similar to: File exists?

Hello, Looking here http://www.ipsec-howto.org/x299.html I''ve set up a vpn in transport mode with two linux boxes. I''m now trying to set it up in tunnel mode. After using the example keys, trying to ping, it doesn''t work because the route network isn''t routable. This mention is in the howto "If you tunnel is not working, please check your routing.

Hi, I have FreeBSD box with network interface having y.y.y.y ip address. On same box i configure next ipsec ploicys to process trafic from hardware ipsec enabled device. spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec esp/tunnel/y.y.y.y-z.z.z.z/require; spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec esp/tunnel/z.z.z.z-y.y.y.y/require; Is it possible to see decrypted incoming packets, and outgoing

Hey people, I have the following tcng configuration: #include "fields.tc" #include "ports.tc" dev "eth0" { egress { // Voice traffic class (<$voice>) if udp_dport >= 20000 && udp_dport <= 23000; // SSH connections class (<$interactive>) if tcp_dport == PORT_SSH; //

> -----Original Message----- > From: Greg Panula [mailto:greg.panula@dolaninformation.com] > Sent: 12 May 2003 11:10 > To: Matthew Braithwaite > Cc: stable@freebsd.org > Subject: Re: iHEADS UP: ipsec packet filtering change > > You don't really need the gif tunnels for ipsec. Gif is more geared > towards ipv4 <=> ipv6 type tunnels. A few of ipsec

Hi folks, I've been working on getting my WiFi network running with IPsec. I'm at the point where all traffic on the wifi subnet is encrypted (i.e. ESP). Then I tried to add AH to the equation. I failed. This picture describes the network setup: http://beta.freebsddiary.org/images/ipsec-wireless.gif Here's what I'm trying and failing with. With these rules, I get no

People, I''m trying to set up the tc filters for a PRIO queue. I''m basing it off of marked traffic via iptables. For example, I''ve marked two classes of traffic with ids "2" and "4", and now I''m filtering those to bands 1 and 2. tc filter add dev eth0 parent 1: prio 0 protocol ip \ handle 2 fw flowid 10:1 tc filter add dev eth0 parent 1:

Dear list, I''m running Shorewall on a dedicated Fedora 7 box. Shorewall is working well as an office DSL router (dynamic IP) with loc and dmz zones. I am now trying to configure IPSec to connect a VPS, "casp", with a static IP to both the firewall and to the loc network behind it. The host to host SA works fine. However, pings from "loc" to "casp" can be

Hi everyone, First of all, this is my first post in this ML, so I''m not sure that this is the right place for my question (please don''t shoot me down ;)). For the record, I''ve been reading and using LARTC for almost 3 years now, and it''s a great help for anyone who wants to learn linux networking. My problem: I want to setup a tunnel for the following

I am trying to get a tunnel from a cisco 1760 with IOS 12.2.15.t13 to a freebsd 4.9 install with racoon. I have package version freebsd-20040408a and internal version 20001216 in my log file. I posted the full racoon and cisco log below my configs. Racoon keeps saying: 2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:24:03: DEBUG:

Hi! I'm trying to increase security on my FreeBSD 4.8 firewall/DSL router/VPN router. My problem is with firewalling the VPN part. I'm using a tunnel to a RedHat 7.1 box running FreeS/WAN. This tunnel allows traffic from my internal net (172.17.0.0/24) to that box only: spdadd 172.17.0.0/24 $REDHAT/32 any -P out ipsec esp/tunnel/$MYADDR-$REDHAT/unique; spdadd $REDHAT/32 172.17.0.0/24

Hi All, I''m trying to setup a VPN Between a Linux Box (CentOS 4) and Check Point FW-1 (NGX R65) and I actually already done this. However I''m having a problem with Policy "none" when using ports, for example, I want to exclude from VPN the "ssh" service, so my commands to setkey was. # Excluded services ssh spdadd 172.20.0.0/16[any] 172.16.0.0/16[22] tcp -P

class wrote on 06/10/2004 11:18:48: > Hello, I have the following situation: > > 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24 > 192.168.176.2 pop3 ipsec > racoon > > > policy: (Machine A and B) > ------- > loc vpn ACCEPT > vpn loc ACCEPT > all

class wrote on 06/10/2004 11:18:48: > Hello, I have the following situation: > > 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24 > 192.168.176.2 pop3 ipsec > racoon > > > policy: (Machine A and B) > ------- > loc vpn ACCEPT > vpn loc ACCEPT > all

Hi All, In the previous mail, I have sent is only the problem that occurs, because of using IPv6 addresses. But the connection works with IPv4 addresses without any problem. Thanx, Mohan. __________________________________________________________ How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com

I am having problems in the implementation of a VPN, below made a project of my net: INTRANET (10.0.0.0/24) | 10.0.0.5 xl0 NetBSD IPNAT ( map wi0 10.0.0.0/24 -> 192.168.213.10 ) wi0 192.168.213.10/30 | | Wireless VPN | | 192.168.213.9/30 xl2 FreeBSD NATD ( divert natd all from any to any ) xl0 200.x.x.5/24 | 200.x.x.1/24

Hello, I have given myself quite the headache trying to make this VPN work correctly. I am attempting to use racoon to establish keys and construct an encrypted tunnel between one host(A.A.A.A) with a routable IP address and another that has a private address(10.0.0.2) with a cable modem(B.B.B.B) forwarding all ports to the private address(10.0.0.2). Here is a quick topographic dipiction of the

Hello, My name is Fermín Galán and I''m currently working with IPSec tunnels. Recently, I was setting a IPSec tunnelling sample scenario (maybe the simplest one :), where I observed some strange behaviour that I like to describe in the list, just in the case somebody knows what can be the cause, please. The scenario involves four hosts configured in the following way:

On Sun, 23 Feb 2003 09:47:05 -0800, "Sam Leffler" <sam@errno.com> said: > >> Add a new config option IPSEC_FILTERGIF to control whether or not >> packets coming out of a GIF tunnel are re-processed by ipfw, >> et. al. By default they are not reprocessed. With the option they >> are. > > This may affect your ipfw/ipf rules. If you are happy with

hello i am trying to set up ipsec in my network, for now just between two hosts, using to use AH & ESP in tunnel mode to get all of packet encrypted. keys are negotiated with racoon. mayby using tunnel mode in this case can seems strange, but i know what i am doing. after setting up everything i have done few tests with ping & tcpdump. but the results are very suprising. bellow is what i

Hello. I try to configure IPSEC to bybass ssh protocol. For example: setkey -FP setkey -F setkey -c << EOF spdadd 10.1.1.1/32 10.6.10.50[22] tcp -P in none ; spdadd 10.1.1.1/32 10.6.10.50 tcp -P in ipsec ah/transport//require ; EOF (Pass incoming ssh packets to 10.6.10.50, block other tcp packets) This works under fresh 7-CURRENT(FAST_IPSEC). On fresh 6-STABLE (neither FAST_IPSEC nor