similar to: IPSec

I have been using shorewall and freeswan successfully for 3 or more years now. But they have all been using the Linux 2.4 kernel. My current configuration is (as the title suggests) using SuSE 9.1 which has a 2.6.5 kernel and freeswan 2.0.4 built-in. After much reading and a lot of trial and error, I did get this combination to work with Shorewall 2.0.9. It is happily talking to an older Mandrake

Hi, I am trying to setup ipsec tunnel between Freebsd (host1) and Linux (host2) systems.And I also interested in executing some ipsec test cases( Like TAHI conformance test suite) on the same connection. Please, suggest me some details regarding this setup and Specify any materials which can be obtained from from any locations(site).. I have enabled IPSec support for FreeBSD (4.11 Release) and

hi, I can''t get a freeswan 2.02 ipsec x509 connection at work can somebody help me? ************************************************************************************* global situation ************************************************************************************* the linux gateway (chivas) is a single machine 192.168.1.250 with a local net 192.168.1.0/24, a dyn IP via a DSL

Hello, it looks like the usual way to do ipsec on centos5 won't work anymore on centos6 I installed ipsec-tools but an interface type IPsec is not recognized by the kernel ifup ipsec0 Device does not seem to be present, delaying initialization. I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5 any hints ? thank you

Hi, Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey on which I have one address on my side acting as an SNAT router for all traffic from my network to a network segment on the far side. my network --- my gateway ---------------------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can

I have the following network: External Interface External Interface ccc.ccc.ccc.ccc aaa.aaa.aaa.aaa | | --> VPN <--> Internet <--> FreeBSD Client (NATed extip: bbb.bbb.bbb.bbb) | FW-1 Protected Net ddd.ddd.ddd.ddd/24 VPN: ipsec freeswan (UDP encapsulated tunnel) ccc.ccc.ccc.ccc has port 136/UDP open for

Hi all, I want to allocate bandwidth for ipsec interface using CBQ/tc. Suppose the conf. file is like this, DEVICE=ipsec0,10Mbit,1Mbit RATE=128Kbit WEIGHT=10Kbit PRIO=5 RULE=192.128.1.0/24 Does it work or What else options need to be taken care like ipsec packets/protocol/port # etc.? C''d anybody suggest please? regds, Srikanth. _______________________________________________ LARTC

Hello, I usualy permit TCP traffic on ports from 1025 to 65535 of the servers that I need to permit FTP access. Is there a more secure way to permit FTP access instead of to permit such ports? I have a FreeBSD gateway/router on a building with these ports open and I?m having some problems with users using softwares like Kasaa and eMule. Any help would be appreciated. Thank?s Ronan

Hi, When a IPSec tunnel is established between two peers, I understand that the "normal" situation is to have in a given moment two SAs, one for each direction of the tunnel. However, in one of my tunnels (peer P1 running GNU/Linux with setkey and racoon; peer P2 is a Cisco router) there is a large number (around 19) of SAs established (this has been observed in P1 with

Hi, Does anyone have experience using IPSEC on CentOS in order to connect to vendor IPSEC-based VPN products (specifically Checkpoint FW1) ? Is the included IPSEC implementation sufficient, or do people have to rely on OpenSWAN or FreeSWAN ? I'd be testing tomorrow and I'm interested with experiences others have had and things to look out for. Thanks in advance, -- dag wieers, dag

I''m getting insane here. I''m running shorewall 1.3.11 with iptables 1.2.5 and freeswan 1.97 on a 2.4.18-8 kernel aka MNF. The setup is a followed: Lan (192.168.1.x) - FW (eth1 192.168.1.254 - eth0 64.x.y.71) - router 64.x.y.65 (which is default GW on eth0) -internet - 161.a.b.c (FW-1) So a windows client with checkpoint tries to connect to a vpn-1 server on the internet. The

We had a running ipsec shorewall system to all of our remote offices. We added a dmz to the firewall and implemented proxy arp for that dmz. We have checked everything two or three times and cannot figure out why the vpns will no longer come up. We are using shorewall version 2.2.3 from the debian stable sarge distribution. We noticed the errata that for 2.0.0 there was a problem with proxy

Hi, I have tried to enable IPSec support for my FreeBSD( 4.11-RELEASE) system. First, I copied the generic kernel configuration file to a file I called MYKERNEL: #cp /usr/src/sys/i386/conf/GENERIC /usr/src/sys/i386/conf/MYKERNEL Then, I added the following three lines to the options section of /usr/src/sys/i386/conf/MYKERNEL: options IPSEC options IPSEC_ESP options

Hi, I have been using IPsec to communicate between a laptop that tracks -stable and a Linksys BEFVP41 router. I only use it infrequently, but it's been working great. My setup is as described in http://grapeape.alerce.com/linksys-ipsec/article.html (which I am planning to submit to the handbook when it's done). I'm no longer able to make an ipsec connection, and I can't put my

I set up an ipsec/racoon vpn tunnel test environment. The gateway machines are 192.168.0.30 and 192.168.0.31 on the external adaptor and 10.0.1.1 and 10.0.2.1 internally. The test workstations are 10.0.1.10 and 10.0.2.10. The tunnel seems to be working as in 10.0.1.10 can talk to 10.0.2.10 an vice versa and they can both use the net via NAT, however 192.168.0.30 and 192.168.0.31 cannot directly

Hi , I have setup site-to-site IPSEC tunnel using Freeswan and Shorewall. I have 3 sites, One central site called site-A, and 2 remote sites called site-B and site-C. Now site-A can communicate with site-B and site-C repectively. I want to enable site-B talk to site-C using Tunnel hub configuration. I have enabled the shorewall policy on site-A server so that site-B can talk site-C, but it

I've been using IPSec and racoon alot lately creating tunnels between FreeBSD machines. Everything works as it should once I've got it running. I do however seem to get delays when one, or both ends of the tunnel drop or are rebooted. On reboot, once the machine starts racoon, it takes two or three minutes for the tunnel to come back up. If I stop and restart racoon, it takes only 60

IF you are not stuck to IPSec, you might want to take a look at OpenVPN (www.openvpn.org). I found OpenVPN easier to install than FreeSWAN (an IPSEC VPN) and have setup an OpenVPN solution between my German office and our mainoffice in a matter of hours. Thom van der Boon E-Mail: Thom.van.der.Boon at vdb.nl ===== Thom.H. van der Boon b.v. Havens 563 Jan Evertsenweg 2-4 NL-3115 JA Schiedam

Last couple of days some of my hosts were probed for UDP port 500 (IKE daemon, used by IPSec for key exchange) from dialup IPs. Don't remember seeing similar probes before. Some new vaulnerability that script kiddies (and pro crackers) are trying out, or is this some old stuff? I do remember there were some security problems with racoon in the past (that were fixed in current CentOS

Hi, I'm trying to get IPsec running between 2 FreeBSD (VMware) boxes, using racoon2. spmd and iked start up okay, but I get an error when I try a ping across the tunnel. /var/log/messages shows: May 5 13:52:36 biosa-vm4 iked: [INTERNAL_ERR]: if_spmd.c:726: SLID failed: 550 Operation failed May 5 13:52:36 biosa-vm4 iked: [INTERNAL_ERR]: isakmp.c:647:isakmp_initiate_cont(): 0:172.20.36.55[0]