-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote:> I am using kernel 2.6.6 native ipsec with racoon and shorewall 2.1.9 > in production for one week now. I just want to tell you that it seems > to run stable here. > > I am going to extend my setup to a 3 gateway setup soon. > Afterwards I will try to also get roadwarriors in. > I will report on that later. >Thanks for the update, Claas!> And again, I want to thank you, TOM, for your great work on shorewall > and for the great job you are doing.You''re welcome, - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBboh3O/MAbZfjDLIRAqfhAJ0SgiDHaj3/9mzgrGQm5EL3OWsL7gCfcf5S 8YJ2sQeCHs1J3W5u7Q3kQSs=iFl0 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Claas, claas@rootdir.de wrote:> I am starting and stopping racoon now by /etc/shorewall/start and > /etc/shorewall/stop. I am not sure if I can do a > > kill `cat /var/run/racoon.pid` > > from /etc/shorewall/stop. And I don''t dare trying, since I am > far far away from the machines and all staff is out, already.You certainly wouldn''t want to do that if you expect to be able to do remote administration.> > I have to do this, this since the rc-scripts for racoon are > somehow buggy. And aditionally, I think it is better to have > racoon to be started and stopped by shorewall.I disagree -- I think you should fix your buggy racoon rc-scripts. I dislike the idea of "shorewall [re]start" changing the state of other services. FWIW, I have no problem with the racoon rc-scripts that are included with SuSE 9.1. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBeARGO/MAbZfjDLIRAuN5AKCyNduht8EpzUsC9MKxEMQx7HyfKwCgiBkT WppRVSuv1ev7tLk+Y60c3PQ=ITYq -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote:>> >>FWIW, I have no problem with the racoon rc-scripts that are included >>with SuSE 9.1. > > But I don''t use SuSE 9.1.That''s why I said FWIW -- I realize that we don''t all use the same distribution.> > What does your system start first? racoon or shorewall? >Shorewall is started first. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBeA7PO/MAbZfjDLIRAi+hAKDCrh41jNno9+D2K5LkC5RJeOc5MACfUT2P phD4PS46u6xmxfKh7k9ZBmE=JgYG -----END PGP SIGNATURE-----