similar to: dynamic IPSEC: Holy grail sighted

I''m still thinking about how my puppet deployment will go. Right now, I''m thinking each of my machines will have their network interfaces defined/configured by puppet. But, I''d like to generate my zone files and dhcpd.conf from this data as well. How do people generally do this? I expect I''ll end up generating the nodes.pp files from some database, but

Scenario: FreeBSD box running IPFW acting as a gateway to private network. The private network is made up of entirely routeable IP addresses. External users running Win2k and XP on DSL connections with dynamic IPs. Goal: To have the FreeBSD gateway securely authenticate and encrypt the traffic between the outside users and the internal network. I've spent the last 3 days running up and

Hi, [First, a quick introduction... I''m one of the sysadmins at Koumbit.org, and we''re evaluating puppet for managing our modest server farm. I''ve already started writing recipes and manifests and intend to share those with this community. Part of my time worked on this will be directly paid by Koumbit.] So we''ve got a few half-finished puppet modules here:

i had such problems on my mini-ITX. when sharing irq's with video or sound card, network traffic during ogg playing (for example on nfs) or quick moving windows crashed the interface. ifconfig down/up resolved the problem. it has been solved for a while now (i couldn't reproduce this problem) i think. regards, OLivier Le Jeudi 12 D?cembre 2002 03:45, The Anarcat a ?crit : >

On 2018-03-29 04:17:21, Olly Betts wrote: > On Mon, Mar 19, 2018 at 05:03:21PM -0300, David Bremner wrote: >> I can confirm this reproduces both the xapian-check and the notmuch-show >> error. Olly agrees that whatever notmuch is doing wrong, it shouldn't >> lead to a corrupted database > > There was a Xapian bug here, which I fixed on master last week and will >

Hi all Luke and I have been discussing the wiki and how its future development might pan out. As a result I thought I''d canvas people for feedback. Currently the wiki''s layout and structure is fairly ad hoc and it''s a mix of wiki mark-up and REStructured Text (RST). We''d like to make it more "manual" like or at least move a significant portion of

As everyone probably realizes, I''m getting swamped with incoming problems and tickets and I still need help triaging the tickets. James Turnbull has volunteered to help some, but I think we need more than one person. We''ve had a few people step in once or twice, but I''d like to be able to depend on Unreviewed tickets getting handled by someone else, rather

Hi everyone, First of all, this is my first post in this ML, so I''m not sure that this is the right place for my question (please don''t shoot me down ;)). For the record, I''ve been reading and using LARTC for almost 3 years now, and it''s a great help for anyone who wants to learn linux networking. My problem: I want to setup a tunnel for the following

class wrote on 06/10/2004 11:18:48: > Hello, I have the following situation: > > 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24 > 192.168.176.2 pop3 ipsec > racoon > > > policy: (Machine A and B) > ------- > loc vpn ACCEPT > vpn loc ACCEPT > all

class wrote on 06/10/2004 11:18:48: > Hello, I have the following situation: > > 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24 > 192.168.176.2 pop3 ipsec > racoon > > > policy: (Machine A and B) > ------- > loc vpn ACCEPT > vpn loc ACCEPT > all

Hi, I have FreeBSD box with network interface having y.y.y.y ip address. On same box i configure next ipsec ploicys to process trafic from hardware ipsec enabled device. spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec esp/tunnel/y.y.y.y-z.z.z.z/require; spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec esp/tunnel/z.z.z.z-y.y.y.y/require; Is it possible to see decrypted incoming packets, and outgoing

Hello, I''m trying to put 3 nodes in a vpn in tunnel mode. When I run setkey on the following file, I end up with The result of line 33: File exists. That error isn''t overly helpful, so I was hoping that someone could explain the issue. Here''s the file, with line 33 highlighted. Help appreciated. Mike # Flush the SAD and SPD flush; spdflush; # Add SA for

On Sun, 23 Feb 2003 09:47:05 -0800, "Sam Leffler" <sam@errno.com> said: > >> Add a new config option IPSEC_FILTERGIF to control whether or not >> packets coming out of a GIF tunnel are re-processed by ipfw, >> et. al. By default they are not reprocessed. With the option they >> are. > > This may affect your ipfw/ipf rules. If you are happy with

> -----Original Message----- > From: Greg Panula [mailto:greg.panula@dolaninformation.com] > Sent: 12 May 2003 11:10 > To: Matthew Braithwaite > Cc: stable@freebsd.org > Subject: Re: iHEADS UP: ipsec packet filtering change > > You don't really need the gif tunnels for ipsec. Gif is more geared > towards ipv4 <=> ipv6 type tunnels. A few of ipsec

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:01 Security Advisory FreeBSD, Inc. Topic: Directory permission vulnerability in pkg_add [REVISED] Category: core Module: pkg_install

Hello Greg, I am writing you, because I saw your responses to a couple of messages on the freebsd-security mailing list related to freebsd vpn and nat. My situations is rather unique, and I am needing an expert's eyes to glance at it and confirm whether it is doable or not. I have a simple diagram that illustrates what I am trying to do, and it is located here (about 40k):

Hi everyone, I wrote up a post on the FreeBSD forums about the issue I am having. It's rather long so I am providing a link to it here: http://forums.freebsd.org/showthread.php?t=39595 In summary, it seems that when the packets are routed in to the gateway from local network hosts, the src and dst addresses are changed to the public IPs of the tunnel -- at least from the perspective of the

Hi, When a IPSec tunnel is established between two peers, I understand that the "normal" situation is to have in a given moment two SAs, one for each direction of the tunnel. However, in one of my tunnels (peer P1 running GNU/Linux with setkey and racoon; peer P2 is a Cisco router) there is a large number (around 19) of SAs established (this has been observed in P1 with

Hi folks, I've been working on getting my WiFi network running with IPsec. I'm at the point where all traffic on the wifi subnet is encrypted (i.e. ESP). Then I tried to add AH to the equation. I failed. This picture describes the network setup: http://beta.freebsddiary.org/images/ipsec-wireless.gif Here's what I'm trying and failing with. With these rules, I get no

Dear list, I''m running Shorewall on a dedicated Fedora 7 box. Shorewall is working well as an office DSL router (dynamic IP) with loc and dmz zones. I am now trying to configure IPSec to connect a VPS, "casp", with a static IP to both the firewall and to the loc network behind it. The host to host SA works fine. However, pings from "loc" to "casp" can be