Displaying 20 results from an estimated 800 matches similar to: "IPsec - got ESP going, but not AH"
2004 Apr 27
2
IPsec works, but racoon/IKE does not
I have no idea whatsoever as to why racoon/IKE does not work here.
I've tried various how-to documents but found nothing that works for
me.
Gateway (10.0.0.1) running 4.9-stable.
Laptop (10.0.0.10) running 5.2.1-release.
Both running racoon-20040408a
On the gateway 10.0.0.1
# cat /etc/ipsec.conf
add 10.0.0.1 10.0.0.10 esp 691 -E rijndael-cbc "1234567890123456" -A
hmac-sha1
2004 Sep 13
2
Kerberos 5 Security Alert?
Why wasn't there a FreeBSD security alert for Kerberos 5? Does FreeBSD
use the MIT implementation? I got an email from CERT about this. See
the attached message below.
--
Daniel Rudy
>From - Sat Sep 04 03:22:15 2004
X-UIDL: a8f31551eb03ca144862bddc8ccce266
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Apparently-To: dcrudy@pacbell.net via 206.190.37.79; Fri, 03 Sep 2004
2009 Apr 11
1
kernel: problems compiling if_ath.c
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I did a cvsup for RELENG_7 earlier today.
# uname -a
FreeBSD polo.example.org 7.1-STABLE FreeBSD 7.1-STABLE #8: Sat Apr 11
18:50:17 EDT 2009 dan@polo.example.org:/usr/obj/usr/src/sys/PHENOM
amd64
No idea what went wrong here. Clues please.
cc -c -O2 -frename-registers -pipe -fno-strict-aliasing -std=c99 -g
- -Wall -Wredundant-decls
2007 Sep 19
0
Exclude service from IPSec, using ipsec-tools
Hi All,
I''m trying to setup a VPN Between a Linux Box (CentOS 4) and Check
Point FW-1 (NGX R65) and I actually already done this. However I''m
having a problem with Policy "none" when using ports, for example, I
want to exclude
from VPN the "ssh" service, so my commands to setkey was.
# Excluded services ssh
spdadd 172.20.0.0/16[any] 172.16.0.0/16[22] tcp -P
2014 Dec 31
2
Postfix and Dovecot SASL - wiki update
I wanted to mention I updated the Postfix and Dovecot SASL wiki entry yesterday.
http://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL
The entry:
submission inet n - - - - smtpd
was incorrect. It should be:
submission inet n - n - - smtpd
By specifying n for chroot, it ensures that DNS lookups can occur. Otherwise, if you are using reject_unknown_recipient_domain
the following error will
2023 Jul 16
4
Powering off the big stuff first
Hello,
I had an idea last week: why shut everything off (in my basement) when the power goes off (and run time goes below X minutes)?
My idea: shutdown the big stuff first (two servers) leaving the little stuff (switches, wireless, gateway) running for a while longer. I might get another 30 minutes of internet that way. Let me watch a bit more streaming?.
I?m convinced that idea is achievable
2007 Mar 05
1
File exists?
Hello,
I''m trying to put 3 nodes in a vpn in tunnel mode.
When I run setkey on the following file, I end up with
The result of line 33: File exists.
That error isn''t overly helpful, so I was hoping that someone could explain
the issue.
Here''s the file, with line 33 highlighted.
Help appreciated.
Mike
# Flush the SAD and SPD
flush;
spdflush;
# Add SA for
2008 Mar 18
0
BSDCan registration now open
I am proud to announce that BSDCan 2008 registration is now open.
http://www.bsdcan.org/2008/registration.php
We have added a new tutorial to the schedule:
http://www.bsdcan.org/2008/schedule/events/107.en.html
Wireless networking facilities in FreeBSD. Hands-on experience
setting up and inspecting wireless networks. - Sam Leffler
Also, BSDCan 2008 will be the first BSD conference
2005 Jun 30
0
Problem with IPSec tunnel, using IPv6 addresses, .........
Hi All,
In the previous mail, I have sent is only the problem
that occurs, because of using IPv6 addresses. But the
connection works with IPv4 addresses without any
problem.
Thanx,
Mohan.
