Displaying 20 results from an estimated 400 matches similar to: "IPSec tunnels and routing: strange behaviour"
2007 May 04
1
Multiple SA in the same IPSec tunnel
Hi,
When a IPSec tunnel is established between two peers, I understand that the
"normal" situation is to have in a given moment two SAs, one for each
direction of the tunnel.
However, in one of my tunnels (peer P1 running GNU/Linux with setkey and
racoon; peer P2 is a Cisco router) there is a large number (around 19) of
SAs established (this has been observed in P1 with
2004 Sep 24
2
strange behavior of ipsec tunnel mode
hello
i am trying to set up ipsec in my network, for now just between two hosts, using to use AH & ESP
in tunnel mode to get all of packet encrypted. keys are negotiated with racoon.
mayby using tunnel mode in this case can seems strange, but i know what i am doing.
after setting up everything i have done few tests with ping & tcpdump. but the results are very suprising.
bellow is what i
2005 Jul 01
1
Problem with IPSec tunnel, using IPv6 addresses, between Two FreeBSD systems.....
Hi All,
I need to establish an IPSec tunnel between two
FreeBSD systems, using IPv6 addresses.The connetcion
is
host-to-host between two FreeBSD( RELEASE 4.11)
systems with KAME IPSec implementation.
I tried to establish the connection, but it has some
problems which are explained below.
|----------------->|
host1-[mohan]| |host2-[ram]
2005 Jun 30
1
Problem with IPSec tunnel, using IPv6 addresses, between Two FreeBSD systems...?
Hi All,
I need to establish an IPSec tunnel between two
FreeBSD systems using IPv6 addresses.The connetcion is
host-to-host between two FreeBSD( RELEASE 4.11)
systems with KAME IPSec implementation.
|----------------->|
host1-[mohan]| |host2-[ram]
|<-----------------|
host1 IPv6 address : fe80::2b0:d0ff:fe6f:dfa0
host2 IPv6 address :
2007 Mar 05
1
File exists?
Hello,
I''m trying to put 3 nodes in a vpn in tunnel mode.
When I run setkey on the following file, I end up with
The result of line 33: File exists.
That error isn''t overly helpful, so I was hoping that someone could explain
the issue.
Here''s the file, with line 33 highlighted.
Help appreciated.
Mike
# Flush the SAD and SPD
flush;
spdflush;
# Add SA for
2004 Sep 04
0
Ipsec and kernel 2.6.8
Hi all :-)
I have a problem with my current configuration of ipsec. I''m using ipsec with
kernel 2.6 and racoon. I have two computers linked by wireless cards. The first
(192.168.1.1 Zeus) is connected to internet through a DSL modem and the second
(192.168.1.2 Memphis) is accessing internet through the first. I want with
ipsec to encrypt all datas between the two computers.
I can
2004 Oct 22
0
IPSec tunnel mode with IKE daemon
Hi all.
The IPSec part of the LARTC howto is great, but I''ve hit a problem in
7.3. IPSEC tunnels. The example given is for manual keying:
add 10.0.0.216 10.0.0.11 esp 34501
-m tunnel
-E 3des-cbc "123456789012123456789012";
How does one setup "tunnel mode" using racoon?
Trying to setup an ipsec tunnel between two subnets: 10.10.42.0/24 and
10.1.1.0/24 using a
2005 Jun 30
0
Problem with IPSec tunnel, using IPv6 addresses, .........
Hi All,
In the previous mail, I have sent is only the problem
that occurs, because of using IPv6 addresses. But the
connection works with IPv4 addresses without any
problem.
Thanx,
Mohan.
__________________________________________________________
How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com
2004 Nov 15
1
IPSec tunnel
Hi!
I''m testing IPSec tunnels, having the following test schemma:
Host A - eth0: 192.168.1.67
eth1: 192.168.10.1
Host B - eth0: 192.168.1.254
eth1: 192.168.20.1
I''ve succesfully configured an IPSec tunnel in order to safely
communicate from 192.168.10.0/24 (which is obviously behind Host A), and
192.168.20.0/24 (obviously behind Host B)
In this test
2007 Feb 22
5
Problem creating domU: "Device 2049 (vbd) could not be connected. Hotplug scripts not working."
Hello,
My name is Fermín Galán. I have started recently to use Xen (so please
forgive me in advance if I''m too "newbie" :) and I''m facing my first
problems...
I''m trying to create a domU, but I''m getting an error:
tornado:~# xm create test.cfg -c
Using config file "/etc/xen/test.cfg".
Error: Device 2049 (vbd) could not be connected.
