similar to: IPSec debug

I have no idea whatsoever as to why racoon/IKE does not work here. I've tried various how-to documents but found nothing that works for me. Gateway (10.0.0.1) running 4.9-stable. Laptop (10.0.0.10) running 5.2.1-release. Both running racoon-20040408a On the gateway 10.0.0.1 # cat /etc/ipsec.conf add 10.0.0.1 10.0.0.10 esp 691 -E rijndael-cbc "1234567890123456" -A hmac-sha1

Hi, I have been using IPsec to communicate between a laptop that tracks -stable and a Linksys BEFVP41 router. I only use it infrequently, but it's been working great. My setup is as described in http://grapeape.alerce.com/linksys-ipsec/article.html (which I am planning to submit to the handbook when it's done). I'm no longer able to make an ipsec connection, and I can't put my

hi all, i got flooded by these msgs like 1000+ lines, any idea? my kernel is dated Nov-30 FreeBSD 4.9-stable # tail -f /var/log/messages Jan 18 19:43:23 xb /kernel: arp: 202.79.180.1 moved from 00:04:5a:49:eb:74 to 00:50:0f:4f:c0:00 on rl0 Jan 18 19:45:06 xb /kernel: arp: 202.79.180.1 moved from 00:50:0f:4f:c0:00 to 00:04:5a:49:eb:74 on rl0 Jan 18 19:45:18 xb /kernel: arp: 202.79.180.1 moved from

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:18.openssl Security Advisory The FreeBSD Project Topic: OpenSSL vulnerabilities in ASN.1 parsing Category: crypto Module: openssl Announced:

HI everyone, I have resently installed a jail environment on my freebsd box, and had some problems getting postgresql running under it. After looking a bit on various mailinglists i figured out that I needed to set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql run. However man jail gives me: jail.sysvipc_allowed This MIB entry determines whether or not

> -----Original Message----- > From: Greg Panula [mailto:greg.panula@dolaninformation.com] > Sent: 12 May 2003 11:10 > To: Matthew Braithwaite > Cc: stable@freebsd.org > Subject: Re: iHEADS UP: ipsec packet filtering change > > You don't really need the gif tunnels for ipsec. Gif is more geared > towards ipv4 <=> ipv6 type tunnels. A few of ipsec

Hi folks, I've been working on getting my WiFi network running with IPsec. I'm at the point where all traffic on the wifi subnet is encrypted (i.e. ESP). Then I tried to add AH to the equation. I failed. This picture describes the network setup: http://beta.freebsddiary.org/images/ipsec-wireless.gif Here's what I'm trying and failing with. With these rules, I get no

http://wiki.freebsd.org/JailResourceLimits Is this anthing people are working on? Is it on its way to RELENG_7? Is there a 7-version of the patch or anything? This would be a _VERY_ useful feature. -- Peter Ankerst?l peter@pean.org

Hello, I''m trying to put 3 nodes in a vpn in tunnel mode. When I run setkey on the following file, I end up with The result of line 33: File exists. That error isn''t overly helpful, so I was hoping that someone could explain the issue. Here''s the file, with line 33 highlighted. Help appreciated. Mike # Flush the SAD and SPD flush; spdflush; # Add SA for

Hi All, I''m trying to setup a VPN Between a Linux Box (CentOS 4) and Check Point FW-1 (NGX R65) and I actually already done this. However I''m having a problem with Policy "none" when using ports, for example, I want to exclude from VPN the "ssh" service, so my commands to setkey was. # Excluded services ssh spdadd 172.20.0.0/16[any] 172.16.0.0/16[22] tcp -P

Hi everyone, First of all, this is my first post in this ML, so I''m not sure that this is the right place for my question (please don''t shoot me down ;)). For the record, I''ve been reading and using LARTC for almost 3 years now, and it''s a great help for anyone who wants to learn linux networking. My problem: I want to setup a tunnel for the following

Dear list, I''m running Shorewall on a dedicated Fedora 7 box. Shorewall is working well as an office DSL router (dynamic IP) with loc and dmz zones. I am now trying to configure IPSec to connect a VPS, "casp", with a static IP to both the firewall and to the loc network behind it. The host to host SA works fine. However, pings from "loc" to "casp" can be

class wrote on 06/10/2004 11:18:48: > Hello, I have the following situation: > > 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24 > 192.168.176.2 pop3 ipsec > racoon > > > policy: (Machine A and B) > ------- > loc vpn ACCEPT > vpn loc ACCEPT > all

class wrote on 06/10/2004 11:18:48: > Hello, I have the following situation: > > 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24 > 192.168.176.2 pop3 ipsec > racoon > > > policy: (Machine A and B) > ------- > loc vpn ACCEPT > vpn loc ACCEPT > all

Hi All, In the previous mail, I have sent is only the problem that occurs, because of using IPv6 addresses. But the connection works with IPv4 addresses without any problem. Thanx, Mohan. __________________________________________________________ How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com

I am having problems in the implementation of a VPN, below made a project of my net: INTRANET (10.0.0.0/24) | 10.0.0.5 xl0 NetBSD IPNAT ( map wi0 10.0.0.0/24 -> 192.168.213.10 ) wi0 192.168.213.10/30 | | Wireless VPN | | 192.168.213.9/30 xl2 FreeBSD NATD ( divert natd all from any to any ) xl0 200.x.x.5/24 | 200.x.x.1/24

Hello, I have given myself quite the headache trying to make this VPN work correctly. I am attempting to use racoon to establish keys and construct an encrypted tunnel between one host(A.A.A.A) with a routable IP address and another that has a private address(10.0.0.2) with a cable modem(B.B.B.B) forwarding all ports to the private address(10.0.0.2). Here is a quick topographic dipiction of the

This morning, I noticed in my security email, that my entire /usr/bin directory had setuid diff's set on them. I think I've been hacked. So I installed chkrootkit from ports and ran it. It showed not infected for everything, except NETSTAT. NETSTAT showed infected... I ran chkrootkit for another machine (at my office), and it showed not infected for everything. Both machines are

Hello, My name is Fermín Galán and I''m currently working with IPSec tunnels. Recently, I was setting a IPSec tunnelling sample scenario (maybe the simplest one :), where I observed some strange behaviour that I like to describe in the list, just in the case somebody knows what can be the cause, please. The scenario involves four hosts configured in the following way:

On Sun, 23 Feb 2003 09:47:05 -0800, "Sam Leffler" <sam@errno.com> said: > >> Add a new config option IPSEC_FILTERGIF to control whether or not >> packets coming out of a GIF tunnel are re-processed by ipfw, >> et. al. By default they are not reprocessed. With the option they >> are. > > This may affect your ipfw/ipf rules. If you are happy with