Displaying 20 results from an estimated 900 matches similar to: "[Fwd: Re: Connecting CentOS to IPSEC VPN (Checkpoint FW1)]"
2006 Aug 21
3
Connecting CentOS to IPSEC VPN (Checkpoint FW1)
Hi,
Does anyone have experience using IPSEC on CentOS in order to connect to
vendor IPSEC-based VPN products (specifically Checkpoint FW1) ?
Is the included IPSEC implementation sufficient, or do people have to rely
on OpenSWAN or FreeSWAN ? I'd be testing tomorrow and I'm interested with
experiences others have had and things to look out for.
Thanks in advance,
-- dag wieers, dag
2007 Oct 12
1
OT: a very big problem with ipsec-tools on CentOS5 (SOLVED)
Buf ... Solved. Problem was that /etc/pam.d/racoon doesn't exists (I found this
tip on NetBSD ipsec pages). Simply I have copied /etc/pam.d/passwd to
/etc/pam.d/racoon and now all works as expected.
Many thanks for your help Ross.
Ross S. W. Walker wrote:
>
> I think it might just use another one like /etc/pam.d/remote
> cause I audited the package and it wasn't there.
2007 Oct 12
0
OT: a very big problem with ipsec-tools on CentOS5
Hi all,
I am trying to establish a vpn tunnel between one CentOS5 IPSec server and a
roadwarrior client, CentOS5 too. Roadwarrior use ipsec-tools version 0.6.5-8
(that comes with CentOS5) and server uses version 0.7 (downloaded from
ipsec-tools website).
My server configuration is:
path include "/etc/racoon";
path certificate "/etc/racoon/certs";
path pre_shared_key
2004 Dec 18
0
IPSEC-2.6 Roadwarrior
I''ve successfully tested an IPSEC Roadwarrior configuration where both
the gateway and the roadwarrior are runniing 2.6 with Racoon.
The Shorewall IPSEC-2.6 documentation (http://shorewall.net/IPSEC.htm)
has been updated to reflect my experimentation.
Note that you can get the new ''ipsecvpn'' script from CVS until I release
RC1 in the next day or so.
-Tom
--
Tom
2023 Jul 06
0
njs-0.8.0
Hello,
I'm glad to announce a new release of NGINX JavaScript module (njs).
Notable new features:
- shared dictionaries:
Shared dictionary keeps the key-value pairs shared between worker
processes. This allows to cache data in memory and share it between
workers.
: example.conf:
: # Creates a 1Mb dictionary with string values,
: # removes key-value pairs after 60 seconds of inactivity:
2007 Sep 19
0
Exclude service from IPSec, using ipsec-tools
Hi All,
I''m trying to setup a VPN Between a Linux Box (CentOS 4) and Check
Point FW-1 (NGX R65) and I actually already done this. However I''m
having a problem with Policy "none" when using ports, for example, I
want to exclude
from VPN the "ssh" service, so my commands to setkey was.
# Excluded services ssh
spdadd 172.20.0.0/16[any] 172.16.0.0/16[22] tcp -P
2004 Sep 30
4
IPSec connection from fw itself over vpn
Hello everyone,
I''m not sure whether to place my question here or in the racoon mailing
list or even in that of iptables.
I have created an ipsec connection with racoon in tunnel mode to another
gateway to connect one subnet on each side to each other. This works
fine. Only the ipsec gateway itself can''t send packages to the opposite
subnet.
Shorewall is configured according
2023 Sep 12
0
njs-0.8.1
Hello,
I'm glad to announce a new release of NGINX JavaScript module (njs).
Notable new features:
- Periodic code execution:
js_periodic direcrive specifies a content handler to run at regular
interval.
The handler receives a session object as its first argument, it also has
access
to global objects such as ngx.
: example.conf:
: location @periodics {
: # to be run at 1 minute
2004 Sep 01
0
is centos3.1 compatible with dag's el3 repo?]
-------- Original Message --------
Subject: Re: [Centos] is centos3.1 compatible with dag's el3 repo?
Date: Thu, 26 Aug 2004 10:15:22 +0200
From: sophana <sophana78 at yahoo.fr>
To: Dag Wieers <dag at wieers.com>
References: <412B3E8B.7020805 at yahoo.fr>
<Pine.LNX.4.61.0408241519120.6016 at horsea.3ti.be>
Dag Wieers wrote:
>Correct me if I'm wrong, but
2013 Jul 07
1
Getting ERROR: parsing the volfile failed (No such file or directory) when starting glusterd on Fedora 19
I don't get this. I am using a freshly installed copy of Fedora 19 and starting up glusterd for the first time. The goal is to have a replicated directory on two systems. But for right now, I can't even start up the glusterd daemon right out of the box.
