Displaying 6 results from an estimated 6 matches for "spds".
Did you mean:
sids
2004 Oct 06
7
Re: IPsec problems with tunneled networks
class wrote on 06/10/2004 11:18:48:
> Hello, I have the following situation:
>
> 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24
> 192.168.176.2 pop3 ipsec
> racoon
>
>
> policy: (Machine A and B)
> -------
> loc vpn ACCEPT
> vpn loc ACCEPT
> all
2004 Oct 06
7
Re: IPsec problems with tunneled networks
class wrote on 06/10/2004 11:18:48:
> Hello, I have the following situation:
>
> 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24
> 192.168.176.2 pop3 ipsec
> racoon
>
>
> policy: (Machine A and B)
> -------
> loc vpn ACCEPT
> vpn loc ACCEPT
> all
2003 Aug 12
0
dynamic IPSEC
...t can be authenticated strikes me as putting the cart before
> the horse.
>
> When I install a "wildcard" host (0.0.0.0) on the static side, racoon only
> negotiates the mobile->static SAD...which is useless & expires. Seems to me
> that racoon needs to update kernel SPDs with wildcards to support mobile
> VPNs. At least that's all I've been able to come up with.
>
> Have you found a silver bullet?
Solution 1:
the silver bullet to allow roaming clients with dynamic address to connect to
your racoon is to have no policy at all defined for them and...
2004 Nov 15
0
IPSec ''require'' not being enforced.
...''d be very grateful :)
Onto the actual problem...
I''m going to be using IPSec to secure a wireless access point. So far,
in my experimentation, i have the tunnel from laptop--AP-->linux_router
and back working fine, all nicely encrypted when both ends are set
up properly. The SPDs look like this on Linux router:
spdadd 192.168.0.0/24 192.168.16.2/32 any -P out ipsec
esp/tunnel/192.168.2.254-192.168.16.2/require
ah/tunnel/192.168.2.254-192.168.16.2/require;
spdadd 192.168.16.2/32 192.168.0.0/24 any -P in ipsec
esp/tunnel/192.168.16.2-192.168...
2004 Dec 19
8
Shorewall 2.2.0 RC1
...establishing an IPSEC SA to/from remote networks. The script has
some limitations:
- Only one instance of the script may be used at a time.
- Only the first SPD accessed will be instantiated at the
remote gateway. So while the script creates SPDs to/from the
remote gateway and each network listed in the NETWORKS setting
at the front of the script, only one of these may be used at a
time.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA...
2007 Feb 01
12
[PATCH] HTB O(1) class lookup
This patch changes HTB''s class storage from hash+lists to a two-level linear
array, so it can do constant time (O(1)) class lookup by classid. It improves
scalability for large number of classes.
Without the patch, ~14k htb classes can starve a Xeon-3.2 at only 15kpps,
using most of it''s cycles traversing lists in htb_find(). The patch
eliminates this problem, and has a