dear all, I''m trying to install and test IPsec VPN option of shorewall. But when I launch installation of Racoon and Ipsec-tools, I get error messages below: marina:/tmp# aptitude install racoon ipsec-tools ............ Paramétrage de ipsec-tools (0.6.6-3.1etch1) ... Paramétrage de racoon (0.6.6-3.1etch1) ... Generating /etc/default/racoon... Loading IPSEC/crypto modules... FATAL: Module /lib/modules/2.6.18_4_686/kernel/lib/zlib_deflate/zlib_deflate.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/aes.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/serpent.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/deflate.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/khazad.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/crc32c.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/crypto_null.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/michael_mic.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/blowfish.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/des.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/cast6.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/anubis.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/sha256.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/arc4.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/sha1.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/cast5.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/twofish.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/tea.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/tgr192.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/wp512.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/md4.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/sha512.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/net/xfrm/xfrm_user.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/net/key/af_key.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/net/ipv4/ah4.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/net/ipv4/esp4.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/net/ipv4/ipcomp.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/net/ipv6/ah6.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/net/ipv6/esp6.ko not found. FATAL: Module /lib/modules/2.6.18_4_686/kernel/net/ipv6/ipcomp6.ko not found. IPSEC/crypto modules loaded. Flushing SAD and SPD... SAD and SPD flushed. Loading SAD and SPD... SAD and SPD loaded. Configuring racoon...racoon not running. done. Starting IKE (ISAKMP/Oakley) server: racoon. marina:/tmp# Please help me to success this installation. I must deploy this solution next week in one company. Thanks more for your replies and help. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Mon, 1 Oct 2007 08:34:55 +0100, kdclaver@gmail.com said:> Please help me to success this installation. I must deploy this solution > next week in one company.I can''t see that this is a Shorewall problem. Unless you really HAVE to use racoon, I would suggest you use OpenVPN instead, which is an order of magnitude easier to configure than racoon. If you must use racoon, there are documents out there that can help you, but if you haven''t done it before then I strongly suggest you set it up on a test system first and don''t worry about firewalling it until after you have it working. Keith -- Keith Edmunds +---------------------------------------------------------------------+ | Tiger Computing Ltd | Helping businesses make the most of Linux | | "The Linux Company" | http://www.tiger-computing.co.uk | +---------------------------------------------------------------------+ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Well,
I will describe the solution I must install and I think will give you more
ideas to help me.
I have three (03) sites to interconnect via Internet with VPN. Below the
design
[site A]------------------vpn1-----------------[site B]
| |
vpn2 vpn3
|_____________ [site C] ______________|
Each site get an Internet access and Public IPv4 address and I must
configure shorewall to deliver proxy service, firewall to protect the LAN
and a secure VPN via Internet.
Thanks more to help me find the best solution.
2007/10/1, Keith Edmunds <kae@midnighthax.com>:>
> On Mon, 1 Oct 2007 08:34:55 +0100, kdclaver@gmail.com said:
>
> > Please help me to success this installation. I must deploy this
solution
> > next week in one company.
>
> I can''t see that this is a Shorewall problem. Unless you really
HAVE to
> use racoon, I would suggest you use OpenVPN instead, which is an order of
> magnitude easier to configure than racoon. If you must use racoon, there
> are documents out there that can help you, but if you haven''t done
it
> before then I strongly suggest you set it up on a test system first and
> don''t worry about firewalling it until after you have it working.
>
> Keith
>
> --
> Keith Edmunds
>
> +---------------------------------------------------------------------+
> | Tiger Computing Ltd | Helping businesses make the most of Linux |
> | "The Linux Company" | http://www.tiger-computing.co.uk
|
> +---------------------------------------------------------------------+
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Mon, 1 Oct 2007 08:55:06 +0100, kdclaver@gmail.com said:> Each site get an Internet access and Public IPv4 address and I must > configure shorewall to deliver proxy service, firewall to protect the LAN > and a secure VPN via Internet.Use OpenVPN. Much, much easier than racoon. Great documentation re OpenVPN on the OpenVPN website, and great documentation on using Shorewall with OpenVPN on the Shorewall website. Regards, Keith -- Keith Edmunds +---------------------------------------------------------------------+ | Tiger Computing Ltd | Helping businesses make the most of Linux | | "The Linux Company" | http://www.tiger-computing.co.uk | +---------------------------------------------------------------------+ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
can you please send me url I can''t locate them on shorewall website. Thanks more 2007/10/1, Keith Edmunds <kae@midnighthax.com>:> > On Mon, 1 Oct 2007 08:55:06 +0100, kdclaver@gmail.com said: > > > Each site get an Internet access and Public IPv4 address and I must > > configure shorewall to deliver proxy service, firewall to protect the > LAN > > and a secure VPN via Internet. > > Use OpenVPN. Much, much easier than racoon. Great documentation re > OpenVPN on the OpenVPN website, and great documentation on using Shorewall > with OpenVPN on the Shorewall website. > > Regards, > Keith > > -- > Keith Edmunds > > +---------------------------------------------------------------------+ > | Tiger Computing Ltd | Helping businesses make the most of Linux | > | "The Linux Company" | http://www.tiger-computing.co.uk | > +---------------------------------------------------------------------+ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Mon, Oct 01, 2007 at 08:34:55AM +0100, Dominique Claver KOUAME wrote:> dear all, > I''m trying to install and test IPsec VPN option of shorewall. But when I > launch installation of Racoon and Ipsec-tools, I get error messages below: > > marina:/tmp# aptitude install racoon ipsec-tools > ............ > Paramétrage de ipsec-tools (0.6.6-3.1etch1) ... > Paramétrage de racoon (0.6.6-3.1etch1) ... > Generating /etc/default/racoon... > Loading IPSEC/crypto modules... > FATAL: Module > /lib/modules/2.6.18_4_686/kernel/lib/zlib_deflate/zlib_deflate.ko not found. > FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/aes.ko not found. > FATAL: Module /lib/modules/2.6.18_4_686/kernel/crypto/serpent.ko not found.A few things: - Why racoon? Why not just use OpenSwan? - The directory for the kernel modules is /lib/modules/2.6.18-4-686/ (note that there are hyphens instead of underscores, a bug in racoon, perhaps?) - You are running a vulnerable kernel. The latest packages are linux-2.6.18-5-$(ARCH) at version 2.6.18.dfsg.1-13etch3. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Mon, Oct 01, 2007 at 09:59:20AM +0100, Keith Edmunds wrote:> On Mon, 1 Oct 2007 08:55:06 +0100, kdclaver@gmail.com said: > > > Each site get an Internet access and Public IPv4 address and I must > > configure shorewall to deliver proxy service, firewall to protect the LAN > > and a secure VPN via Internet. > > Use OpenVPN. Much, much easier than racoon. Great documentation re > OpenVPN on the OpenVPN website, and great documentation on using Shorewall > with OpenVPN on the Shorewall website. >I would have to agree, especially if you are doing site-to-site and you don''t have to support road-warriors. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Mon, Oct 01, 2007 at 10:13:52AM +0100, Dominique Claver KOUAME wrote:> can you please send me url I can''t locate them on shorewall website. >http://www.google.com/search?hl=en&q=openvpn&btnG=Google+Search http://www.google.com/search?hl=en&q=site%3Ashorewall.net+openvpn&btnG=Google+Search Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/