__________________________________________________________
How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com
2003 May 22
0
VPN IPSEC WIRELESS
I am having problems in the implementation of a VPN, below made a project of my net:
INTRANET
(10.0.0.0/24)
|
10.0.0.5
xl0
NetBSD IPNAT ( map wi0 10.0.0.0/24 -> 192.168.213.10 )
wi0
192.168.213.10/30
|
|
Wireless
VPN
|
|
192.168.213.9/30
xl2
FreeBSD NATD ( divert natd all from any to any )
xl0
200.x.x.5/24
|
200.x.x.1/24
2004 Apr 03
0
IPSec Racoon and Port Forwarding
Hello,
I have given myself quite the headache trying to make this VPN work correctly. I am attempting to use racoon to establish keys and construct an encrypted tunnel between one host(A.A.A.A) with a routable IP address and another that has a private address(10.0.0.2) with a cable modem(B.B.B.B) forwarding all ports to the private address(10.0.0.2). Here is a quick topographic dipiction of the
2010 Jul 25
4
zpool destroy causes panic
I'm trying to destroy a zfs array which I recently created. It contains
nothing of value.
# zpool status
pool: storage
state: ONLINE
status: One or more devices could not be used because the label is
missing or
invalid. Sufficient replicas exist for the pool to continue
functioning in a degraded state.
action: Replace the device using 'zpool replace'.
2006 May 31
0
IPSec tunnels and routing: strange behaviour
Hello,
My name is Fermín Galán and I''m currently working with IPSec tunnels.
Recently, I was setting a IPSec tunnelling sample scenario (maybe the
simplest one :), where I observed some strange behaviour that I like to
describe in the list, just in the case somebody knows what can be the cause,
please.
The scenario involves four hosts configured in the following way:
2013 Oct 22
2
doveadm: Fatal: open(/dev/tty)
I received this message today, and remembered, you can't do that...
$ doveadm pw -s SHA512-CRYPT
Enter new password: doveadm(dan): Fatal: open(/dev/tty) failed: No such
file or directory
</pre>
It seems if you have no tty, you can't create a password. Surely there
is a better way to do this?
Looking at the code, it's trying to open the tty and turn off echo.
For the
2003 May 18
3
ad0: READ command timeout....
This morning I found a frozen box. On the console was this:
ad0: READ command timeout tag=0 serv=0 - resetting
ata0: resetting devices .. ata0-slave: ATA identify retries exceeded
done
After reboot, those messages were found in /var/log/messages.
I'm running FreeBSD 4.8-RC from Apr 4 10:45:49 EST 2003.
Any ideas?
--
Dan Langille : http://www.langille.org/
2011 Mar 07
0
BSDCan 2011 - schedule released
The list of talks and speakers for BSDcan 2011 has been released. For
2011, we once again have a strong collection of talks that will appeal
to a wide range of attendees. Registration will open later this week. Be
sure to start making your travel plans.
http://www.bsdcan.org/2011/schedule/
We also have a Facebook and Twitter pages. Please help us to spread the
word.
2010 Oct 02
3
out of HDD space - zfs degraded
Overnight I was running a zfs send | zfs receive (both within the same
system / zpool). The system ran out of space, a drive went off line,
and the system is degraded.
This is a raidz2 array running on FreeBSD 8.1-STABLE #0: Sat Sep 18
23:43:48 EDT 2010.
The following logs are also available at
http://www.langille.org/tmp/zfs-space.txt <- no line wrapping
This is what was running:
#
2004 Sep 24
2
strange behavior of ipsec tunnel mode
hello
i am trying to set up ipsec in my network, for now just between two hosts, using to use AH & ESP
in tunnel mode to get all of packet encrypted. keys are negotiated with racoon.
mayby using tunnel mode in this case can seems strange, but i know what i am doing.
after setting up everything i have done few tests with ping & tcpdump. but the results are very suprising.
bellow is what i
2004 Apr 10
2
IPSec debug
Hi,
I have FreeBSD box with network interface having y.y.y.y ip address.
On same box i configure next ipsec ploicys to process trafic from
hardware ipsec enabled device.
spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec esp/tunnel/y.y.y.y-z.z.z.z/require;
spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec esp/tunnel/z.z.z.z-y.y.y.y/require;
Is it possible to see decrypted incoming packets, and outgoing
2006 May 26
0
IPSEC - tcp port match
Hello.
I try to configure IPSEC to bybass ssh protocol. For example:
setkey -FP
setkey -F
setkey -c << EOF
spdadd 10.1.1.1/32 10.6.10.50[22] tcp -P in none ;
spdadd 10.1.1.1/32 10.6.10.50 tcp -P in ipsec ah/transport//require ;
EOF
(Pass incoming ssh packets to 10.6.10.50, block other tcp packets)
This works under fresh 7-CURRENT(FAST_IPSEC). On fresh 6-STABLE (neither
FAST_IPSEC nor