similar to: What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service

I need vtun working over IPv6. The version from rpmforge does not seem to support IPv6 (binds to 0.0.0.0:5000 if I specify binding to the interface, and won't let me put in an IPv6 address for address binding). So I was pointed to the KAME (which does not provide any FC/RHEL support. The person who sent me there provided a makefile that he said works on Linux, but did not work for me:

When using the FAST_IPSEC option in the kernel build, the sysctl variable net.key.prefered_oldsa seems to make no difference. The kernel always chooses an old SA. This problem can be easily reproduced. Just wait till the soft limit of the SA is expired and do a setkey -F on the remote and then ping through the tunnel. Because the old SA's are preferred and the remote no longer has the old

I''ve created an IPSec VPN using shorewall and racoon-tool under Debian 3.1. I''m not using the patched iptables/kernel for policy match, therefore I''m using the tunnels/hosts config method rather than the ipsec config file method. I''m running the latest 2.6.13 kernel. I have no problem getting my VPN connection up and running with one exception. Without

FYI, looks like support for Racoon is ending. Does anyone have any experience with the version in ipsec-tools ? ---Mike >Racoon users, > >This is the announcement that the kame project will quit providing >a key management daemon, the racoon, and that "ipsec-tools" will become >the formal team to release the racoon. >The final release of the racoon in the

Hi, I am just new to the FreeBSD system and look forward to take active part in contributing. Can someone please guide where can I find OCF source code in FreeBSD and also is there IKE implementation and OpenSWAN ? Regards, Raja

Hi, I''m researching for WAN optimizations with linux. My network is composed for MPLS network connecting 200 branches against a central site. I use Linux machines to provide security with IPSEC in the branches and in the central site. Now I''m lookup for techniques for optimization the link. My first ideas was use IPCOMP and proxy to cache traffic of HTTP applications. Somebody

sendmail -- Version 8.14.2 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG dovecot-1.0.7 Secure and compact IMAP and POP3 servers dovecot-sieve-1.0.2 A sieve plugin for the Dovecot LDA called 'deliver' With focus on the

Stephen Clark wrote: > Robert Noland wrote: >> On Thu, 2008-11-13 at 07:48 -0500, Stephen Clark wrote: >>> Julian Elischer wrote: >>>> Stephen Clark wrote: >>>>> Julian Elischer wrote: >>>>>> you will need to define the setup and question better. >>>> thanks.. cleaning it up a bit more... >>>> >>>>

I've seen that is possible to use switch port blocking with freeradius and cisco switches via 802.1X and EAP protocol. Here is more info: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO What if I don't have switch that supports 802.1X or I want that blocking is done by FreeBSD, not the switch. Because FreeBSD is the firewall or gateway to some networks. Is there

Hi all: I ahve some basic questions regarding the mpd.conf: set radius retries 3 set radius timeout 3 set radius server 192.168.128.101 testing123 1812 1813 set radius me 1.1.1.1 set bundle enable radius-auth radius-fallback Here my radius server is 192.168.128.101 and interanl interface of this mpd server is 192.168.64.65 1) What is this "testing123"? is that key between radius

Hi, as some IPSec users might be worried about the "BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload" from http://seclists.org/fulldisclosure/2011/Apr/0 , here's some braindump: To be affected it's believed that you need to 1) manually compile in IPSEC (not done in GENERIC or the release), 2) have an entry for ipcomp in your security

On 13 Aug 2001, "William F. Maton" <wmaton@ryouko.dgim.crc.ca> wrote: > On 13 Aug 2001, Heikki Vatiainen wrote: > > > The rsync daemon we use is plain 2.4.6 patched with KAME rsync patch > > rsync-246-v6-20000907.diff.gz [1]. It looks like there is a good > > possibility to get IPv6 merged in, since just today a rsync developer > > was asking if

Hi, I was experimenting with Logstash + elasticsearch on FreeBSD 9 - initially I downloaded it by hand (I forgot to check for a port) and it worked fine. I then tried the port and this forced me to use a different java version (was jdk-16.0.3p4_25 now openjdk6-b27) and it seems that the new one causes a panic. Unfortunately crashdumps aren't working properly, however I did get the panic

Just got a pointer to this via ACM "TechNews Alert" for today: http://www.acm.org/technews/articles/2004-6/0818w.html#item2 Seems that "... French computer scientist Antoine Joux reported on Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often used with digital signatures...." There's more in the article cited above. Peace, david -- David H. Wolfskill

As was accidently posted here earlier by Ralf :-), you should be aware of this issue: http://vuxml.freebsd.org/d8769838-8814-11d8-90d1-0020ed76ef5a.html racoon fails to verify signature during Phase 1 Affected packages racoon < 20040407b Details VuXML ID d8769838-8814-11d8-90d1-0020ed76ef5a Discovery 2004-04-05 Entry 2004-04-07 Ralf Spenneberg discovered a serious

https://bugzilla.mindrot.org/show_bug.cgi?id=2606 Bug ID: 2606 Summary: IPv6 bind address vs autoconfiguration privacy Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs

Hello, it looks like the usual way to do ipsec on centos5 won't work anymore on centos6 I installed ipsec-tools but an interface type IPsec is not recognized by the kernel ifup ipsec0 Device does not seem to be present, delaying initialization. I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5 any hints ? thank you

Hi, I have been using IPsec to communicate between a laptop that tracks -stable and a Linksys BEFVP41 router. I only use it infrequently, but it's been working great. My setup is as described in http://grapeape.alerce.com/linksys-ipsec/article.html (which I am planning to submit to the handbook when it's done). I'm no longer able to make an ipsec connection, and I can't put my

Hi All, I need to configure a VPN between a FreeBSD-4.8 box and a Linux (FreeS/WAN) box. In the Linux side, the network administrator installed FreeS/WAN with RSA authentication without IKE support. Does anybody knows if is possible to make my FreeBSD box connect a VPN with the Linux box? If so, could point me to a documentation about how to install IPSec with RSA authentication and how to make

http://bugzilla.mindrot.org/show_bug.cgi?id=146 ------- Additional Comments From mouring at eviladmin.org 2002-03-08 07:38 ------- I just went through someone with this problem. And HAVE_BOGUS_SYS_QUEUE_H worked for them. However you must have BOTH HAVE_SYS_QUEUE_H and HAVE_BOGUS_SYS_QUEUE_H set. As for INADDR_LOOPBACK. I'd like to know where on BSD/OS that is defined so we can