Displaying 20 results from an estimated 200 matches similar to: "What about FreeBSD? - KAME Project "ipcomp6_input()" Denial of Service"
2005 Oct 17
3
Problem with IPComp on VPN
I''ve created an IPSec VPN using shorewall and racoon-tool under Debian
3.1. I''m not using the patched iptables/kernel for policy match,
therefore I''m using the tunnels/hosts config method rather than the
ipsec config file method. I''m running the latest 2.6.13 kernel.
I have no problem getting my VPN connection up and running with one
exception. Without
2008 Sep 04
2
Compiling v6tun from KAME
I need vtun working over IPv6. The version from rpmforge does not seem
to support IPv6 (binds to 0.0.0.0:5000 if I specify binding to the
interface, and won't let me put in an IPv6 address for address binding).
So I was pointed to the KAME (which does not provide any FC/RHEL
support. The person who sent me there provided a makefile that he said
works on Linux, but did not work for me:
2007 Sep 20
2
OCF
Hi,
I am just new to the FreeBSD system and look forward to take active part in
contributing.
Can someone please guide where can I find OCF source code in FreeBSD and
also is there IKE implementation and OpenSWAN ?
Regards,
Raja
2003 Sep 11
2
FAST_IPSEC doesn't seem to honor net.key.prefered_oldsa=0
When using the FAST_IPSEC option in the kernel build, the sysctl
variable net.key.prefered_oldsa seems to make no difference. The
kernel always chooses an old SA. This problem can be easily
reproduced. Just wait till the soft limit of the SA is expired and do
a setkey -F on the remote and then ping through the tunnel. Because
the old SA's are preferred and the remote no longer has the old
2005 Apr 21
1
Fwd: (KAME-snap 9012) racoon in the kame project
FYI, looks like support for Racoon is ending. Does anyone have any
experience with the version in ipsec-tools ?
---Mike
>Racoon users,
>
>This is the announcement that the kame project will quit providing
>a key management daemon, the racoon, and that "ipsec-tools" will become
>the formal team to release the racoon.
>The final release of the racoon in the
2007 Jun 07
3
Wan optimizations with linux
Hi,
I''m researching for WAN optimizations with linux. My network is
composed for MPLS network connecting 200 branches against a central
site. I use Linux machines to provide security with IPSEC in the
branches and in the central site. Now I''m lookup for techniques for
optimization the link. My first ideas was use IPCOMP and proxy to
cache traffic of HTTP applications. Somebody
2008 Aug 25
1
Issue with: Sendmail, Dovecot and Sieve: -- TECRA_A9 --
sendmail -- Version 8.14.2
Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2
SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
dovecot-1.0.7 Secure and compact IMAP and POP3 servers
dovecot-sieve-1.0.2 A sieve plugin for the Dovecot LDA called 'deliver'
With focus on the
2008 Nov 14
3
FreeBSD 6.3 gre and traceroute
Stephen Clark wrote:
> Robert Noland wrote:
>> On Thu, 2008-11-13 at 07:48 -0500, Stephen Clark wrote:
>>> Julian Elischer wrote:
>>>> Stephen Clark wrote:
>>>>> Julian Elischer wrote:
>>>>>> you will need to define the setup and question better.
>>>> thanks.. cleaning it up a bit more...
>>>>
>>>>
2007 Apr 02
1
Stronger security with BSD Firewall and Freeradius
I've seen that is possible to use switch port blocking with freeradius
and cisco switches via 802.1X and EAP protocol. Here is more info:
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
What if I don't have switch that supports 802.1X or I want that blocking
is done by FreeBSD, not the switch. Because FreeBSD is the firewall or
gateway to some networks. Is there
2006 Jan 25
1
mpd and radius
Hi all:
I ahve some basic questions regarding the mpd.conf:
set radius retries 3
set radius timeout 3
set radius server 192.168.128.101 testing123 1812 1813
set radius me 1.1.1.1
set bundle enable radius-auth radius-fallback
Here my radius server is 192.168.128.101 and interanl
interface of this mpd server is 192.168.64.65
1) What is this "testing123"? is that key between
radius
2013 Jun 08
1
Multicast panic caused by elasticsearch
Hi,
I was experimenting with Logstash + elasticsearch on FreeBSD 9 - initially I downloaded it by hand (I forgot to check for a port) and it worked fine.
I then tried the port and this forced me to use a different java version (was jdk-16.0.3p4_25 now openjdk6-b27) and it seems that the new one causes a panic.
Unfortunately crashdumps aren't working properly, however I did get the panic
2004 Aug 18
6
Report of collision-generation with MD5
Just got a pointer to this via ACM "TechNews Alert" for today:
http://www.acm.org/technews/articles/2004-6/0818w.html#item2
Seems that "... French computer scientist Antoine Joux reported on
Aug. 12 his discovery of a flaw in the MD5 algorithm, which is often
used with digital signatures...."
There's more in the article cited above.
Peace,
david
--
David H. Wolfskill
2016 Aug 19
5
[Bug 2606] New: IPv6 bind address vs autoconfiguration privacy
https://bugzilla.mindrot.org/show_bug.cgi?id=2606
Bug ID: 2606
Summary: IPv6 bind address vs autoconfiguration privacy
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs
2011 Apr 01
0
on "BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload"
Hi,
as some IPSec users might be worried about the
"BSD derived RFC3173 IPComp encapsulation will expand arbitrarily
nested payload" from http://seclists.org/fulldisclosure/2011/Apr/0 ,
here's some braindump:
To be affected it's believed that you need to
1) manually compile in IPSEC (not done in GENERIC or the release),
2) have an entry for ipcomp in your security
2002 Mar 07
11
[Bug 146] OpenSSH 3.1p1 will not build on BSD/OS 4.2/4.1/4.01
http://bugzilla.mindrot.org/show_bug.cgi?id=146
------- Additional Comments From mouring at eviladmin.org 2002-03-08 07:38 -------
I just went through someone with this problem. And HAVE_BOGUS_SYS_QUEUE_H
worked for them. However you must have BOTH HAVE_SYS_QUEUE_H and
HAVE_BOGUS_SYS_QUEUE_H set.
As for INADDR_LOOPBACK. I'd like to know where on BSD/OS that is defined
so we can
2007 Apr 26
0
FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-07:03.ipv6 Security Advisory
The FreeBSD Project
Topic: IPv6 Routing Header 0 is dangerous
Category: core
Module: ipv6
Announced:
2004 Aug 13
6
sequences in the auth.log
Hi all,
I found similar sequences in the
/var/auth.log files of freebsd boxes, I supervise.:
Aug 13 13:56:08 www sshd[26091]: Illegal user test from 165.21.103.20
Aug 13 13:56:11 www sshd[26093]: Illegal user guest from 165.21.103.20
Aug 13 13:56:15 www sshd[26096]: Illegal user admin from 165.21.103.20
Aug 13 13:56:18 www sshd[26103]: Illegal user admin from 165.21.103.20
Aug 13 13:56:21 www
2012 Jun 12
0
FreeBSD Errata Notice FreeBSD-EN-12:02.ipv6refcount
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-EN-12:02.ipv6refcount Errata Notice
The FreeBSD Project
Topic: Reference count errors in IPv6 code
Category: core
Modules: sys_netinet sys_netinet6
2007 Apr 26
4
FreeBSD Security Advisory FreeBSD-SA-07:03.ipv6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-07:03.ipv6 Security Advisory
The FreeBSD Project
Topic: IPv6 Routing Header 0 is dangerous
Category: core
Module: ipv6
Announced:
2006 May 03
5
SNAT on IPSEC tunnel with kernel 2.6/KAME tools?
Hi,
Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey
on which I have one address on my side acting as an SNAT router for all
traffic from my network to a network segment on the far side.
my network --- my gateway ---------------------- remote network
10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22
All traffic starts on my side, so if I can