2006 May 31
14
Linux router performance
Hi,
I wonder about the performance of a Linux box used as router (I guest I''m
not the first :). Althought I know it mainly depends on the hardware, I''m
trying to find some references on the topic or comparations with other
routing solutions (FreeBSD box used as router, Cisco, etc). For example,
http://facweb.cti.depaul.edu/jyu/Publications/Yu-Linux-TSM2004.pdf
(althought is
2007 Sep 03
3
Shorewall + IPSec: help debugging why gw1<->gw2 SA works, but loc<->gw2 traffic doesn't trigger SA
Dear list,
I''m running Shorewall on a dedicated Fedora 7 box. Shorewall is working
well as an office DSL router (dynamic IP) with loc and dmz zones. I am now
trying to configure IPSec to connect a VPS, "casp", with a static IP to both
the firewall and to the loc network behind it. The host to host SA works
fine. However, pings from "loc" to "casp" can be
2008 Jun 12
1
[7-STABLE] ping -s 4000 with ipsec panic
[FreeBSD 7-STABLE/i386]
Hello,
I've got a 100 % reproductible panic with ipsec when using a
'ping -s 4000'. It works without ipsec
My ipsec setup is very simple, i just use setkey:
/etc/ipsec.conf
flush;
spdflush;
add 192.168.1.21 192.168.1.200 esp 1011 -E rijndael-cbc
"0123456789012345";
add 192.168.1.200 192.168.1.21 esp 1012 -E rijndael-cbc
2007 Sep 19
0
Exclude service from IPSec, using ipsec-tools
Hi All,
I''m trying to setup a VPN Between a Linux Box (CentOS 4) and Check
Point FW-1 (NGX R65) and I actually already done this. However I''m
having a problem with Policy "none" when using ports, for example, I
want to exclude
from VPN the "ssh" service, so my commands to setkey was.
# Excluded services ssh
spdadd 172.20.0.0/16[any] 172.16.0.0/16[22] tcp -P
2006 May 26
0
IPSEC - tcp port match
Hello.
I try to configure IPSEC to bybass ssh protocol. For example:
setkey -FP
setkey -F
setkey -c << EOF
spdadd 10.1.1.1/32 10.6.10.50[22] tcp -P in none ;
spdadd 10.1.1.1/32 10.6.10.50 tcp -P in ipsec ah/transport//require ;
EOF
(Pass incoming ssh packets to 10.6.10.50, block other tcp packets)
This works under fresh 7-CURRENT(FAST_IPSEC). On fresh 6-STABLE (neither
FAST_IPSEC nor
2003 May 15
2
FW: iHEADS UP: ipsec packet filtering change
> -----Original Message-----
> From: Greg Panula [mailto:greg.panula@dolaninformation.com]
> Sent: 12 May 2003 11:10
> To: Matthew Braithwaite
> Cc: stable@freebsd.org
> Subject: Re: iHEADS UP: ipsec packet filtering change
>
> You don't really need the gif tunnels for ipsec. Gif is more geared
> towards ipv4 <=> ipv6 type tunnels. A few of ipsec
2007 Apr 18
1
[Bridge] Re: Bridge Digest, Vol 31, Issue 6
Hello
You must add first:
vlan (tagged) to eth2
eth2 interface is not tagged by default and not know vlan-s .
It is like a cisco if you have 24 ports in cisco by default all ports
are in vlan1. if you want to do trunk (with vlans) you myst add (vlans)
to this ports (tagged or untagged)
So you can compare that all interfaces in linux by default are in one
vlan(but not tagged). (only for
2004 Apr 27
2
IPsec works, but racoon/IKE does not
I have no idea whatsoever as to why racoon/IKE does not work here.
I've tried various how-to documents but found nothing that works for
me.
Gateway (10.0.0.1) running 4.9-stable.
Laptop (10.0.0.10) running 5.2.1-release.
Both running racoon-20040408a
On the gateway 10.0.0.1
# cat /etc/ipsec.conf
add 10.0.0.1 10.0.0.10 esp 691 -E rijndael-cbc "1234567890123456" -A
hmac-sha1
2007 Apr 18
0
[Bridge] swithing trunk (tagged 802.1q traffic) with brctl
Hello,
My name is Ferm?n Gal?n and I work as Research Engineer at CTTC, Spain. I'm
trying to configure a bridge with brctl to switch VLAN tagged traffic
(802.1q), but I'm getting some problems.
In particular, I've a physical interface (eth2) connected to a Cisco trunk
port (so, the traffic to/from eth2 is tagged). I've added eth2 to a bridge
('brctl addif somebrige
2004 Jul 26
1
Cisco IOS and racoon
I am trying to get a tunnel from a cisco 1760 with IOS 12.2.15.t13 to a
freebsd 4.9 install with racoon. I have package version
freebsd-20040408a and internal version 20001216 in my log file.
I posted the full racoon and cisco log below my configs.
Racoon keeps saying:
2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
2004-07-26 16:24:03: DEBUG: