Displaying 20 results from an estimated 2000 matches similar to: "Ipsec route and non-ipsec route"
2005 Jan 03
8
load balancing and DNAT
Does anyone know if load balancing and DNAT work well together? I know
that load balancing and NAT do not, but what about a simple port forward?
I can''t apply Julian Anastasov''s patches, because they don''t work with
PPTP patches. :/
Anyhow, a simple:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport xxx -j DNAT --to
yyy:xxx
iptables -I FORWARD -i eth0 -d yyy -p
2006 Oct 12
0
help
lartc-request@mail
man.ds9a.nl To: lartc@mailman.ds9a.nl
Sent by: cc:
lartc-bounces@mail Subject: LARTC Digest, Vol 20, Issue 13
2006 Jul 26
1
IPSec tunnel mode, through a IPIP tunnel
Hello Gurus,
I am a small problem with routing and here are the details.
Interfaces on my server:
* ipsec0 - 172.19.58.94
* tunl0 - 172.19.58.94
* eth0 - 172.19.58.94
Now, the problem is that there is another host 172.19.58.200. All
communication to 172.19.58.200 should be through tunl0, and all the data
should be secured using IPSec (tunnel mode - because there are more
machines on my
2002 Aug 15
0
conditional routing based on tos/fwmark not working with ipsec
Hello all,
I am working with kernel 2.2.20 with the necessary options configured into
the kernel to support all of the wonderfully fancy routing features:
- routing based on ToS
- routing based on fwmark
- multiple routing tables
This same kernel is in use elsewhere, and is routing based on fwmark with
success. This leads me to believe that my kernel is OK and that I have
another
2007 Feb 21
10
Split access, load balancing AND forwarding: HOW?
The LARTC howto correctly describes load balancing and split
access for traffic from a machine with multiple ISP connections
(http://www.lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS) --
*provided* the traffic originates from the machine itself (i.e.
traffic regularly handled by the INPUT and OUTPUT chains of
iptables).
When forwarding traffic from an attached local network, the
following
2008 Jul 17
1
racoon and ipsec issues
I am attempting to create an ipsec tunnel between two CentOS 5.1
systems, network-to-network with two different 192.168.xxx.0/24
LAN segments. I have gone through the documentation on the
centos web site, and have the machines to the point where the
/var/log/messages show ``IPsec-SA established'' on both machines
after runnig ``ifup ipsec0'' (same ipsec0 on each machine).
IP
2004 Aug 13
1
ipsec tunnel to netgear fvs318
Hi,
I''m trying to set-up an ipsec tunnel between a Redhat9 box and a Netgear
FVS318.
When trying to initialise the connection - ifup ipsec0 - I get the error:
RTNETLINK answers: Network is unreachable
This would lead me to believe shorewall is blocking ipsec.
My config is below.
The output of ''shorewall status'' is attached.
Any help in pointing out if I''ve
2003 Feb 24
2
www over ipsec behind shorewal problem
This one is a bit complex so if no help is forthcoming, I understand.
I have 2 shorewall firewalls (1.3.13) up and running. (both machines running
Gentoo Linux 1.4_rc2) I have freeswan (1.98) running on each of them. I have
squid setup as a caching/filtering server on each of them. Each of them was
originally setup using the Two-interface Quick Start Guide. Then the Squid
guide and then the IPSEC
2005 Feb 02
6
NAT troubles with IPSEC traffic
I just got the list confirmation and noticed it''s text only email so here it
is again in plain text. Below is the oringal message.
Hi all,
I am really struggling with this one, I have built a lot of linux machines
using IPSEC tunnels and shorewall gateways. I decied to build a new test
machine with Debian running 2.4.25 and Shorewall 2.0.15. I have two subnets
on their own switches and
2004 Feb 26
4
Help! Martians invading through IPSec. :-)
[ sorry for cross-posting this to newbies and users, but I''m a bit
desperate to get this resolved ]
This is strange... I had this working before without any problems, and
recently we started to have some odd issues. I can''t be sure exactly
what has changed as I''m unfortunately not the only person with access
to the server. {sigh}
The problem is that I pretty much
2005 Jan 28
0
IMQ with IPSec
Hi,
I would like to shape incomming traffic on eth0 and ipsec0 (binded to eth0).
