similar to: IPSec gateway configuration

helo again. I think this question i am asking is worth: we know that pppoe-server creates a pppX device on each connection done to it. So, when i have to shape, i have to shape each pppX connection device on itself alone. What i know is that the borrowing method on one device by itself, e.g. ppp0, alone using HTB or the like. this means that i have to create for another device, e.g. ppp1,

hi all. i am currently now serving PPPoE in my area. i had a script generated from tcng that worked perfectly before i started serving PPPoE. the issue is not in the script it self BUT in that "tc" code is not shaping on the ethernet anymore BUT INSTEAD on the pppX devices. I tested it and talking jargon, what should i do? The issue is that for each PPPoE login, PPPoE-server

class wrote on 06/10/2004 11:18:48: > Hello, I have the following situation: > > 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24 > 192.168.176.2 pop3 ipsec > racoon > > > policy: (Machine A and B) > ------- > loc vpn ACCEPT > vpn loc ACCEPT > all

class wrote on 06/10/2004 11:18:48: > Hello, I have the following situation: > > 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24 > 192.168.176.2 pop3 ipsec > racoon > > > policy: (Machine A and B) > ------- > loc vpn ACCEPT > vpn loc ACCEPT > all

I have a tc script which splits the bandwidth in 8 leaf classes based on IP filtering. The script looks like this: tc filter add dev $LAN_IFACE protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.0.121 flowid 1:11 The separation works excellent for downloads, but for uploads, it is ignored... Can you tell me how to deal with it? Thanks in advance, Vlad Mihai

OK, here it is. Near perfect bandwidth calculation for ADSL users. Patch iproute2 with the HTB stuff and then this: It''s still a hack (as far as I can tell) because we are patching the rates tables, and hence I think it is only loosly coupled with the actual calculation of bytes in each bucket. However, it works very nicely for me! I have only been lightly testing with

Hi Guys, I would just like to have advice and pointers of the best way would be, Someting like BGP or OSPF? I have 2 internet connections at diffrent locations. let say connection A and B 1.) router A has a fast internet connection and a seperate interface for clients using /lan/pppoe/ipsec etc and another ethernet interface going to router B 2.) router B has similiar setup as router A and

Hello Lartc Mailing List: Been working on something the last week and a half and ALMOST have it working.., just need a few pointers from the wizards on this mailing list to nail it. Ok, my setup is a hub and spoke arrangement, hub is Cisco 2821 with IOS 12.4. Spokes are ruggencom RX1000 routers, Debian based with the following versions installed: rx1000test:~# uname -a Linux rx1000test

Hello again, I may have a common problem to solve but it seems it is harder than I thought... I have 2 internet providers (each one having a different gateway). Behind the router there are around 100 clients that are SNAT-ed. I want some clients to be SNAT-ed to the first provider, while the others to the second one. The following lines should work: iptables -t nat -A POSTROUTING -s

OK, I''m stumped. I''ve read through most of the LARTC HOWTO and have yet to find a basis for what I need to accomplish. I have a Linux box that controls access to and from the Internet at my workplace. We have a number of remote employees that connect via PPTP and IPSEC to the office''s internal network. Some of these remote employees are currently using SIP phones.

[ -netters, please Cc me or security@ with replies. ] I'm running into trouble integrating dynamic racoon-based IPSec into a network with ipfw and natd. I need to be able to allow VPN access from any address from authenticated clients. I've got the dynamic VPN working, with racoon negotiating SAs and installing SPs, but the problem is that I can't tell whether an incoming packet on

From: User Lists <clopmz at yahoo.com> > Thak you for your responses. > I will use CentOS-3 as a firewall.. Nothing against CentOS as a firewall, but you might consider a distro that is more focused as a plop'n drop "security applicance" distro: http://www.ipcop.org 4-zone segmentation (WAN, DMZ, LAN, WLAN) Integrated real-time and statistical logging, Snort IDS,

I''ve installed Shorewall 3.0.5 on a Debian Sarge box, and I''m attempting to route internet traffic through a couple of ISPs, and I''ve come up against some problems. The first is that one of my links is a pppoe connection to a wireless modem, and I can''t configure it to have a static IP address... therefore I can''t see how I can set up the two

Hi, I''m in a process of setting up a firewall system, which is going to be also an ipsec/l2tp and pptp vpn server for some mobile clients. The problem is, that the system has two ISPs a cable one (no problems here) and a DSL provider. Because of the DSL provider the system is going to have one pppN interface for DSL (net zone) and many pppX interfaces for l2tp/pptp (loc zone)

Here''s a challenging problem for you experts to tackle: I''m trying to shape traffic going into an IPSEC interface which then goes over a DSL PPPoE interface. I figure I need to shape the DSL interface to keep it''s hardware queue mostly empty, and to

Hi, Does anyone have experience using IPSEC on CentOS in order to connect to vendor IPSEC-based VPN products (specifically Checkpoint FW1) ? Is the included IPSEC implementation sufficient, or do people have to rely on OpenSWAN or FreeSWAN ? I'd be testing tomorrow and I'm interested with experiences others have had and things to look out for. Thanks in advance, -- dag wieers, dag

Hello. I wonder how just correct couple of spdadd commands like spdadd 192.168.1.0/24 192.168.2.0/24 any -P out ipsec esp/tunnel/10.1.0.1-10.2.0.1/require; spdadd 192.168.2.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/10.2.0.1-10.1.0.1/require; makes _routing_ of packets from 192.168.1/24 into 192.168.2/24. If I understand correctly how it works on *BSD, these commands with make already

we have an external 2Mbit dsl connection and running on it are several gre vpn tunnels so far i''ve given priority to the vpn traffic (using htb) can i now put rules in for the tunnels to control traffic within each tunnel (that''s where our video conferencing etc runs)? or can i only control the real interface (eth1 in our setup)? if not can i somehow see the packets inside the

Hi, anybody successfully running win32 client with Cisco vpn client against ipsec-tools? I'm looking for elegantly running VPN road warrior solution. Scenarios are: - ipsec-tools with Cisco vpn client - pptpd with Windows XP native client - OpenVPN with OpenVPN Windows client - ??? Any hints? Thanks for reply. David Hrb??

Hi there, I am just starting out with the TC and iproute2 tools. I have given Bert Hubert''s Linux Advanced Routing And Traffic Control Howto a couple of reads but know I don''t have a full grasp of concepts yet. My immediate need is to make sure ipsec traffic between two linux firewall/routers is given the greatest priority over all other traffic. In more detail I have