similar to: IMQ with IPSec

Hello Gurus, I am a small problem with routing and here are the details. Interfaces on my server: * ipsec0 - 172.19.58.94 * tunl0 - 172.19.58.94 * eth0 - 172.19.58.94 Now, the problem is that there is another host 172.19.58.200. All communication to 172.19.58.200 should be through tunl0, and all the data should be secured using IPSec (tunnel mode - because there are more machines on my

I am attempting to create an ipsec tunnel between two CentOS 5.1 systems, network-to-network with two different 192.168.xxx.0/24 LAN segments. I have gone through the documentation on the centos web site, and have the machines to the point where the /var/log/messages show ``IPsec-SA established'' on both machines after runnig ``ifup ipsec0'' (same ipsec0 on each machine). IP

Hello all, I am working with kernel 2.2.20 with the necessary options configured into the kernel to support all of the wonderfully fancy routing features: - routing based on ToS - routing based on fwmark - multiple routing tables This same kernel is in use elsewhere, and is routing based on fwmark with success. This leads me to believe that my kernel is OK and that I have another

Hi, I''m trying to set-up an ipsec tunnel between a Redhat9 box and a Netgear FVS318. When trying to initialise the connection - ifup ipsec0 - I get the error: RTNETLINK answers: Network is unreachable This would lead me to believe shorewall is blocking ipsec. My config is below. The output of ''shorewall status'' is attached. Any help in pointing out if I''ve

Hi, I''ve never actually even tried to use the IMQ device before, but I''ve watched the emails go back and forth on various problems associated with it, and what looks like some general instability. How stable is it really ? Is it suitable for full-time use on a large number of routers ? Has anyone used it on ipsec0 + eth0 devices for shaping ? and lastly, any difference

I just got the list confirmation and noticed it''s text only email so here it is again in plain text. Below is the oringal message. Hi all, I am really struggling with this one, I have built a lot of linux machines using IPSEC tunnels and shorewall gateways. I decied to build a new test machine with Debian running 2.4.25 and Shorewall 2.0.15. I have two subnets on their own switches and

[ sorry for cross-posting this to newbies and users, but I''m a bit desperate to get this resolved ] This is strange... I had this working before without any problems, and recently we started to have some odd issues. I can''t be sure exactly what has changed as I''m unfortunately not the only person with access to the server. {sigh} The problem is that I pretty much

hi, I can''t get a freeswan 2.02 ipsec x509 connection at work can somebody help me? ************************************************************************************* global situation ************************************************************************************* the linux gateway (chivas) is a single machine 192.168.1.250 with a local net 192.168.1.0/24, a dyn IP via a DSL

This one is a bit complex so if no help is forthcoming, I understand. I have 2 shorewall firewalls (1.3.13) up and running. (both machines running Gentoo Linux 1.4_rc2) I have freeswan (1.98) running on each of them. I have squid setup as a caching/filtering server on each of them. Each of them was originally setup using the Two-interface Quick Start Guide. Then the Squid guide and then the IPSEC

(list admin, please cancel the same post from my other email address -- forgot to change it on first submission) I need to setup QoS on a linux router/firewall I maintain. I spent 10 hours reading everything I could find on QoS/HTB/iproute2 and came up with what I thought made sense for my situation. So I deployed it and BOOM! KERNEL PANIC! Not what I was expecting... now the debugging begins.

I am machines on IPsec VPN which is a subnet of my bigger LAN ( ie I have machines on the LAN which is not in the VPN ), specifically :- 192.168.132.0/29:0 -> internet ---> 192.168.1.192/27:0 ( local subnet ---> internet--> remote subnet ) # ip route list ... 192.168.1.192/27 via 21x.18x.11x.8x dev ipsec0 192.168.1.0/24 via 192.168.15.146 dev eth0 ... Now, the machines in the

Hello, it looks like the usual way to do ipsec on centos5 won't work anymore on centos6 I installed ipsec-tools but an interface type IPsec is not recognized by the kernel ifup ipsec0 Device does not seem to be present, delaying initialization. I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5 any hints ? thank you

Hi. -j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don''t return in parent chain??? cause -j ACCEPT action accept the packet in the child chain and don''t return it to parent... example: ipt="iptables -t mangle" $ipt -N HTTP $ipt -A HTTP -j IMQ // after this packet packets go to -t nat tables? or // it return to parent chain (PREROUTING) in mangle?

I am have a shorewall firewall and freeswan ipsec running on a redhat 8.0 Linux gateway machine. I have one working tunnel defined, all works well. I am not clear how to define mutiple concurrent tunnels. I can not add further interface entries as all the tunnels come in on ipsec0, do I still have mutiple zone definitions? some of the tunnels will be dynamic roadwarriors and as such would need a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, been awhile since I''ve written. I now have a situation where I get to use traffic shaping for a client. ~ We implemented the WonderShaper script on our own firewall and experienced no problems. I made some modifications to it to add IPSec protocol packets into the 1:10 high priority class using the u32 filter. ~ So far on our

I just wanted to drop a success notice to the list. We always hear the failures, and rarely the successes! ;-) After switching from FC1 and freeS/WAN ipsec to the new native linux 2.6 ipsec (ie: setkey-based) my QoS code suddenly started working properly! Previously, with FC1 and freeS/WAN, I found it impossible and rather buggy (kernel panics!) to get QoS to make any difference at all. My

Hi all, my IMQ device works OK (thanks to Andy Furniss), but now I''ve problems to attach the traffic in the qdisc''s. This is my conf: ----------------------------------------------------------------------- INET | |eth0 300Kbps ROUTER (NAT) |eth1 | LAN ----------------------------------------------------------------------- MAX=300 tc qdisc add dev imq0 root handle 1: htb

Hello, Some time ago I''ve read somewhere that local traffic in IMQ could hung up the whole system but it was corrected long time ago. So I was very surprised yesterday when it occurred not true. While testing IMQ I''ve observed for some time that - if you tag some local traffic with iptables both in pre- and postrouting - kernel is hunging up. It is happening quite quick with

Hi I''ve a stupid question. How can I shape upload using IMQ? Instead of putting a rule in iptables in PREROUTING should i use POSTROUTING? And another question is, can I make routing rule based on ip addresses assigned by iptables to an imq device? The idea is, let''s say i have some rules in iptables like: -t mangle -A PREROUTING -s 192.168.0.0/16 -j IMQ --todev 0 Can i route