Displaying 20 results from an estimated 20000 matches similar to: "Setkey"
2004 Dec 22
0
QoS success with FC3 native 2.6 ipsec
I just wanted to drop a success notice to the list. We always hear the
failures, and rarely the successes! ;-)
After switching from FC1 and freeS/WAN ipsec to the new native linux 2.6
ipsec (ie: setkey-based) my QoS code suddenly started working properly!
Previously, with FC1 and freeS/WAN, I found it impossible and rather
buggy (kernel panics!) to get QoS to make any difference at all. My
2004 Sep 04
0
Ipsec and kernel 2.6.8
Hi all :-)
I have a problem with my current configuration of ipsec. I''m using ipsec with
kernel 2.6 and racoon. I have two computers linked by wireless cards. The first
(192.168.1.1 Zeus) is connected to internet through a DSL modem and the second
(192.168.1.2 Memphis) is accessing internet through the first. I want with
ipsec to encrypt all datas between the two computers.
I can
2004 Sep 24
2
strange behavior of ipsec tunnel mode
hello
i am trying to set up ipsec in my network, for now just between two hosts, using to use AH & ESP
in tunnel mode to get all of packet encrypted. keys are negotiated with racoon.
mayby using tunnel mode in this case can seems strange, but i know what i am doing.
after setting up everything i have done few tests with ping & tcpdump. but the results are very suprising.
bellow is what i
2004 Nov 15
1
IPSec tunnel
Hi!
I''m testing IPSec tunnels, having the following test schemma:
Host A - eth0: 192.168.1.67
eth1: 192.168.10.1
Host B - eth0: 192.168.1.254
eth1: 192.168.20.1
I''ve succesfully configured an IPSec tunnel in order to safely
communicate from 192.168.10.0/24 (which is obviously behind Host A), and
192.168.20.0/24 (obviously behind Host B)
In this test
2006 May 31
0
IPSec tunnels and routing: strange behaviour
Hello,
My name is Fermín Galán and I''m currently working with IPSec tunnels.
Recently, I was setting a IPSec tunnelling sample scenario (maybe the
simplest one :), where I observed some strange behaviour that I like to
describe in the list, just in the case somebody knows what can be the cause,
please.
The scenario involves four hosts configured in the following way:
2007 Mar 05
1
File exists?
Hello,
I''m trying to put 3 nodes in a vpn in tunnel mode.
When I run setkey on the following file, I end up with
The result of line 33: File exists.
That error isn''t overly helpful, so I was hoping that someone could explain
the issue.
Here''s the file, with line 33 highlighted.
Help appreciated.
Mike
# Flush the SAD and SPD
flush;
spdflush;
# Add SA for
2006 May 03
5
SNAT on IPSEC tunnel with kernel 2.6/KAME tools?
Hi,
Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey
on which I have one address on my side acting as an SNAT router for all
traffic from my network to a network segment on the far side.
my network --- my gateway ---------------------- remote network
10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22
All traffic starts on my side, so if I can
2005 Apr 27
5
26sec kame ipsec tunnel : packets leave unencrypted...
Hi everyone,
First of all, this is my first post in this ML, so I''m not sure that this
is the right place for my question (please don''t shoot me down ;)). For
the record, I''ve been reading and using LARTC for almost 3 years now, and
it''s a great help for anyone who wants to learn linux networking.
My problem:
I want to setup a tunnel for the following
2007 May 04
1
Multiple SA in the same IPSec tunnel
Hi,
When a IPSec tunnel is established between two peers, I understand that the
"normal" situation is to have in a given moment two SAs, one for each
direction of the tunnel.
However, in one of my tunnels (peer P1 running GNU/Linux with setkey and
racoon; peer P2 is a Cisco router) there is a large number (around 19) of
SAs established (this has been observed in P1 with
2006 May 26
0
IPSEC - tcp port match
Hello.
I try to configure IPSEC to bybass ssh protocol. For example:
setkey -FP
setkey -F
setkey -c << EOF
spdadd 10.1.1.1/32 10.6.10.50[22] tcp -P in none ;
spdadd 10.1.1.1/32 10.6.10.50 tcp -P in ipsec ah/transport//require ;
EOF
(Pass incoming ssh packets to 10.6.10.50, block other tcp packets)
This works under fresh 7-CURRENT(FAST_IPSEC). On fresh 6-STABLE (neither
FAST_IPSEC nor
2005 Jun 22
0
RE: Q: Routing the Same IP simultaneously on differentcomputers ?
