Displaying 20 results from an estimated 300 matches similar to: "What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service"
2008 Sep 04
2
Compiling v6tun from KAME
I need vtun working over IPv6. The version from rpmforge does not seem
to support IPv6 (binds to 0.0.0.0:5000 if I specify binding to the
interface, and won't let me put in an IPv6 address for address binding).
So I was pointed to the KAME (which does not provide any FC/RHEL
support. The person who sent me there provided a makefile that he said
works on Linux, but did not work for me:
2003 Sep 11
2
FAST_IPSEC doesn't seem to honor net.key.prefered_oldsa=0
When using the FAST_IPSEC option in the kernel build, the sysctl
variable net.key.prefered_oldsa seems to make no difference. The
kernel always chooses an old SA. This problem can be easily
reproduced. Just wait till the soft limit of the SA is expired and do
a setkey -F on the remote and then ping through the tunnel. Because
the old SA's are preferred and the remote no longer has the old
2005 Oct 17
3
Problem with IPComp on VPN
I''ve created an IPSec VPN using shorewall and racoon-tool under Debian
3.1. I''m not using the patched iptables/kernel for policy match,
therefore I''m using the tunnels/hosts config method rather than the
ipsec config file method. I''m running the latest 2.6.13 kernel.
I have no problem getting my VPN connection up and running with one
exception. Without
2005 Apr 21
1
Fwd: (KAME-snap 9012) racoon in the kame project
FYI, looks like support for Racoon is ending. Does anyone have any
experience with the version in ipsec-tools ?
---Mike
>Racoon users,
>
>This is the announcement that the kame project will quit providing
>a key management daemon, the racoon, and that "ipsec-tools" will become
>the formal team to release the racoon.
>The final release of the racoon in the
2007 Sep 20
2
OCF
Hi,
I am just new to the FreeBSD system and look forward to take active part in
contributing.
Can someone please guide where can I find OCF source code in FreeBSD and
also is there IKE implementation and OpenSWAN ?
Regards,
Raja
2007 Jun 07
3
Wan optimizations with linux
Hi,
I''m researching for WAN optimizations with linux. My network is
composed for MPLS network connecting 200 branches against a central
site. I use Linux machines to provide security with IPSEC in the
branches and in the central site. Now I''m lookup for techniques for
optimization the link. My first ideas was use IPCOMP and proxy to
cache traffic of HTTP applications. Somebody
2008 Aug 25
1
Issue with: Sendmail, Dovecot and Sieve: -- TECRA_A9 --
sendmail -- Version 8.14.2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
dovecot-1.0.7 Secure and compact IMAP and POP3 servers
dovecot-sieve-1.0.2 A sieve plugin for the Dovecot LDA called 'deliver'
With focus on the
2008 Nov 14
3
FreeBSD 6.3 gre and traceroute
Stephen Clark wrote:
> Robert Noland wrote:
>> On Thu, 2008-11-13 at 07:48 -0500, Stephen Clark wrote:
>>> Julian Elischer wrote:
>>>> Stephen Clark wrote:
>>>>> Julian Elischer wrote:
>>>>>> you will need to define the setup and question better.
>>>> thanks.. cleaning it up a bit more...
>>>>
>>>>
2007 Apr 02
1
Stronger security with BSD Firewall and Freeradius
I've seen that is possible to use switch port blocking with freeradius
and cisco switches via 802.1X and EAP protocol. Here is more info:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
What if I don't have switch that supports 802.1X or I want that blocking
is done by FreeBSD, not the switch. Because FreeBSD is the firewall or
gateway to some networks. Is there
2006 Jan 25
1
mpd and radius
Hi all:
I ahve some basic questions regarding the mpd.conf:
set radius retries 3
set radius timeout 3
set radius server 192.168.128.101 testing123 1812 1813
set radius me 1.1.1.1
set bundle enable radius-auth radius-fallback
Here my radius server is 192.168.128.101 and interanl
interface of this mpd server is 192.168.64.65
1) What is this "testing123"? is that key between
radius
2011 Apr 01
0
on "BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload"
Hi,
as some IPSec users might be worried about the
"BSD derived RFC3173 IPComp encapsulation will expand arbitrarily
nested payload" from http://seclists.org/fulldisclosure/2011/Apr/0 ,
here's some braindump:
To be affected it's believed that you need to
1) manually compile in IPSEC (not done in GENERIC or the release),
2) have an entry for ipcomp in your security
2001 Aug 13
5
rsync ipv6 patch merge?
