similar to: VPN

IF you are not stuck to IPSec, you might want to take a look at OpenVPN (www.openvpn.org). I found OpenVPN easier to install than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution between my German office and our mainoffice in a matter of hours. Thom van der Boon E-Mail: Thom.van.der.Boon at vdb.nl ===== Thom.H. van der Boon b.v. Havens 563 Jan Evertsenweg 2-4 NL-3115 JA Schiedam

Hi, Problem: I want 2 vpn tunnels for 2 subnets over one interface ipsec0. Documentation only describes config for 1 vpn or road warriors. I defined 2 vpn zones ''fre'' and ''swe''. #ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local fre VPN_Fre VPN Fre swe VPN_Swe VPN Swe Interface ipsec0 is tunnel over eth1. Local is eth0. ipsec0 serves 2 zones: fre

I am new to Shorewall and FreeSwan, please excuse my ignorance I was wondering if someone could help me. I had help getting my FreeSwan running with the following iptables commands: iptables -I FORWARD -s 0/0 -d 192.168.1.0/24 -i ipsec0 -o eth1 -j ACCEPT iptables -I FORWARD -s 192.168.1.0/24 -d 0/0 -i eth1 -o ipsec0 -j ACCEPT If I manually run this FreeSwan works, however I am not sure

Tuomo Soini wrote: > You don''t happen to read shorewall-devel mailinglist ? I read it -- I just didn''t know what to make of your post and it arrived while I was on vacation. What exactly are you trying to accomplish that Shorewall isn''t doing for you now? e.g. /etc/shorewall/zones rw Roadwarriors Road Warriors /etc/shorewall/interfraces rw ipsec+

Hello, I seem to have the Freeswan IPSEC tunnel working between my two sites, but I am still having a problem that looks to be because of something I have configured wrong in my shorewall setup.. I have a LEAF Oxygen < 1.9 heavily modifed firewall setup.. Using FreeSwan 1.91, and Kernel 2.4.8. Modified to use IPTables and standard Debian network/interfaces. I am also using Shorewall

Hi all! I have got a vpn connection set up using FreeSwan and shorewall. Everything works fine but I want to add another subnet to the whole. This means that 1 box will get two net-to-net connections. I want to limit the services on one subnet however. Cuurently I have defined a vpn zone for the current connection and allow all vpn<->loc traffic. How would I go about in tightening the

Hi. I am trying to force some traffic that goes to address 203.7.93.94 through a VPN tunnel. I use freeswan 1.98b and Shorewall 1.4.6c in one machine. The 203.7.93.94 is in the DMZ on the other end. (Both ends use the same shorewall and freeswan). I have successfully set up a tunnel between the two network (using a point to point topology, not hub). I added a static routing that redirect

hi, I can''t get a freeswan 2.02 ipsec x509 connection at work can somebody help me? ************************************************************************************* global situation ************************************************************************************* the linux gateway (chivas) is a single machine 192.168.1.250 with a local net 192.168.1.0/24, a dyn IP via a DSL

Hello, I have a population of 2000+ zoo time series (but my environment also contains objects that are not zoo time series). I'm trying to calculate the latest 90 days Z-Score of all zoo time series, using the following code: LZS<-function(ser) { temp<-window(ser,start=Sys.Date()-90) last((temp-mean(temp))/sd(temp)) } sapply(ls(), LZS ) The LZS function works on individual zoo time

Hi, after migrating to shorewall firewall from my own iptables rule set (to utilise freeswan vpn tunnels) I have successfully configured a 3 interface firewall with net2net vpn tunnels, with the help of the shorewall documentation. However I cannot seem to configure my final step which is to masq another subnet attached to my LAN (LANB, via Cisco 1603 router) to get internet access via the

Hi, Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey on which I have one address on my side acting as an SNAT router for all traffic from my network to a network segment on the far side. my network --- my gateway ---------------------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can

Hello, it looks like the usual way to do ipsec on centos5 won't work anymore on centos6 I installed ipsec-tools but an interface type IPsec is not recognized by the kernel ifup ipsec0 Device does not seem to be present, delaying initialization. I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5 any hints ? thank you

Hi, I use shorewall on 2 computers and I''m really happy with it. But now I came over a special case where my wisdom ends. I have 2 VPNs running via FreeS/WAN on the firewall host, and now I want to replace my hand made setup with shorewall. I use the same FreeS/WAN setup as it is working already. I read through the documentation but there are only examples of 1 static net2net VPN and 3

Hi, I previously had extlinux 3.07 booting off a VMWare SCSI disk fine. After upgrading to 3.08, the system seem to hang after the EXTLINUX welcome/copyright message, even before the boot: prompt appears. Verified that downgrading back to 3.07 is fine, re-upgrading to 3.08 hangs again. Any ideas what might be wrong? Thanks. Regards, .lzs -- Lai Zit Seng http://pobox.com/~lzs/

Hello! I am using shorewall shorewall-2.0.11-1 on fedora core2 (iptables-1.2.9-95.7). My box has 2 physical nic´s plus one virt. ipsec interface for a freeswan-vpn connection. A few days ago, portsentry spit out a lot of connections from windows clients (port 135, 445). Ooops. I review my shorewall settings but could not find a mistake. So I took a win-client and established a second

I have just setup a VPN connection three sites using IPCOP. Everything seems to be talking ok, apart from browsing the network neighborhood. There are no NT/Win2K/XP servers running on any of the sites, all sites are just running win98 pc's using tcp/ip. I have tried configuring all PC's to be on the same workgroup and setup sharing, but still each site can only see the pc's

I am attempting to create an ipsec tunnel between two CentOS 5.1 systems, network-to-network with two different 192.168.xxx.0/24 LAN segments. I have gone through the documentation on the centos web site, and have the machines to the point where the /var/log/messages show ``IPsec-SA established'' on both machines after runnig ``ifup ipsec0'' (same ipsec0 on each machine). IP

I am have a shorewall firewall and freeswan ipsec running on a redhat 8.0 Linux gateway machine. I have one working tunnel defined, all works well. I am not clear how to define mutiple concurrent tunnels. I can not add further interface entries as all the tunnels come in on ipsec0, do I still have mutiple zone definitions? some of the tunnels will be dynamic roadwarriors and as such would need a

Hi, I am having a problem booting from a disk installed with extlinux. The exact configuration that worked with version 3.36, when upgraded to 3.50, appears to still work on the same disk. But if I zap out the disk (i.e. start from scratch again) and install extlinux, the disk fails to boot. Extlinux stops at the boot: prompt after displaying "Could not find kernel image: linux". It

The second Beta is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta Function from 1.3 that has been omitted from this version includes: 1) The ''check'' command is no longer supported. 2) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.