similar to: IPSec & Null Encryption

hi there, I just wanted to share a recent discovery I did on how to setup a secure VPN implementation for linux 2.4.x (I''m using 2.4.20 but it should be working, as far as documentation states, for > 2.4.18) without using FreeS/WAN. The tool (ipsec_tunnel: http://ringstrom.mine.nu/ipsec_tunnel/, by Tobias Ringström) is a kernel module based on ipip and ip_gre. It uses CyptoAPI to

Lots of updates to the IPSEC documentation on http://lartc.org/howto/lartc.ipsec.html The page lists 4 patches which should be applied to 2.5.47 and 1 patch to be applied to the kame racoon Internet Key Exchange daemon. If these are all applied, everything I throw at it works, modulo some annoying logmessages. Especially new & cool is http://lartc.org/howto/lartc.ipsec.automatic.keying.html

Hi! I''m testing IPSec tunnels, having the following test schemma: Host A - eth0: 192.168.1.67 eth1: 192.168.10.1 Host B - eth0: 192.168.1.254 eth1: 192.168.20.1 I''ve succesfully configured an IPSec tunnel in order to safely communicate from 192.168.10.0/24 (which is obviously behind Host A), and 192.168.20.0/24 (obviously behind Host B) In this test

Hi, I''m not sure this is the right list for this type of question... as IPSec isn''t exactly routing. If someone can point me to a dedicated IPSec list (for the 2.6 implementation) i''d be very grateful :) Onto the actual problem... I''m going to be using IPSec to secure a wireless access point. So far, in my experimentation, i have the tunnel from

I just wanted to drop a success notice to the list. We always hear the failures, and rarely the successes! ;-) After switching from FC1 and freeS/WAN ipsec to the new native linux 2.6 ipsec (ie: setkey-based) my QoS code suddenly started working properly! Previously, with FC1 and freeS/WAN, I found it impossible and rather buggy (kernel panics!) to get QoS to make any difference at all. My

Hi there, I am just starting out with the TC and iproute2 tools. I have given Bert Hubert''s Linux Advanced Routing And Traffic Control Howto a couple of reads but know I don''t have a full grasp of concepts yet. My immediate need is to make sure ipsec traffic between two linux firewall/routers is given the greatest priority over all other traffic. In more detail I have

Hi all :-) I have a problem with my current configuration of ipsec. I''m using ipsec with kernel 2.6 and racoon. I have two computers linked by wireless cards. The first (192.168.1.1 Zeus) is connected to internet through a DSL modem and the second (192.168.1.2 Memphis) is accessing internet through the first. I want with ipsec to encrypt all datas between the two computers. I can

hello i am trying to set up ipsec in my network, for now just between two hosts, using to use AH & ESP in tunnel mode to get all of packet encrypted. keys are negotiated with racoon. mayby using tunnel mode in this case can seems strange, but i know what i am doing. after setting up everything i have done few tests with ping & tcpdump. but the results are very suprising. bellow is what i

Hi, how can I filter IPsec traffic with u32 filters? I know IPsec needs Port 500/UDP and IP protocols 50 and 51. I know how to get the port stuff, but how can I make u32 to match the protocol number? thx, cb _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hello all, I am configuring a vpn between freeswan and windows 2000. I am following the steps at http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html, to get the VPN up and running. using this I have a ppp tunnel between windows and linux, which is inside a l2tp tunnel which is again encrypted by IPSec. (the url gives the configuration in detail and I have followed it exactly) Now the

Hi, I would like to shape incomming traffic on eth0 and ipsec0 (binded to eth0). I need to set minimal bandwidth to some packets going via ipsec0 interface. It is running fine when I simply mark the ESP (protocol 50) packets in the PREROUTING chain - means all ipsec packets are shaped. Like: iptables -t mangle -A PREROUTING -i eth0 -p 50 -j MARK --set-mark 30 iptables -t mangle -A PREROUTING -i

Hi, I have the following setup. Two linux systems with two [test] external interfaces encrypted with ipsec [transport]. Two gre tunnels that pass 10.200.0.0/24 and 10.200.1.0/24 network traffic. Testing the balanced tunnels I would setup iptraf on one and ping from the other. The results would be as expected; traffic would be split between the two interfaces. Testing with an ftp transfer of

Hi, I have the following setup. Two linux systems with two [test] external interfaces encrypted with ipsec [transport]. Two gre tunnels that pass 10.200.0.0/24 and 10.200.1.0/24 network traffic. Testing the balanced tunnels I would setup iptraf on one and ping from the other. The results would be as expected; traffic would be split between the two interfaces. Testing with an ftp transfer of

Hi all, I want to allocate bandwidth for ipsec interface using CBQ/tc. Suppose the conf. file is like this, DEVICE=ipsec0,10Mbit,1Mbit RATE=128Kbit WEIGHT=10Kbit PRIO=5 RULE=192.128.1.0/24 Does it work or What else options need to be taken care like ipsec packets/protocol/port # etc.? C''d anybody suggest please? regds, Srikanth. _______________________________________________ LARTC

Hello all, I am working with kernel 2.2.20 with the necessary options configured into the kernel to support all of the wonderfully fancy routing features: - routing based on ToS - routing based on fwmark - multiple routing tables This same kernel is in use elsewhere, and is routing based on fwmark with success. This leads me to believe that my kernel is OK and that I have another

Hi, is there a good howto for a Linux VPN-Gateway using racoon and IPSec provided with the actual kernel 2.6.9? Also one for how to set up a connection to the gateway using Windows XP and the client shipped with it? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

I am machines on IPsec VPN which is a subnet of my bigger LAN ( ie I have machines on the LAN which is not in the VPN ), specifically :- 192.168.132.0/29:0 -> internet ---> 192.168.1.192/27:0 ( local subnet ---> internet--> remote subnet ) # ip route list ... 192.168.1.192/27 via 21x.18x.11x.8x dev ipsec0 192.168.1.0/24 via 192.168.15.146 dev eth0 ... Now, the machines in the

I am attempting to setup a simple network-to-network IPSec tunnel. The tunnel appears to be setup correctly because I can make connections between the networks and tcpdump shows esp packets going between the two gateways. My problem is that I cannot make connections from one gateway to the other through the tunnel. I think that this is a routing issue. Here is some more info about my network:

Hi all. Is it possible to use ipsec and also compress data from one linux box to another via a WAN link ?.. if yes how can i compress such data ??..by data i mean network traffic(internet) !! the corresponding linux box uses iproute & is linked with 2 isp. the idea behind is to use a maximum of the available pipe which is 2mb but with needs, has grown out... can u suggest how to do it or

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, been awhile since I''ve written. I now have a situation where I get to use traffic shaping for a client. ~ We implemented the WonderShaper script on our own firewall and experienced no problems. I made some modifications to it to add IPSec protocol packets into the 1:10 high priority class using the u32 filter. ~ So far on our