, I have the following situation:
>
> 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24
> 192.168.176.2 pop3 ipsec
> racoon
>
>
> policy: (Machine A and B)
> -------
> loc vpn ACCEPT
> vpn loc ACCEPT
> all
2004 Oct 06
7
Re: IPsec problems with tunneled networks
class wrote on 06/10/2004 11:18:48:
> Hello, I have the following situation:
>
> 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24
> 192.168.176.2 pop3 ipsec
> racoon
>
>
> policy: (Machine A and B)
> -------
> loc vpn ACCEPT
> vpn loc ACCEPT
> all
2004 Oct 22
0
IPSec tunnel mode with IKE daemon
...two subnets: 10.10.42.0/24 and
10.1.1.0/24 using a cisco router "ned" and a linux box "phaedrus".
ned has external IP 192.168.1.250
phaedrus has external IP 192.168.1.42
10.10.42.0/24[ned]192.168.1.250 <==> 192.168.1.42[phaedrus]10.1.1.0/24
setkey on phaedrus:
flush;
spdflush;
spdadd 10.10.42.0/24 10.1.1.0/24 any -P in ipsec
esp/tunnel/192.168.1.250-192.168.1.42/require
ah/tunnel/192.168.1.250-192.168.1.42/require;
spdadd 10.1.1.0/24 10.10.42.0/24 any -P out ipsec
esp/tunnel/192.168.1.42-192.168.1.250/require
ah/tunnel/192.168.1.42-...
2004 Sep 04
0
Ipsec and kernel 2.6.8
...I exchanged data between Memphis and internet, the
ip header is not protected by AH , I can see the destination adress with
tcpdump!
Can somebody help me? Thanks in advance!
Here is my configuration file for Zeus (it''s nearly the same for Memphis)
Setkey :
#!/user/sbin/setkey -f
flush;
spdflush;
spdadd 192.168.1.2/32 0.0.0.0/0 any -P out ipsec
esp/tunnel/192.168.1.2-192.168.1.1/require
ah/tunnel/192.168.1.2-192.168.1.1/require;
spdadd 0.0.0.0/0 192.168.1.2/32 any -P in ipsec
esp/tunnel/192.168.1.1-192.168.1.2/require
ah/tunnel/192.168.1.1-192.168.1.2/require;
Racoon.conf
remote 192.168...
2004 Nov 15
1
IPSec tunnel
...So, is it possible to do what I want?? Origian my traffic to
192.168.10.0/24 directly from Host B, using IPSec?
Is it a matter of my IPSec conf, or I must do some NAT trick or
something to achieve this??
This is my actual configuration for Host A:
#/etc/ipsec.conf
#
#!/sbin/setkey -f
flush;
spdflush;
spdadd 192.168.10.0/24 192.168.20.0/24 any -P out ipsec
esp/tunnel/192.168.0.67-192.168.0.254/require;
spdadd 192.168.20.0/24 192.168.10.0/24 any -P in ipsec
esp/tunnel/192.168.0.254-192.168.0.67/require;
--------
#/etc/raccon/raccon.conf
#
path include "/etc/raco...
2013 May 17
1
PF + gif + ipsec + racoon + routing problems results in insecure ipsec vpn
Hi everyone,
I wrote up a post on the FreeBSD forums about the issue I am having. It's rather long so I am providing a link to it here: http://forums.freebsd.org/showthread.php?t=39595
In summary, it seems that when the packets are routed in to the gateway from local network hosts, the src and dst addresses are changed to the public IPs of the tunnel -- at least from the perspective of the
2007 May 04
1
Multiple SA in the same IPSec tunnel
Hi,
When a IPSec tunnel is established between two peers, I understand that the
"normal" situation is to have in a given moment two SAs, one for each
direction of the tunnel.
However, in one of my tunnels (peer P1 running GNU/Linux with setkey and
racoon; peer P2 is a Cisco router) there is a large number (around 19) of
SAs established (this has been observed in P1 with
2008 Jun 12
1
[7-STABLE] ping -s 4000 with ipsec panic
[FreeBSD 7-STABLE/i386]
Hello,
I've got a 100 % reproductible panic with ipsec when using a
'ping -s 4000'. It works without ipsec
My ipsec setup is very simple, i just use setkey:
/etc/ipsec.conf
flush;
spdflush;
add 192.168.1.21 192.168.1.200 esp 1011 -E rijndael-cbc
"0123456789012345";
add 192.168.1.200 192.168.1.21 esp 1012 -E rijndael-cbc
"0123456789012345";
spdadd 192.168.1.200 192.168.1.21 any -P out ipsec
esp/transport//require;
spdadd 192.168.1.21 192.168.1.200 any -P in ipse...
2003 Aug 18
3
dynamic IPSEC: Holy grail sighted
Hi,
Thanks to some pointers from Christian Kratzer, I am now able to join the
office VPN from a random WiFi hotspot. With the configuration files changes
detailed below, from a public WiFi hotspot I can now use this 3 step
procedure to login to the office VPN.
1) While at hotspot, boot up my -STABLE laptop.
2) Insert wireless card.
3) "rsh server"
This procedure works for a DHCP
2007 Sep 03
3
Shorewall + IPSec: help debugging why gw1<->gw2 SA works, but loc<->gw2 traffic doesn't trigger SA
...address 1.2.3.4/32 any
> {
> pfs_group 2;
> lifetime time 12 hour ;
> encryption_algorithm blowfish ;
> authentication_algorithm hmac_sha1, hmac_md5 ;
> compression_algorithm deflate ;
> }
/etc/racoon/setkey.conf (dynamically generated):
> flush;
> spdflush;
> spdadd 5.6.7.8/32 1.2.3.4/32 any -P out ipsec esp/tunnel/5.6.7.8-
1.2.3.4/require;
> spdadd 1.2.3.4/32 5.6.7.8/32 any -P in ipsec esp/tunnel/1.2.3.4-
5.6.7.8/require;
> spdadd 1.2.3.4/32 192.168.3.0/24 any -P out ipsec esp/tunnel/1.2.3.4-
5.6.7.8/require;
> spdadd 192.168.3.0/24...