Trying to follow the Quick Start directions at http://gluster.org/community/documentation/index.php/QuickStart is, well, challenging.
2004 Dec 06
5
two firewall and shorewall
Hi,
in my lan I have two firewall, fw1 is the first and manage inte-vlan routing.
Fw2 manage internet and dmz.
fw1 and fw2 have an interface (eth4 for both fw2 and fw1) on the same
subnet that permit to the host behind fw1 to reach internet,
my problem is on fw2:
eth4 is the NIC that connect fw2 and fw1, I would''t like masquerading
hosts behind fw1, so to eth4 of fw2 arrive all
2014 Jan 10
1
Switch mode three-node routing problem
Dear tinc community,
I am using tinc in switch mode. I have three nodes. Two nodes reside on
routers, vpn-eth is bridged with internal lan, each router has several
machines connected to it's internal lan. Third node is the roadwarrior -
"endpoint" linux PC.
When the roadwarrior is off - everything works perfectly, machines on both
sides can communicate without a problem in any
2007 May 24
2
OT: Racoon with virtual ip (roadwarrior client)
Hi all,
Somebody can explains me how can I configure ipsec-tools package to use
private virtual ip address as an openswan does or some doc/howto about it??
I have seen this howto, but doesn't works for me:
http://www.howtoforge.com/racoon_roadwarrior_vpn
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
2005 Sep 07
0
Racoonctl tool under Centos4
Hi all,
We have established several VPN tunnels between two centos4 firewalls
and all works OK. But racoonctl tool returns (command used: racoonctl
show-sa esp) every time this error:
08000000 18c09109
racoonctl: connect: No such file or directory.
This error is produced when /var/racoon/racoon.sock file doesn't
exists. I will try to put "adminsok enabled" and
2003 Jul 03
0
IPSEC, multiple subnets and multiple road warriors, oh my! :)
Hi all,
I''ve been using Shorewall 1.42 for a month on two firewalls at work and
my own personal colocated server and love it. While pretty familiar
with iptables, I don''t like dealing with it on a daily basis, and
Shorewall certainly makes life easier. I''ve deployed Shorewall on both
our Toronto and Ottawa office firewalls, and have configured a
FreeS/WAN IPSEC
2004 Jan 15
2
Crypto API and Shorewall
A number of you are flailing around trying to get the subject combination to
work.
You should all be aware that there are parts of this that don''t currently work
and that won''t work well until there are enhancements made to Shorewall (and
probably to Netfilter).
I. There is no clean way currently to support Road Warriors from a
Masquerading Netfilter firewall/gateway. As
2006 Nov 22
2
Terrible, horrible firewall issues in * to * setup
My mission is to get one * box to dial another * box' extensions. I
have set this up previously without any issues by making a simple IAX
trunk/extension pair on the two boxes and create a dial plan with a
prefix like 9|XXX to select an extension on the other box.
My problem is that I now have to do this with extremely restrictive
firewalls thrown into the mix - firewalls I have no control
2005 May 02
1
Problems with ipsec roadwarrior
Hello,
i have got a problem with the configuration of an roadwarrior ipsec VPN tunnel with shorewall 2.2.3.
I read the Shorewall Kernel 2.6 IPSEC and folowed the instructions to that point
where to modify the hosts with the folowing parameters:
vpn eth0:0.0.0.0/0 ipsec
But i have got an entry like
net eth0:0.0.0.0/0
even in the same file:
If i
2009 May 28
1
Message 11 Syslinux Digest, Vol 74, Issue 24(Re: PXEboot trouble with Soekris 4826 (Miller, Shao)
Hi All,
I am still having troubling with PXE.
Thanks for replying Shao.I did follow ur suggestions and my results have
improved a bit.From Ethereal and TCPdump, I can see that the client
sucessfully dowloads the file pxelinux.0 from the server but stops at this
point.
here is the output of tcpdump
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96
bytes
11:05:41.966864 IP
2004 Oct 25
1
Address Variabme for Roadwarriors]
Thanks for getting back to me so quickly on this.
In thinking about the topology that I am trying to set up, I will
probably only set up a "private" DNS on the VPN for the 10.x.x.x users.
With this in mind, I have now come up with a new question relating to this.
What I will like to do is to give all of the uses, including
roadwarriors, a static IP address on the 10.x.x.x address