similar to: proxyarp <--> OpenSwan VPN/Internet

I´ve figured out the following. I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp x.x.x.14 eth2 eth0 No very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn) but with public ip x.x.x.14 to x.x.x.11 If I try to sftp through the fw to the public internet I have the same

Would it be considered normal that a system behind a shorewall box that was setup for proxyarp and able to be reached from the trusted side of the net just fine on the proxyapr ip address would if it were to talk out to the world show as traffic not from the proxyarp address but the firewall''s own address or the masquerading ip used by other zones? We had not really noticed this as an

Greetings all, I have just install Shorewall on a Debian system and I''m using it as a firewall on an internal network. The specifics of the system are as follows: firewall:/var/log# shorewall version 3.0.4 firewall:/var/log# uname -a Linux firewall 2.6.12-1-386 #1 Tue Sep 27 12:41:08 JST 2005 i586 GNU/Linux Shorewall start successfully and $FW can connect to the Internet for upgrading

Does anyone else noticed problems after updating openswan to openswan-2.6.32-27.2.el6_5.i686 ? In our case a connection to Cisco VPN 3000 Series would no longer work. I can see in the log an ASSERTION FAILED error and the connection would remain in Pending phase 2. Mar 7 16:24:40 firewall pluto[7647]: "ciscovpntest" #2: discarding duplicate packet; already STATE_MAIN_I1 Mar 7

On 2015-04-14 11:25, Gordon Messmer wrote: > On 04/14/2015 11:07 AM, Florin Andrei wrote: >> I looked in the yum repositories for CentOS 7 and I noticed that there >> are no packages for any of the major open source IPSec VPN apps - >> Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan >> packages. > > libreswan replaced openswan, and is

On 04/14/2015 11:07 AM, Florin Andrei wrote: > I looked in the yum repositories for CentOS 7 and I noticed that there > are no packages for any of the major open source IPSec VPN apps - > Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan packages. libreswan replaced openswan, and is available in the CentOS 7 repo.

2015-04-14 21:40 GMT+03:00 Florin Andrei <florin at andrei.myip.org>: > On 2015-04-14 11:25, Gordon Messmer wrote: > >> On 04/14/2015 11:07 AM, Florin Andrei wrote: >> >>> I looked in the yum repositories for CentOS 7 and I noticed that there >>> are no packages for any of the major open source IPSec VPN apps - >>> Openswan, strongSwan, etc.

I looked in the yum repositories for CentOS 7 and I noticed that there are no packages for any of the major open source IPSec VPN apps - Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan packages. What is the current consensus w.r.t. building an IPSec VPN "server" (concentrator, whatever) on CentOS 7, that will do site-to-site connections with Cisco hardware at

I want to build a robust firewall for a resort installation. The resort''s telephony is entirely VOIP, asterisk based. We have the following internet feeds: 1) 512/512 kb fixed bandwidth leased line with static IP from Telco- primary connection, expensive, to use for VOIP, VPN traffic, mail server, SSH access for remote work. Reliable. 2) 256/512 kb ADSL from Telco, not fixed IP -

Hello Everyone! I am using shorewall-3.0.5 on suse linux. Recently we have implemented dansguardian running on 8080 and squid on port 3128. Previously (before dans guardian) masquerading was working fine but after the implementation of dansguardian masquerading is not working. My rules file has entry Previous entry was ACCEPT loc:192.192.192.3 net REDIRECT loc 8080 tcp

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the

On 2015-04-14 11:44, Eero Volotinen wrote: > 2015-04-14 21:40 GMT+03:00 Florin Andrei <florin at andrei.myip.org>: >> >> http://serverfault.com/a/655752/24406 >> >> If that is accurate, the documentation, and the clustering / load >> balancing might tilt the balance in the direction of strongSwan. >> >> > Well, both packages can do ipsec to

Hi all, Any one have success with Openswan and IPSEC VPN? Having some issues. Wondering if any would mind posting there configs; ipsec.conf. Also open to any IPSEC client. - aurf

suse-10 , shorewall version 3.0.5 I have squid installed (i have a user named squid in /etc/passwd) file. the squid is authentication based, now i want to control the traffic generated by squid. If I can control the squid traffic then is it possible to control the traffic of users with an account in squid and not on the fw machine? Thanks and regards Anuj -- ============ Linux Rocks

Good afternoon: I need if they can help me I have 2 Servants with Fedora Core 1 Kernel-2.4.22-1.2197.ntpl, with the following packages Openswan: Kernel-modulate-openswan-2.4.22-1.2197.ntpl-2.1.4-fc1.dag.i686.rpm and the Openswan-utils-2.1.4-1.fc1.dag.i686.rpm. As Firewall I have the shorewall 2.1 All this works well when having alone an In-date IP. When having 2 In-date IP, one to leave to

We had a running ipsec shorewall system to all of our remote offices. We added a dmz to the firewall and implemented proxy arp for that dmz. We have checked everything two or three times and cannot figure out why the vpns will no longer come up. We are using shorewall version 2.2.3 from the debian stable sarge distribution. We noticed the errata that for 2.0.0 there was a problem with proxy

Hello all, I am working on a VPN solution using FC3-2.6.12-1.1381 - openswan 2.4.4-1 - l2tpd 0.69-13 - pppd 2.4.3-5 - samba 3.0.10-1. When attempting a connection from an XP-SP2 box pppd dies without authenticating the user (see below). I have run ntlm_auth from the command line with success. What tools can I use to identify the failure? Is there an obvious error in the ppp options file?

Tom, Is not this query worth answering? -Siva -----Original Message----- From: Sivamurugu K. Pillai Sent: Friday, April 08, 2005 3:14 PM To: ''Mailing List for Shorewall Users'' Subject: ProxyARP in a Routed environment Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a

I''m just looking for a quick sanity check to make sure what I''m finding is really all necessary here. I''m upgrading a gateway/firewall from Linux 2.4 to 2.6 using Mandrake 10.1. In the old 2.4 kernel I structured my firewall rules around the ipsec0 interface, which I understand isn''t present with Openswan running under 2.6 (no KLIPS). Ok, So as I start to

Hi, is there anybody running centos3 (el3) with a standard kernel 2.4.32 or newer, because it seems openswan versions > 2.21 don''t run with centos3(el3) anymore. But we need the newer openswan versions. Problem arise when I try to build the ipsec.o module: /usr/src/openswan-2.4.4/linux/net/ipsec/ipsec_init.c /usr/src/openswan-2.4.4/linux/net/ipsec/ipsec_init.c: In function