similar to: IPsec - got ESP going, but not AH

I have no idea whatsoever as to why racoon/IKE does not work here. I've tried various how-to documents but found nothing that works for me. Gateway (10.0.0.1) running 4.9-stable. Laptop (10.0.0.10) running 5.2.1-release. Both running racoon-20040408a On the gateway 10.0.0.1 # cat /etc/ipsec.conf add 10.0.0.1 10.0.0.10 esp 691 -E rijndael-cbc "1234567890123456" -A hmac-sha1

Why wasn't there a FreeBSD security alert for Kerberos 5? Does FreeBSD use the MIT implementation? I got an email from CERT about this. See the attached message below. -- Daniel Rudy >From - Sat Sep 04 03:22:15 2004 X-UIDL: a8f31551eb03ca144862bddc8ccce266 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Apparently-To: dcrudy@pacbell.net via 206.190.37.79; Fri, 03 Sep 2004

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I did a cvsup for RELENG_7 earlier today. # uname -a FreeBSD polo.example.org 7.1-STABLE FreeBSD 7.1-STABLE #8: Sat Apr 11 18:50:17 EDT 2009 dan@polo.example.org:/usr/obj/usr/src/sys/PHENOM amd64 No idea what went wrong here. Clues please. cc -c -O2 -frename-registers -pipe -fno-strict-aliasing -std=c99 -g - -Wall -Wredundant-decls

Hi All, I''m trying to setup a VPN Between a Linux Box (CentOS 4) and Check Point FW-1 (NGX R65) and I actually already done this. However I''m having a problem with Policy "none" when using ports, for example, I want to exclude from VPN the "ssh" service, so my commands to setkey was. # Excluded services ssh spdadd 172.20.0.0/16[any] 172.16.0.0/16[22] tcp -P

I wanted to mention I updated the Postfix and Dovecot SASL wiki entry yesterday. http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL The entry: submission inet n - - - - smtpd was incorrect. It should be: submission inet n - n - - smtpd By specifying n for chroot, it ensures that DNS lookups can occur. Otherwise, if you are using reject_unknown_recipient_domain the following error will

Hello, I had an idea last week: why shut everything off (in my basement) when the power goes off (and run time goes below X minutes)? My idea: shutdown the big stuff first (two servers) leaving the little stuff (switches, wireless, gateway) running for a while longer. I might get another 30 minutes of internet that way. Let me watch a bit more streaming?. I?m convinced that idea is achievable

Hello, I''m trying to put 3 nodes in a vpn in tunnel mode. When I run setkey on the following file, I end up with The result of line 33: File exists. That error isn''t overly helpful, so I was hoping that someone could explain the issue. Here''s the file, with line 33 highlighted. Help appreciated. Mike # Flush the SAD and SPD flush; spdflush; # Add SA for

I am proud to announce that BSDCan 2008 registration is now open. http://www.bsdcan.org/2008/registration.php We have added a new tutorial to the schedule: http://www.bsdcan.org/2008/schedule/events/107.en.html Wireless networking facilities in FreeBSD. Hands-on experience setting up and inspecting wireless networks. - Sam Leffler Also, BSDCan 2008 will be the first BSD conference

Hi All, In the previous mail, I have sent is only the problem that occurs, because of using IPv6 addresses. But the connection works with IPv4 addresses without any problem. Thanx, Mohan. __________________________________________________________ How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com

I am having problems in the implementation of a VPN, below made a project of my net: INTRANET (10.0.0.0/24) | 10.0.0.5 xl0 NetBSD IPNAT ( map wi0 10.0.0.0/24 -> 192.168.213.10 ) wi0 192.168.213.10/30 | | Wireless VPN | | 192.168.213.9/30 xl2 FreeBSD NATD ( divert natd all from any to any ) xl0 200.x.x.5/24 | 200.x.x.1/24

Hello, I have given myself quite the headache trying to make this VPN work correctly. I am attempting to use racoon to establish keys and construct an encrypted tunnel between one host(A.A.A.A) with a routable IP address and another that has a private address(10.0.0.2) with a cable modem(B.B.B.B) forwarding all ports to the private address(10.0.0.2). Here is a quick topographic dipiction of the

I'm trying to destroy a zfs array which I recently created. It contains nothing of value. # zpool status pool: storage state: ONLINE status: One or more devices could not be used because the label is missing or invalid. Sufficient replicas exist for the pool to continue functioning in a degraded state. action: Replace the device using 'zpool replace'.

Hello, My name is Fermín Galán and I''m currently working with IPSec tunnels. Recently, I was setting a IPSec tunnelling sample scenario (maybe the simplest one :), where I observed some strange behaviour that I like to describe in the list, just in the case somebody knows what can be the cause, please. The scenario involves four hosts configured in the following way:

I received this message today, and remembered, you can't do that... $ doveadm pw -s SHA512-CRYPT Enter new password: doveadm(dan): Fatal: open(/dev/tty) failed: No such file or directory </pre> It seems if you have no tty, you can't create a password. Surely there is a better way to do this? Looking at the code, it's trying to open the tty and turn off echo. For the

This morning I found a frozen box. On the console was this: ad0: READ command timeout tag=0 serv=0 - resetting ata0: resetting devices .. ata0-slave: ATA identify retries exceeded done After reboot, those messages were found in /var/log/messages. I'm running FreeBSD 4.8-RC from Apr 4 10:45:49 EST 2003. Any ideas? -- Dan Langille : http://www.langille.org/

The list of talks and speakers for BSDcan 2011 has been released. For 2011, we once again have a strong collection of talks that will appeal to a wide range of attendees. Registration will open later this week. Be sure to start making your travel plans. http://www.bsdcan.org/2011/schedule/ We also have a Facebook and Twitter pages. Please help us to spread the word.

Overnight I was running a zfs send | zfs receive (both within the same system / zpool). The system ran out of space, a drive went off line, and the system is degraded. This is a raidz2 array running on FreeBSD 8.1-STABLE #0: Sat Sep 18 23:43:48 EDT 2010. The following logs are also available at http://www.langille.org/tmp/zfs-space.txt <- no line wrapping This is what was running: #

hello i am trying to set up ipsec in my network, for now just between two hosts, using to use AH & ESP in tunnel mode to get all of packet encrypted. keys are negotiated with racoon. mayby using tunnel mode in this case can seems strange, but i know what i am doing. after setting up everything i have done few tests with ping & tcpdump. but the results are very suprising. bellow is what i

Hi, I have FreeBSD box with network interface having y.y.y.y ip address. On same box i configure next ipsec ploicys to process trafic from hardware ipsec enabled device. spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec esp/tunnel/y.y.y.y-z.z.z.z/require; spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec esp/tunnel/z.z.z.z-y.y.y.y/require; Is it possible to see decrypted incoming packets, and outgoing

Hello. I try to configure IPSEC to bybass ssh protocol. For example: setkey -FP setkey -F setkey -c << EOF spdadd 10.1.1.1/32 10.6.10.50[22] tcp -P in none ; spdadd 10.1.1.1/32 10.6.10.50 tcp -P in ipsec ah/transport//require ; EOF (Pass incoming ssh packets to 10.6.10.50, block other tcp packets) This works under fresh 7-CURRENT(FAST_IPSEC). On fresh 6-STABLE (neither FAST_IPSEC nor