similar to: Re: interesting expert problem - shaping over VPN

Here''s a challenging problem for you experts to tackle: I''m trying to shape traffic going into an IPSEC interface which then goes over a DSL PPPoE interface. I figure I need to shape the DSL interface to keep it''s hardware queue mostly empty, and to

Sorry Dag, it is possible to use linux as a roadwarrior client: http://www.fw-1.de/aerasec/ng/vpn-racoon/CP-VPN1-NG-Linux-racoon-roadwarrior.html -------- Original Message -------- Subject: Re: [CentOS] Connecting CentOS to IPSEC VPN (Checkpoint FW1) Date: Mon, 21 Aug 2006 15:20:55 +0200 From: carlopmart <carlopmart at gmail.com> To: CentOS mailing list <centos at centos.org>

Ok, earlier I post a message explaining my problem with HTB and layer7 (or ipp2p), about not being able to shape the traffic. Well, actually this is what''s happening, I''m marking the packets (right now, I''m using ipp2p as Klaus adviced me to) with iptables, and my queue rules are made using tcng, I''m using the HTB qdisc, and traffic is going to the HTB class

Hi I''m looking for a quick recipe for a newbie to control http traffic in my linux gw. My internet is overloaded already and vpn external clients are experiencing troubles (disconnecting in peak hours). Any suggestions ? Regards Guillermo Caracas/Venezuela On Thu, 2004-05-06 at 14:40, lartc-request@mailman.ds9a.nl wrote: > Send LARTC mailing list submissions to >

I have the following network: External Interface External Interface ccc.ccc.ccc.ccc aaa.aaa.aaa.aaa | | --> VPN <--> Internet <--> FreeBSD Client (NATed extip: bbb.bbb.bbb.bbb) | FW-1 Protected Net ddd.ddd.ddd.ddd/24 VPN: ipsec freeswan (UDP encapsulated tunnel) ccc.ccc.ccc.ccc has port 136/UDP open for

Hello, some days ago, I was asking for help here about not able to do anything when I had bittorrent running, I will post the problem here: I''m using ipp2p to mark p2p packets, and then send them with -j CLASSIFY to the correct HTB class, I see traffic in the class when I start azurerus, and traffic does get shaped, but then I''m still not able to surf the web nor chat nor

Hi all, ive been reading lartc howto, im new about traffic shaping/police. As far as red (chapter 9 complete) i saw that first the packet passes at the ingress qdisc, then it passes to the ip stack if the packet is directed to the box or its forwarded (is my case), then it falls to the egress classifier/s. Now, i understand if i have an ipsec vpn at the outside interface, the egress

Thank you for your help. It generates this script : tc qdisc add dev eth0 handle 1:0 root htb default 2 tc class add dev eth0 parent 1:0 classid 1:1 htb rate 75000bps ceil \ 75000bps tc class add dev eth0 parent 1:0 classid 1:2 htb rate 125000bps tc filter add dev eth0 parent 1:0 protocol all prio 1 u32 match u32 \ 0xa000001 0xffffffff at 12 classid 1:1 But I thought it was necessary to

Hi, Does anyone have experience using IPSEC on CentOS in order to connect to vendor IPSEC-based VPN products (specifically Checkpoint FW1) ? Is the included IPSEC implementation sufficient, or do people have to rely on OpenSWAN or FreeSWAN ? I'd be testing tomorrow and I'm interested with experiences others have had and things to look out for. Thanks in advance, -- dag wieers, dag

hi all. i really need help. i need a working example on shaping the ingress per user using tcng without IMQon a mechine which has two interfaces, and acts like a firewall, and NAT for intrenet connection sharing: eth0 is the external facing the Internet. eth1 is the internal towards my LAN/office network. Please i dont want other than tcng code. iptables code i read on some pages seems

hello i am trying to set up ipsec in my network, for now just between two hosts, using to use AH & ESP in tunnel mode to get all of packet encrypted. keys are negotiated with racoon. mayby using tunnel mode in this case can seems strange, but i know what i am doing. after setting up everything i have done few tests with ping & tcpdump. but the results are very suprising. bellow is what i

I am working on traffic shaping using the nextenso proxy platform(a product of alcatel)on linux platform, I wish to do dynamic traffic shaping means on a fly, is that possible with TCNG?? With Warm Regards, Aruna Baghel "Gratitude can transform common days into thanksgivings, turn routine jobs into joy, and change ordinary opportunities into blessings."

On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip257 at gmail.com> wrote: > I second Eero's comment, use a new IPSec daemon. > > Openswan was forked and became Libreswan. Paul, now a RH employee, was a > main developer for the Openswan project before he and others created the > Libreswan fork. > https://libreswan.org/ > > EL6 has Openswan > EL7 has

Will ask my boss :) We are hosted on memset so not so easy to update Thanks On 21 March 2016 at 17:36, Eero Volotinen <eero.volotinen at iki.fi> wrote: > Centos 5 is still soon end of life. Using it as ipsec gateway is .. > > Eero > 21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com> kirjoitti: > >> On Mon, Mar 21, 2016 at 1:17 PM, Mike -

To be fair its not highly sensitive info we are dealing with. -----Original Message----- From: "Eero Volotinen" <eero.volotinen at iki.fi> Sent: ?21/?03/?2016 17:51 To: "CentOS mailing list" <centos at centos.org> Subject: Re: [CentOS] IPSec multiple VPN setups Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce" <glennpierce at

Hi I hope someone can answer something I'm sure is quite basic. I am following the instructions at https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html On setting up a VPN The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file. When I bring up my connection ifup bicester I get RTNETLINK

Yes you can. Please use newer version of centos and strong/openswan. Eero 21.3.2016 7.05 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: > Hi I hope someone can answer something I'm sure is quite basic. > > I am following the instructions at > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html > On setting up a VPN > > The part

Hi all, We have 2 class C networks that are connected by a Linux router with the internet. We want to apply traffic control (bandwidth control). For that we wrote the tcc script below. We have 2 problems: 1. To establish a 2 megagit download we must actually set the value to 2500kbps. Is there a possible reason for that? 2. If we enable the WAN device we get very hight ping times (they change

Centos 5 is still soon end of life. Using it as ipsec gateway is .. Eero 21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com> kirjoitti: > On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip257 at gmail.com> > wrote: > > > I second Eero's comment, use a new IPSec daemon. > > > > Openswan was forked and became Libreswan. Paul, now

Hi, Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey on which I have one address on my side acting as an SNAT router for all traffic from my network to a network segment on the far side. my network --- my gateway ---------------------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can