similar to: IPSec tunnels and routing: strange behaviour

Hi, When a IPSec tunnel is established between two peers, I understand that the "normal" situation is to have in a given moment two SAs, one for each direction of the tunnel. However, in one of my tunnels (peer P1 running GNU/Linux with setkey and racoon; peer P2 is a Cisco router) there is a large number (around 19) of SAs established (this has been observed in P1 with

hello i am trying to set up ipsec in my network, for now just between two hosts, using to use AH & ESP in tunnel mode to get all of packet encrypted. keys are negotiated with racoon. mayby using tunnel mode in this case can seems strange, but i know what i am doing. after setting up everything i have done few tests with ping & tcpdump. but the results are very suprising. bellow is what i

Hi All, I need to establish an IPSec tunnel between two FreeBSD systems, using IPv6 addresses.The connetcion is host-to-host between two FreeBSD( RELEASE 4.11) systems with KAME IPSec implementation. I tried to establish the connection, but it has some problems which are explained below. |----------------->| host1-[mohan]| |host2-[ram]

Hi All, I need to establish an IPSec tunnel between two FreeBSD systems using IPv6 addresses.The connetcion is host-to-host between two FreeBSD( RELEASE 4.11) systems with KAME IPSec implementation. |----------------->| host1-[mohan]| |host2-[ram] |<-----------------| host1 IPv6 address : fe80::2b0:d0ff:fe6f:dfa0 host2 IPv6 address :

Hello, I''m trying to put 3 nodes in a vpn in tunnel mode. When I run setkey on the following file, I end up with The result of line 33: File exists. That error isn''t overly helpful, so I was hoping that someone could explain the issue. Here''s the file, with line 33 highlighted. Help appreciated. Mike # Flush the SAD and SPD flush; spdflush; # Add SA for

Hi all :-) I have a problem with my current configuration of ipsec. I''m using ipsec with kernel 2.6 and racoon. I have two computers linked by wireless cards. The first (192.168.1.1 Zeus) is connected to internet through a DSL modem and the second (192.168.1.2 Memphis) is accessing internet through the first. I want with ipsec to encrypt all datas between the two computers. I can

Hi all. The IPSec part of the LARTC howto is great, but I''ve hit a problem in 7.3. IPSEC tunnels. The example given is for manual keying: add 10.0.0.216 10.0.0.11 esp 34501 -m tunnel -E 3des-cbc "123456789012123456789012"; How does one setup "tunnel mode" using racoon? Trying to setup an ipsec tunnel between two subnets: 10.10.42.0/24 and 10.1.1.0/24 using a

Hi All, In the previous mail, I have sent is only the problem that occurs, because of using IPv6 addresses. But the connection works with IPv4 addresses without any problem. Thanx, Mohan. __________________________________________________________ How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com

Hi! I''m testing IPSec tunnels, having the following test schemma: Host A - eth0: 192.168.1.67 eth1: 192.168.10.1 Host B - eth0: 192.168.1.254 eth1: 192.168.20.1 I''ve succesfully configured an IPSec tunnel in order to safely communicate from 192.168.10.0/24 (which is obviously behind Host A), and 192.168.20.0/24 (obviously behind Host B) In this test

Hello, My name is Fermín Galán. I have started recently to use Xen (so please forgive me in advance if I''m too "newbie" :) and I''m facing my first problems... I''m trying to create a domU, but I''m getting an error: tornado:~# xm create test.cfg -c Using config file "/etc/xen/test.cfg". Error: Device 2049 (vbd) could not be connected.

Hi, I wonder about the performance of a Linux box used as router (I guest I''m not the first :). Althought I know it mainly depends on the hardware, I''m trying to find some references on the topic or comparations with other routing solutions (FreeBSD box used as router, Cisco, etc). For example, http://facweb.cti.depaul.edu/jyu/Publications/Yu-Linux-TSM2004.pdf (althought is

Dear list, I''m running Shorewall on a dedicated Fedora 7 box. Shorewall is working well as an office DSL router (dynamic IP) with loc and dmz zones. I am now trying to configure IPSec to connect a VPS, "casp", with a static IP to both the firewall and to the loc network behind it. The host to host SA works fine. However, pings from "loc" to "casp" can be

[FreeBSD 7-STABLE/i386] Hello, I've got a 100 % reproductible panic with ipsec when using a 'ping -s 4000'. It works without ipsec My ipsec setup is very simple, i just use setkey: /etc/ipsec.conf flush; spdflush; add 192.168.1.21 192.168.1.200 esp 1011 -E rijndael-cbc "0123456789012345"; add 192.168.1.200 192.168.1.21 esp 1012 -E rijndael-cbc

Hi All, I''m trying to setup a VPN Between a Linux Box (CentOS 4) and Check Point FW-1 (NGX R65) and I actually already done this. However I''m having a problem with Policy "none" when using ports, for example, I want to exclude from VPN the "ssh" service, so my commands to setkey was. # Excluded services ssh spdadd 172.20.0.0/16[any] 172.16.0.0/16[22] tcp -P

Hello. I try to configure IPSEC to bybass ssh protocol. For example: setkey -FP setkey -F setkey -c << EOF spdadd 10.1.1.1/32 10.6.10.50[22] tcp -P in none ; spdadd 10.1.1.1/32 10.6.10.50 tcp -P in ipsec ah/transport//require ; EOF (Pass incoming ssh packets to 10.6.10.50, block other tcp packets) This works under fresh 7-CURRENT(FAST_IPSEC). On fresh 6-STABLE (neither FAST_IPSEC nor

> -----Original Message----- > From: Greg Panula [mailto:greg.panula@dolaninformation.com] > Sent: 12 May 2003 11:10 > To: Matthew Braithwaite > Cc: stable@freebsd.org > Subject: Re: iHEADS UP: ipsec packet filtering change > > You don't really need the gif tunnels for ipsec. Gif is more geared > towards ipv4 <=> ipv6 type tunnels. A few of ipsec

Hello You must add first: vlan (tagged) to eth2 eth2 interface is not tagged by default and not know vlan-s . It is like a cisco if you have 24 ports in cisco by default all ports are in vlan1. if you want to do trunk (with vlans) you myst add (vlans) to this ports (tagged or untagged) So you can compare that all interfaces in linux by default are in one vlan(but not tagged). (only for

I have no idea whatsoever as to why racoon/IKE does not work here. I've tried various how-to documents but found nothing that works for me. Gateway (10.0.0.1) running 4.9-stable. Laptop (10.0.0.10) running 5.2.1-release. Both running racoon-20040408a On the gateway 10.0.0.1 # cat /etc/ipsec.conf add 10.0.0.1 10.0.0.10 esp 691 -E rijndael-cbc "1234567890123456" -A hmac-sha1

Hello, My name is Ferm?n Gal?n and I work as Research Engineer at CTTC, Spain. I'm trying to configure a bridge with brctl to switch VLAN tagged traffic (802.1q), but I'm getting some problems. In particular, I've a physical interface (eth2) connected to a Cisco trunk port (so, the traffic to/from eth2 is tagged). I've added eth2 to a bridge ('brctl addif somebrige

I am trying to get a tunnel from a cisco 1760 with IOS 12.2.15.t13 to a freebsd 4.9 install with racoon. I have package version freebsd-20040408a and internal version 20001216 in my log file. I posted the full racoon and cisco log below my configs. Racoon keeps saying: 2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:24:03: DEBUG: