similar to: multiple VPN zones

Tuomo Soini wrote: > You don''t happen to read shorewall-devel mailinglist ? I read it -- I just didn''t know what to make of your post and it arrived while I was on vacation. What exactly are you trying to accomplish that Shorewall isn''t doing for you now? e.g. /etc/shorewall/zones rw Roadwarriors Road Warriors /etc/shorewall/interfraces rw ipsec+

Folks I would like to have my windows 7 laptop communicate with my home server via a VPN, in such a way that it appears to be "inside" my home network. It should not only let me appear to be at home for any external query, but also let me access my computers inside my home. I already have this working using M$'s PPTP using my home Centos 6 gateway/router as the PoPToP server.

Hi, anybody successfully running win32 client with Cisco vpn client against ipsec-tools? I'm looking for elegantly running VPN road warrior solution. Scenarios are: - ipsec-tools with Cisco vpn client - pptpd with Windows XP native client - OpenVPN with OpenVPN Windows client - ??? Any hints? Thanks for reply. David Hrb??

Is there a "cookbook" for setting this up? There are examples for setting up a tunnel between two fixed-address networks (e.g. a remote LAN that needs to be "integrated" with a central LAN over IPSec but I can't find anything addressing the other situation -- remote user(s) where the connecting IPs are not known in advance, such as a person with a laptop or smartphone in a

Magnus Hyllander wrote: > > I guess what I''m wondering is, how does Shorewall (netfilter) know which > zone a certain road warrior belongs to? I''ve just completed getting dynamic zones working with ipsec again. A dynamic IPSEC zone is defined in /etc/shorewall/zones by following the short name (first column) with ":ipsec". The code is in CVS. There are a

I looked in the yum repositories for CentOS 7 and I noticed that there are no packages for any of the major open source IPSec VPN apps - Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan packages. What is the current consensus w.r.t. building an IPSec VPN "server" (concentrator, whatever) on CentOS 7, that will do site-to-site connections with Cisco hardware at

On 2015-04-14 11:25, Gordon Messmer wrote: > On 04/14/2015 11:07 AM, Florin Andrei wrote: >> I looked in the yum repositories for CentOS 7 and I noticed that there >> are no packages for any of the major open source IPSec VPN apps - >> Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan >> packages. > > libreswan replaced openswan, and is

I have previously set up an openvpn LAN to LAN bridging VPN so I know a little about what has to happen. The gateways on either ends were running older version of shorewall that did not support openvpn directly so I just basically opened ports for it and used bridging with tap interfaces. I am no longer using that vpn link to the other house but now that i''ve upgraded I would like

I sent the following to sunmanagers@sunmanagers.org and I'm also forwarding this to the samba list. I hope you can help: ------------- Begin Forwarded Message ------------- I have an emergency and am at the end of my resources and hope you can help. I'm a samba newbie and hope you can point me to an answer. Our Samba2.0.5 server is a Sun Enterprise 450 (Solaris 7). Our PDC is an NT

> Dear list, > > I have some data on a geneaology, here is a subset: > warmerge[1:11,c(1,6,25)] > Warrior SibID birth.year > 1100 3793 2013 1926 > 4 2013 2024 1934 > 1094 3769 2024 1918 > 632 2747 2037 1928 > 176 2083 2039 1944 > 187 2085 2039 1949 > 192 2086 2039 NA > 495

I am looking for the optimal VPN. Well it doens't have to be that elaborate. Just the best VPN. We currently have some customers using PPTP, some using openvpn, some using Cisco Any Connect and there are a few others. So my question is, if you have control of both ends (client and server) what is the best VPN to use? There are not too many requirements, but a big one is The VPN must return

https://bugzilla.netfilter.org/show_bug.cgi?id=1082 Bug ID: 1082 Summary: Hard lockup when inserting nft rules (esp. ct rule) Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: blocker Priority: P5 Component: kernel Assignee:

The version of Shorewall in the CVS development tree contains the first implementation of dynamic zones. While these zones are aimed at IPSEC Road Warriors, there is nothing ipsec-specific in the implementation except for a small extension in the tunnels file. There are two new commands: add and delete shorewall {add|delete} <interface>[:<host or subnet>] zone The interface

Hi, Problem: I want 2 vpn tunnels for 2 subnets over one interface ipsec0. Documentation only describes config for 1 vpn or road warriors. I defined 2 vpn zones ''fre'' and ''swe''. #ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local fre VPN_Fre VPN Fre swe VPN_Swe VPN Swe Interface ipsec0 is tunnel over eth1. Local is eth0. ipsec0 serves 2 zones: fre

Hello, Please excuse my (probably newbie) question, but: Since RouterOS, MikroTik's proprietary OS, is largely based on GNU/Linux, anyone knows a way to run tinc on a MikroTik device? This would be in order to make an (imposed, no choice given...) MikroTik device (say the B1100AHX4 router) to participate in a tinc mesh, in interoperation with GNU/Linux machines. Please see:

On 2015-04-14 11:44, Eero Volotinen wrote: > 2015-04-14 21:40 GMT+03:00 Florin Andrei <florin at andrei.myip.org>: >> >> http://serverfault.com/a/655752/24406 >> >> If that is accurate, the documentation, and the clustering / load >> balancing might tilt the balance in the direction of strongSwan. >> >> > Well, both packages can do ipsec to

I see support in shorewall for the KAME-tools, how about strongswan ? I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my vpn-gateway for the subnet behind it. # Shorewall version 3.4 - Zones File #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall fil ipsec mode=tunnel mss=1400 net ipv4

IPSec is not recommended solution nowdays. OpenVPN runs top of single udp or tcp port, so it usually works on strictly firewalled places like in hotels and so on. -- Eero 2016-04-04 23:18 GMT+03:00 Gordon Messmer <gordon.messmer at gmail.com>: > On 04/04/2016 10:57 AM, david wrote: > >> I have seen discussions of OpenVPN, OpenSwan, LibreVPN, StrongSwan (and >> probably

Hi, I'm using IPSEC in a multi-ISP configuration, lsm 0.131, Kernel 2.6.32, ipsec-tools 0.8.0 This worked fine with Shorewall/Shorewall-Lite 4.5.7. After updating Shorewall to 4.5.8 the routing of ESP packets doesn't work. If I change the Providers.pm file and add connmark => "! --mark 0/$mask" like before in Shorewall 4.5.7 than everything works fine. add_ijump

Hai Peter, Chipping in here. > > > Hi Rowland, > > You are right about firewall boxes. At least Cisco ASA is a terribly > (over) complicated device. People who are not Cisco pros should be > warned. Stay away, you will just waste your time, get frustrated, and > get sleepless nights. > > I don't blame the Cisco ASA here. In my case, I hadn't much