similar to: openswan and ipsec

Hi, I have setup a IPSEC VPN using Openswan to connect a Draytek router to a CentOS 5.2/Shorewall 4.2.9 firewall. The VPN establishes OK but I''m getting a problem with packets from the left hand subnet getting masqueraded rather than routed down the IPSEC VPN as though they were going out onto the net. I''ve spent the last day searching Google and so far I''ve hit a

Hi List, Is there easy way to get klips ipsec stack into centos 6? As it makes firewalling ipsec traffic much easier.. Eero

Hi, I want to connect to a Cisco Pix using ipsec. In RH9 I was able to compile openswan 2.4.0 and use it, but in Centos 3.7 I can apply the openswan klips patch. I noted that the centos 3.7 kernel has a ipsec patch from redhat, does this NETKEY patch works with openswan? What ipsec solution do I have in centos 3.7? Should I use another kernel? many thanks Oliver -- Oliver Schulze L.

Hello everybody. I would like to do some kind of shaping inside an ipsec tunnel implemented by Openswan and linux 2.6.18.x with xfrm (no KLIPS): for example, to limit outbound smtp traffic inside the tunnel. Question: where should I attach the qdisc to? Eth0? I''m asking this, because tcpdump only see the ESP packet on the eth0 and not the ''clear'' packet. TIA This is my

Does anyone else noticed problems after updating openswan to openswan-2.6.32-27.2.el6_5.i686 ? In our case a connection to Cisco VPN 3000 Series would no longer work. I can see in the log an ASSERTION FAILED error and the connection would remain in Pending phase 2. Mar 7 16:24:40 firewall pluto[7647]: "ciscovpntest" #2: discarding duplicate packet; already STATE_MAIN_I1 Mar 7

Hello, I'm trying to get Openswan running in a CentOS 4.3 environment. I want to modify as little as possible so that the machine can be kept up to date easily. I'd rather not compile a special kernel, but if that's the only solution, no problem (I don't need NAT traversal). It's running kernel 2.6.9-34.0.2.EL. Installed the kerneldevel RPM (and kernel src rpm as well). I

Hi all, I am running CentOS 5.3 under xen on a VPS machine (so I have a limited control on the machine) I am playing with openswan and KLIPS and I need to build the ipsec.ko kernel module. I would need to download kernel source but I am really confused about what source I have to get. uname -r tells: 2.6.18-128.7.1.el5xen ls /lib/modules tells: ls /lib/modules 2.6.18-128.7.1.el5xen

When using the FAST_IPSEC option in the kernel build, the sysctl variable net.key.prefered_oldsa seems to make no difference. The kernel always chooses an old SA. This problem can be easily reproduced. Just wait till the soft limit of the SA is expired and do a setkey -F on the remote and then ping through the tunnel. Because the old SA's are preferred and the remote no longer has the old

I''m just looking for a quick sanity check to make sure what I''m finding is really all necessary here. I''m upgrading a gateway/firewall from Linux 2.4 to 2.6 using Mandrake 10.1. In the old 2.4 kernel I structured my firewall rules around the ipsec0 interface, which I understand isn''t present with Openswan running under 2.6 (no KLIPS). Ok, So as I start to

Hello everybody, I have a two interface setup (with ipsec VPN) on my firewall which is working perfectly. I have upgraded every release of shorewall since 2.0.9 with no problems at all. Now I''m trying to upgrade from 2.0.13 to 2.0.14, when I perform a service shorewall restart I get this error: --------------------------------------- .... Processing

Hello Lartc Mailing List: Been working on something the last week and a half and ALMOST have it working.., just need a few pointers from the wizards on this mailing list to nail it. Ok, my setup is a hub and spoke arrangement, hub is Cisco 2821 with IOS 12.4. Spokes are ruggencom RX1000 routers, Debian based with the following versions installed: rx1000test:~# uname -a Linux rx1000test

Hi, Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey on which I have one address on my side acting as an SNAT router for all traffic from my network to a network segment on the far side. my network --- my gateway ---------------------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can

Hello, I use Julian Anastasov ''routes'' (to be more specific: static_routes, alt_routes and nf_reroute) patches on a 2.4.32 kernel. On the same host I run IPSec. I have discovered after a few hours of networking problems that, when IPSec is enabled on that patched kernel, inspecting packets with tcpdump while arping-ing a host from a network physically connected to this

With xen-2.0.7 and a self configured 2.4.30 Kernel (+KLIPS from strongswan) I get error messages; i have never seen before. Can anyone tell me, what ERROR: no hit for procs_running^M ERROR: no hit for procs_blocked^M means? ^Msd(8,1):Using r5 hash to sort names ^MVFS: Mounted root (reiserfs filesystem) readonly. ^MFreeing unused kernel memory: 120k freed ^M^MINIT: version 2.85 booting^M^M

Friends, I'm having severe problems with zaptel timers on Intel Dual Core systems with SMP code enabled. Ztdummy, zaptel connected to Digium TDM or PRI cards - all ends up with large timer probems - zttest going down to 50% accuracy on some systems, even to -1 on ztdummy systems and voice quality is no more. A restart is the only way to get back to a working system. We're only

Hello I am trying to run Combine Z5 under wine (my version is 0.9.4) and have several probems has anyone succeeded in running this very useful program for macrophotography ? http://www.hadleyweb.pwp.blueyonder.co.uk/CZ5/combinez5.htm Thanks Fungi

Hello NG, I am using Wine 20011108 (Debian Woody) and the most important programs are running fine with it. I configured Wine with the winesetup-tool. In general sound is running (e.g. with Winamp). And of course, sound runs with Linux (KDE). But some programs seems to have some probems. I am running a birthday reminder, which gives an notification sound in case of a birthday. But this does

Please can someone help me with the following two error messages: Error 1. I have loaded the Zaptel dirvers and everything is ok with ztcfg. I have configured Zapata.conf and everthing looks good but it apears the Zap channels dont load when starting Asterisk. When I make a call to one of the fxs port I get the following error message. -- Executing Dial("SIP/39-b204",

Hi, I have what to me is an interesting issue. I am wanting to prioritize (QoS) traffic that will be passing through an IPSec (OpenS/WAN) VPN between two (identical) Linux routers. I know that I can apply the IPSec patches (1-4) to the kernel and IPTables (if they are not already applied by now) filter traffic before and after IPSec encapsulation. My problem is that I don''t know

[I have abbreviated the subject as jitterbug has been having probems with long subjects.] The issue here is that one cannot mix log/non-log axes in the calls to screen(), as the appropriate par() parameter is read-only, but the meaning of yaxp depends on it. But beyond that you can't set x/yaxp for log axes. You should be able to do this: you can in the S original. A simpler version: plot