similar to: success (continued)

I just wanted to drop a success notice to the list. We always hear the failures, and rarely the successes! ;-) After switching from FC1 and freeS/WAN ipsec to the new native linux 2.6 ipsec (ie: setkey-based) my QoS code suddenly started working properly! Previously, with FC1 and freeS/WAN, I found it impossible and rather buggy (kernel panics!) to get QoS to make any difference at all. My

Here''s a challenging problem for you experts to tackle: I''m trying to shape traffic going into an IPSEC interface which then goes over a DSL PPPoE interface. I figure I need to shape the DSL interface to keep it''s hardware queue mostly empty, and to

Hello, I have a linux box sitting between (and bridging/firewalling) 2 LAN segments. I''m using Bridge/Netfilter/IMQ/tc(htb) to control (shape) mail/web traffic that traverses the 2 networks. The networks also have some VLAN tagged traffic flying around. My linux box behaves OK with VLAN traffic except that the shaping doesn''t seem to work. Normal http shapes alright but as soon

(list admin, please cancel the same post from my other email address -- forgot to change it on first submission) I need to setup QoS on a linux router/firewall I maintain. I spent 10 hours reading everything I could find on QoS/HTB/iproute2 and came up with what I thought made sense for my situation. So I deployed it and BOOM! KERNEL PANIC! Not what I was expecting... now the debugging begins.

Hi, how can I filter IPsec traffic with u32 filters? I know IPsec needs Port 500/UDP and IP protocols 50 and 51. I know how to get the port stuff, but how can I make u32 to match the protocol number? thx, cb _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Lots of updates to the IPSEC documentation on http://lartc.org/howto/lartc.ipsec.html The page lists 4 patches which should be applied to 2.5.47 and 1 patch to be applied to the kame racoon Internet Key Exchange daemon. If these are all applied, everything I throw at it works, modulo some annoying logmessages. Especially new & cool is http://lartc.org/howto/lartc.ipsec.automatic.keying.html

Hi all, Here is a RRD graph ive just made of my packet shaping setup: http://www.overclockers.com.au/~mwp/temp/tc-1hour.png The app creating the P-25 traffic is bittorrent on the Linux box also doing the shaping. P-22 and P-23 is created by FTP transfers. Starts with bittorrent running. At 00:03, an FTP transfer is started on "cool.comp" (windows box). At 00:09, bittorrent is

OK, I''m stumped. I''ve read through most of the LARTC HOWTO and have yet to find a basis for what I need to accomplish. I have a Linux box that controls access to and from the Internet at my workplace. We have a number of remote employees that connect via PPTP and IPSEC to the office''s internal network. Some of these remote employees are currently using SIP phones.

Hi, I''m not sure this is the right list for this type of question... as IPSec isn''t exactly routing. If someone can point me to a dedicated IPSec list (for the 2.6 implementation) i''d be very grateful :) Onto the actual problem... I''m going to be using IPSec to secure a wireless access point. So far, in my experimentation, i have the tunnel from

Hi! I''m testing IPSec tunnels, having the following test schemma: Host A - eth0: 192.168.1.67 eth1: 192.168.10.1 Host B - eth0: 192.168.1.254 eth1: 192.168.20.1 I''ve succesfully configured an IPSec tunnel in order to safely communicate from 192.168.10.0/24 (which is obviously behind Host A), and 192.168.20.0/24 (obviously behind Host B) In this test

Hi, First, never compare a linux box with a cheap and dumb broadband router. I''m not sure if i understand very well your scenario but I asume is like this: 192.168.0.1--------- -----------| ipsec | | --------- 128.X.X.X --------- 192.168.0.254 | ISP ----------| linux |------------------| --------- | ---------

Hi all :-) I have a problem with my current configuration of ipsec. I''m using ipsec with kernel 2.6 and racoon. I have two computers linked by wireless cards. The first (192.168.1.1 Zeus) is connected to internet through a DSL modem and the second (192.168.1.2 Memphis) is accessing internet through the first. I want with ipsec to encrypt all datas between the two computers. I can

I diligently followed the instructions found at .... http://lartc.org/howto/lartc.ipsec.automatic.keying.html#LARTC.IPSEC.X509 ... only to have problems making it work for me. I am trying to use ''racoon'' to make IPSec connections between various Windows clients and a SuSE 9.1 server. Apache2, SSL and Racoon are installed correctly, as far as I can tell. UDP:500 is listening

hi trevor, well, if you''re controlling whats going over the vpn then there are several options: i''ve been playing with racoon lately (well longer then with freeswan) so i''m not so sure with ipsec, but ... it appears that the meta-data ( i.e. packet marking) is perserved on packets that have not yet been encrypted but are going to be. as a general strategy, i would

hello i am trying to set up ipsec in my network, for now just between two hosts, using to use AH & ESP in tunnel mode to get all of packet encrypted. keys are negotiated with racoon. mayby using tunnel mode in this case can seems strange, but i know what i am doing. after setting up everything i have done few tests with ping & tcpdump. but the results are very suprising. bellow is what i

Hi, I would like to shape incomming traffic on eth0 and ipsec0 (binded to eth0). I need to set minimal bandwidth to some packets going via ipsec0 interface. It is running fine when I simply mark the ESP (protocol 50) packets in the PREROUTING chain - means all ipsec packets are shaped. Like: iptables -t mangle -A PREROUTING -i eth0 -p 50 -j MARK --set-mark 30 iptables -t mangle -A PREROUTING -i

hi there, I just wanted to share a recent discovery I did on how to setup a secure VPN implementation for linux 2.4.x (I''m using 2.4.20 but it should be working, as far as documentation states, for > 2.4.18) without using FreeS/WAN. The tool (ipsec_tunnel: http://ringstrom.mine.nu/ipsec_tunnel/, by Tobias Ringström) is a kernel module based on ipip and ip_gre. It uses CyptoAPI to

Hi there, I am just starting out with the TC and iproute2 tools. I have given Bert Hubert''s Linux Advanced Routing And Traffic Control Howto a couple of reads but know I don''t have a full grasp of concepts yet. My immediate need is to make sure ipsec traffic between two linux firewall/routers is given the greatest priority over all other traffic. In more detail I have

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I''m trying to setup a central IPSEC-Gateway with several ipsec tunnels. Some are to be routed over one leased line, some over the other leased line. Both leased lines have their own public ip adress. The setup looks kinda like this: eth1(ipsec0)--ISP0--Internet--eth1-Linux1-eth0--Subnet1 /

Hi, I have the following setup. Two linux systems with two [test] external interfaces encrypted with ipsec [transport]. Two gre tunnels that pass 10.200.0.0/24 and 10.200.1.0/24 network traffic. Testing the balanced tunnels I would setup iptraf on one and ping from the other. The results would be as expected; traffic would be split between the two interfaces. Testing with an ftp transfer of