On 13 Aug 2001, "William F. Maton" <wmaton@ryouko.dgim.crc.ca> wrote:
> On 13 Aug 2001, Heikki Vatiainen wrote:
>
> > The rsync daemon we use is plain 2.4.6 patched with KAME rsync patch
> > rsync-246-v6-20000907.diff.gz [1]. It looks like there is a good
> > possibility to get IPv6 merged in, since just today a rsync developer
> > was asking if
2013 Jun 08
1
Multicast panic caused by elasticsearch
Hi,
I was experimenting with Logstash + elasticsearch on FreeBSD 9 - initially I downloaded it by hand (I forgot to check for a port) and it worked fine.
I then tried the port and this forced me to use a different java version (was jdk-16.0.3p4_25 now openjdk6-b27) and it seems that the new one causes a panic.
Unfortunately crashdumps aren't working properly, however I did get the panic
2004 Aug 18
6
Report of collision-generation with MD5
Just got a pointer to this via ACM "TechNews Alert" for today:
http://www.acm.org/technews/articles/2004-6/0818w.html#item2
Seems that "... French computer scientist Antoine Joux reported on
Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often
used with digital signatures...."
There's more in the article cited above.
Peace,
david
--
David H. Wolfskill
2004 Apr 07
0
Note to Racoon users (IKE/ISAKMP daemon)
As was accidently posted here earlier by Ralf :-), you should be aware
of this issue:
http://vuxml.freebsd.org/d8769838-8814-11d8-90d1-0020ed76ef5a.html
racoon fails to verify signature during Phase 1
Affected packages
racoon < 20040407b
Details
VuXML ID d8769838-8814-11d8-90d1-0020ed76ef5a
Discovery 2004-04-05
Entry 2004-04-07
Ralf Spenneberg discovered a serious
2016 Aug 19
5
[Bug 2606] New: IPv6 bind address vs autoconfiguration privacy
https://bugzilla.mindrot.org/show_bug.cgi?id=2606
Bug ID: 2606
Summary: IPv6 bind address vs autoconfiguration privacy
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs
2013 Mar 04
6
Centos6 ipsec troubles
Hello,
it looks like the usual way to do ipsec on centos5 won't work anymore on
centos6
I installed ipsec-tools but an interface type IPsec is not recognized by
the kernel
ifup ipsec0
Device does not seem to be present, delaying initialization.
I am not planning to use the awful OpenSwan, I Want to sue the Kame
implementation which was working fine on CentOS5
any hints ?
thank you
2004 Jan 13
3
IPSEC btwn stable and Linksys BEFVP41 stopped working.
Hi,
I have been using IPsec to communicate between a laptop that tracks
-stable and a Linksys BEFVP41 router.
I only use it infrequently, but it's been working great. My setup is
as described in http://grapeape.alerce.com/linksys-ipsec/article.html
(which I am planning to submit to the handbook when it's done).
I'm no longer able to make an ipsec connection, and I can't put my
2003 Jul 28
10
IPSec
Hi All,
I need to configure a VPN between a FreeBSD-4.8 box and
a Linux (FreeS/WAN) box.
In the Linux side, the network administrator installed FreeS/WAN
with RSA authentication without IKE support.
Does anybody knows if is possible to make my FreeBSD box
connect a VPN with the Linux box?
If so, could point me to a documentation about how to install
IPSec with RSA authentication and how to make
2002 Mar 07
11
[Bug 146] OpenSSH 3.1p1 will not build on BSD/OS 4.2/4.1/4.01
http://bugzilla.mindrot.org/show_bug.cgi?id=146
------- Additional Comments From mouring at eviladmin.org 2002-03-08 07:38 -------
I just went through someone with this problem. And HAVE_BOGUS_SYS_QUEUE_H
worked for them. However you must have BOTH HAVE_SYS_QUEUE_H and
HAVE_BOGUS_SYS_QUEUE_H set.
As for INADDR_LOOPBACK. I'd like to know where on BSD/OS that is defined
so we can