similar to: IPSEC-2.6 Roadwarrior

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > I am using kernel 2.6.6 native ipsec with racoon and shorewall 2.1.9 > in production for one week now. I just want to tell you that it seems > to run stable here. > > I am going to extend my setup to a 3 gateway setup soon. > Afterwards I will try to also get roadwarriors in. > I will report on that

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As I announced earlier, I''m on vacation this week and we are spending the week at our second home. Before I left, I simulated an IPSEC tunnel between this house and our home in the Seattle area and I''m pleased to announce that the real tunnel works flawlessly. So I believe that I have done all of the testing that I can on the new

While I have concentrated on support for 2.6 native IPSEC in release 2.2.0, I am still of the opinion that unless you absolutely need IPSEC compatibility that OpenVPN is a much easier (and in the case of roadwarriors, a much better) solution. Having already generated all of the required X.509 certificates, it took me less than 1/2 hr to replace my IPSEC testbed with an OpenVPN one using the new

Hi all, I am trying to establish a vpn tunnel between one CentOS5 IPSec server and a roadwarrior client, CentOS5 too. Roadwarrior use ipsec-tools version 0.6.5-8 (that comes with CentOS5) and server uses version 0.7 (downloaded from ipsec-tools website). My server configuration is: path include "/etc/racoon"; path certificate "/etc/racoon/certs"; path pre_shared_key

Sorry Dag, it is possible to use linux as a roadwarrior client: http://www.fw-1.de/aerasec/ng/vpn-racoon/CP-VPN1-NG-Linux-racoon-roadwarrior.html -------- Original Message -------- Subject: Re: [CentOS] Connecting CentOS to IPSEC VPN (Checkpoint FW1) Date: Mon, 21 Aug 2006 15:20:55 +0200 From: carlopmart <carlopmart at gmail.com> To: CentOS mailing list <centos at centos.org>

Buf ... Solved. Problem was that /etc/pam.d/racoon doesn't exists (I found this tip on NetBSD ipsec pages). Simply I have copied /etc/pam.d/passwd to /etc/pam.d/racoon and now all works as expected. Many thanks for your help Ross. Ross S. W. Walker wrote: > > I think it might just use another one like /etc/pam.d/remote > cause I audited the package and it wasn't there.

Hello, i have got a problem with the configuration of an roadwarrior ipsec VPN tunnel with shorewall 2.2.3. I read the Shorewall Kernel 2.6 IPSEC and folowed the instructions to that point where to modify the hosts with the folowing parameters: vpn eth0:0.0.0.0/0 ipsec But i have got an entry like net eth0:0.0.0.0/0 even in the same file: If i

Hello everyone, I''m not sure whether to place my question here or in the racoon mailing list or even in that of iptables. I have created an ipsec connection with racoon in tunnel mode to another gateway to connect one subnet on each side to each other. This works fine. Only the ipsec gateway itself can''t send packages to the opposite subnet. Shorewall is configured according

Tom, After reading your latest postings, I am correct in understanding that, even with the netfilter-ipsec and policy patches in kernel 2.6, I still would not be able to connect more that one roadwarrior at a time? Mitch

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC1 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC1 Problems Corrected: 1. The syntax of the add and delete command has been clarified in the help summary produced by /sbin/shorewall. New Features: 1. TCP OpenVPN tunnels are now supported using the ''openvpn'' tunnel type. OpenVPN

A merged patch usable on 2.6.10 has been placed in: http://shorewall.net/pub/shorewall/contrib/IPSEC/ipsec-nat-2.6.10.patch ftp://shorewall.net/pub/shorewall/contrib/IPSEC/ipsec-nat-2.6.10.patch This patch was posted today on the Netfilter Development list -- I have not tested it. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net

I am engaged in a discussion on the Netfilter development list about Netfilter and IPSEC in the 2.6 kernels. There is uniform agreement that the current implementation is unacceptable and a design for an improved facility is emerging. Until that design is implemented and available, I will not be doing anything more in Shorewall to accommodate the current implementation. -Tom -- Tom Eastep

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello! > > > Machine A > WAN IP: 123.123.123.111 > LAN IP: 192.168.177.1 > > > Machine A wants to connect through an IPsec tunnel to 192.168.176.2 tcp 110 (pop3). > > kernel: Shorewall:all2all:REJECT: > IN= OUT=ppp0 SRC=123.123.123.111 DST=192.168.176.2 > LEN=60 TOS=0x10

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > > #--- file: policy --- > #vpn policies: > loc vpn ACCEPT info > fw vpn ACCEPT info > vpn loc ACCEPT info > vpn fw ACCEPT info > > net

>From your post on Oct. 4, 2004 >As I announced earlier, I''m on vacation this week and we are spending >the week at our second home. Before I left, I simulated an IPSEC tunnel >between this house and our home in the Seattle area and I''m pleased to >announce that the real tunnel works flawlessly. > >So I believe that I have done all of the testing that I can

The patches may be found at: http://shorewall.net/pub/shorewall/contrib/IPSEC ftp://shorewall.net/pub/shorewall/contrib/IPSEC I found these patches on the netfilter-devel list and make no warranties as to how well they work (or not). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP

Hi all, Somebody can explains me how can I configure ipsec-tools package to use private virtual ip address as an openswan does or some doc/howto about it?? I have seen this howto, but doesn't works for me: http://www.howtoforge.com/racoon_roadwarrior_vpn Many thanks. -- CL Martinez carlopmart {at} gmail {d0t} com

I set up an ipsec/racoon vpn tunnel test environment. The gateway machines are 192.168.0.30 and 192.168.0.31 on the external adaptor and 10.0.1.1 and 10.0.2.1 internally. The test workstations are 10.0.1.10 and 10.0.2.10. The tunnel seems to be working as in 10.0.1.10 can talk to 10.0.2.10 an vice versa and they can both use the net via NAT, however 192.168.0.30 and 192.168.0.31 cannot directly

I've just wrote a lenghty email on Fedora ML as reply to Phillip who seems to be in the same trouble as myself... Found that while searching all mailing list archives and bugzillas I could think off (not really successfully, many people with same problems, no answers other than "works for me" -- glad to hear it works for somebody else, but it would be nice if he/she was a bit