Hi,
First, never compare a linux box with a cheap and dumb broadband router.
I''m not sure if i understand very well your scenario but I asume is like
this:
192.168.0.1---------
-----------| ipsec |
| ---------
128.X.X.X --------- 192.168.0.254 |
ISP ----------| linux |------------------|
--------- | ---------
2002 Nov 13
0
Automatic keying IPSEC!
Lots of updates to the IPSEC documentation on http://lartc.org/howto/lartc.ipsec.html
The page lists 4 patches which should be applied to 2.5.47 and 1 patch to be
applied to the kame racoon Internet Key Exchange daemon. If these are all
applied, everything I throw at it works, modulo some annoying logmessages.
Especially new & cool is
http://lartc.org/howto/lartc.ipsec.automatic.keying.html
2004 Oct 22
0
IPSec tunnel mode with IKE daemon
Hi all.
The IPSec part of the LARTC howto is great, but I''ve hit a problem in
7.3. IPSEC tunnels. The example given is for manual keying:
add 10.0.0.216 10.0.0.11 esp 34501
-m tunnel
-E 3des-cbc "123456789012123456789012";
How does one setup "tunnel mode" using racoon?
Trying to setup an ipsec tunnel between two subnets: 10.10.42.0/24 and
10.1.1.0/24 using a
2005 Jul 01
1
Problem with IPSec tunnel, using IPv6 addresses, between Two FreeBSD systems.....
Hi All,
I need to establish an IPSec tunnel between two
FreeBSD systems, using IPv6 addresses.The connetcion
is
host-to-host between two FreeBSD( RELEASE 4.11)
systems with KAME IPSec implementation.
I tried to establish the connection, but it has some
problems which are explained below.
|----------------->|
host1-[mohan]| |host2-[ram]
2003 Mar 14
5
ipsec for linux 2.4 eventually made easy?!
hi there,
I just wanted to share a recent discovery I did on how to setup a secure
VPN implementation for linux 2.4.x (I''m using 2.4.20 but it should be
working, as far as documentation states, for > 2.4.18) without using
FreeS/WAN.
The tool (ipsec_tunnel: http://ringstrom.mine.nu/ipsec_tunnel/, by
Tobias Ringström) is a kernel module based on ipip and ip_gre. It uses
CyptoAPI to
2003 May 15
2
FW: iHEADS UP: ipsec packet filtering change
> -----Original Message-----
> From: Greg Panula [mailto:greg.panula@dolaninformation.com]
> Sent: 12 May 2003 11:10
> To: Matthew Braithwaite
> Cc: stable@freebsd.org
> Subject: Re: iHEADS UP: ipsec packet filtering change
>
> You don't really need the gif tunnels for ipsec. Gif is more geared
> towards ipv4 <=> ipv6 type tunnels. A few of ipsec
2005 Jun 30
1
Problem with IPSec tunnel, using IPv6 addresses, between Two FreeBSD systems...?
Hi All,
I need to establish an IPSec tunnel between two
FreeBSD systems using IPv6 addresses.The connetcion is
host-to-host between two FreeBSD( RELEASE 4.11)
systems with KAME IPSec implementation.
|----------------->|
host1-[mohan]| |host2-[ram]
|<-----------------|
host1 IPv6 address : fe80::2b0:d0ff:fe6f:dfa0
host2 IPv6 address :
2003 Jan 19
1
TC + IPsec and a Newbie
Hi there,
I am just starting out with the TC and iproute2 tools. I have given Bert
Hubert''s Linux Advanced Routing And Traffic Control Howto a couple of reads
but know I don''t have a full grasp of concepts yet.
My immediate need is to make sure ipsec traffic between two linux
firewall/routers is given the greatest priority over all other traffic.
In more detail I have
2004 Nov 15
0
IPSec ''require'' not being enforced.
Hi,
I''m not sure this is the right list for this type of question... as
IPSec isn''t exactly routing. If someone can point me to a dedicated
IPSec list (for the 2.6 implementation) i''d be very grateful :)
Onto the actual problem...
I''m going to be using IPSec to secure a wireless access point. So far,
in my experimentation, i have the tunnel from
2004 Sep 17
2
interesting expert problem - shaping over VPN
Here''s a challenging problem for you experts to tackle:
I''m trying to shape traffic going into an IPSEC interface which then goes
over a DSL PPPoE interface. I figure I need to shape the DSL interface to
keep it''s hardware queue mostly empty, and to