I need to set minimal bandwidth to some packets going via ipsec0
interface.
It is running fine when I simply mark the ESP (protocol 50) packets in the
PREROUTING chain - means all ipsec packets are shaped.
Like:
iptables -t mangle -A PREROUTING -i eth0 -p 50 -j MARK --set-mark 30
iptables -t mangle -A PREROUTING -i
2003 Jan 14
1
MULTIPLE IPSEC TUNNELS
I am have a shorewall firewall and freeswan ipsec running on a redhat 8.0
Linux gateway machine. I have one working tunnel defined, all works well. I
am not clear how to define mutiple concurrent tunnels. I can not add further
interface entries as all the tunnels come in on ipsec0, do I still have
mutiple zone definitions? some of the tunnels will be dynamic roadwarriors
and as such would need a
2007 Sep 05
6
NAT-aware traffic analysis
I have tried using iptraf for my NAT firewall to analyse the IP traffic.
Basically I am faced with this difficulty of related the source IP
to the outgoing interface to the internet, so I am wondering if
anyone has a suggestion for a different ways to do it, or a suggestion
for a better tool.
Details :-
Supposed : eth0 - LAN
eth1 - WAN1
eth2 - WAN2
And then
2003 Oct 26
4
linux-xp x509 ipsec connection
hi,
I can''t get a freeswan 2.02 ipsec x509 connection at work
can somebody help me?
*************************************************************************************
global situation
*************************************************************************************
the linux gateway (chivas) is a single machine 192.168.1.250 with a local net 192.168.1.0/24,
a dyn IP via a DSL
2003 Mar 14
5
ipsec for linux 2.4 eventually made easy?!
hi there,
I just wanted to share a recent discovery I did on how to setup a secure
VPN implementation for linux 2.4.x (I''m using 2.4.20 but it should be
working, as far as documentation states, for > 2.4.18) without using
FreeS/WAN.
The tool (ipsec_tunnel: http://ringstrom.mine.nu/ipsec_tunnel/, by
Tobias Ringström) is a kernel module based on ipip and ip_gre. It uses
CyptoAPI to
2013 Mar 04
6
Centos6 ipsec troubles
Hello,
it looks like the usual way to do ipsec on centos5 won't work anymore on
centos6
I installed ipsec-tools but an interface type IPsec is not recognized by
the kernel
ifup ipsec0
Device does not seem to be present, delaying initialization.
I am not planning to use the awful OpenSwan, I Want to sue the Kame
implementation which was working fine on CentOS5
any hints ?
thank you
2004 Mar 05
4
Wondershaper breaks IPSec tunnels
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello, been awhile since I''ve written.
I now have a situation where I get to use traffic shaping for a client.
~ We implemented the WonderShaper script on our own firewall and
experienced no problems. I made some modifications to it to add IPSec
protocol packets into the 1:10 high priority class using the u32 filter.
~ So far on our
2006 May 03
5
SNAT on IPSEC tunnel with kernel 2.6/KAME tools?
Hi,
Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey
on which I have one address on my side acting as an SNAT router for all
traffic from my network to a network segment on the far side.
my network --- my gateway ---------------------- remote network
10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22
All traffic starts on my side, so if I can
2004 Dec 22
0
QoS success with FC3 native 2.6 ipsec
I just wanted to drop a success notice to the list. We always hear the
failures, and rarely the successes! ;-)
After switching from FC1 and freeS/WAN ipsec to the new native linux 2.6
ipsec (ie: setkey-based) my QoS code suddenly started working properly!
Previously, with FC1 and freeS/WAN, I found it impossible and rather
buggy (kernel panics!) to get QoS to make any difference at all. My
2004 Aug 11
0
Ipsec and masq
hello,
my setup is rh8 2.4.20-8, shorewall 2.0.7, freeswan-2.04.
------- policy-------
vpn loc accept
loc vpn accept
vpn fw accept
fw vpn accept
---------------------
--------zone -------
net net
loc local
dmz dmz
vpn vpn
------------------------
----- tunnels ---------
ipsec net 0.0.0.0/0 vpn
ipsecnat net 0.0.0.0/0 vpn
--------------------------------------
------ interfaces