Displaying 20 results from an estimated 6000 matches similar to: "Bug: New IPSEC support in 2.1.3"
2004 Oct 04
0
2.6 Kernel and Native IPSEC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As I announced earlier, I''m on vacation this week and we are spending
the week at our second home. Before I left, I simulated an IPSEC tunnel
between this house and our home in the Seattle area and I''m pleased to
announce that the real tunnel works flawlessly.
So I believe that I have done all of the testing that I can on the new
2004 Oct 06
1
Re: VPN/ipsec naming of interfaces
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> Hello!
>
>
> Machine A
> WAN IP: 123.123.123.111
> LAN IP: 192.168.177.1
>
>
> Machine A wants to connect through an IPsec tunnel to 192.168.176.2
tcp 110 (pop3).
>
> kernel: Shorewall:all2all:REJECT:
> IN= OUT=ppp0 SRC=123.123.123.111 DST=192.168.176.2
> LEN=60 TOS=0x10
2004 Oct 08
2
ipsec policy problem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> Hello,
>
>
>
> #--- file: policy ---
> #vpn policies:
> loc vpn ACCEPT info
> fw vpn ACCEPT info
> vpn loc ACCEPT info
> vpn fw ACCEPT info
>
> net
2004 Aug 07
1
Shorewall 2.1.3
http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.3
ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.3
This version includes my first cut at IPSEC support for 2.6 Kernels with
the new policy match facility. That facility must be installed using
patch-o-matic-ng as described on the Netfilter site. I''m anticipating
that the facility will be part of standard kernels by the time
2004 Sep 23
0
Fwd: RE: 2.6 kernel ipsec and shorewall
FYI...
---------- Forwarded Message ----------
Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall
Date: Thursday 23 September 2004 07:44
From: "Jonathan Schneider" <jon@clearconcepts.ca>
To: "''Tom Eastep''" <teastep@shorewall.net>
I must have been up too late working on this, looking at it the next day I
noticed I completely forgot
2005 Jan 04
0
IPSEC-Netfilter patch for 2.6.10
A merged patch usable on 2.6.10 has been placed in:
http://shorewall.net/pub/shorewall/contrib/IPSEC/ipsec-nat-2.6.10.patch
ftp://shorewall.net/pub/shorewall/contrib/IPSEC/ipsec-nat-2.6.10.patch
This patch was posted today on the Netfilter Development list -- I have
not tested it.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
2004 Dec 18
0
IPSEC-2.6 Roadwarrior
I''ve successfully tested an IPSEC Roadwarrior configuration where both
the gateway and the roadwarrior are runniing 2.6 with Racoon.
The Shorewall IPSEC-2.6 documentation (http://shorewall.net/IPSEC.htm)
has been updated to reflect my experimentation.
Note that you can get the new ''ipsecvpn'' script from CVS until I release
RC1 in the next day or so.
-Tom
--
Tom
2004 Jan 27
0
IPSEC and the 2.6 Kernels
I am engaged in a discussion on the Netfilter development list about Netfilter
and IPSEC in the 2.6 kernels. There is uniform agreement that the current
implementation is unacceptable and a design for an improved facility is
emerging.
Until that design is implemented and available, I will not be doing anything
more in Shorewall to accommodate the current implementation.
-Tom
--
Tom Eastep
2004 Dec 10
0
[Fwd: RE: Shorewall IPSEC]
Just to close this thread...
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2004 Dec 14
4
ipsec-netfilter patches for 2.6.9
The patches may be found at:
http://shorewall.net/pub/shorewall/contrib/IPSEC
ftp://shorewall.net/pub/shorewall/contrib/IPSEC
I found these patches on the netfilter-devel list and make no warranties
as to how well they work (or not).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP
2004 Oct 14
2
ipsec - report of success
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> I am using kernel 2.6.6 native ipsec with racoon and shorewall 2.1.9
> in production for one week now. I just want to tell you that it seems
> to run stable here.
>
> I am going to extend my setup to a 3 gateway setup soon.
> Afterwards I will try to also get roadwarriors in.
> I will report on that
2004 Dec 19
6
IPSEC vs OpenVPN
While I have concentrated on support for 2.6 native IPSEC in release
2.2.0, I am still of the opinion that unless you absolutely need IPSEC
compatibility that OpenVPN is a much easier (and in the case of
roadwarriors, a much better) solution.
Having already generated all of the required X.509 certificates, it took
me less than 1/2 hr to replace my IPSEC testbed with an OpenVPN one
using the new
2004 Oct 01
4
Re: Error: Your kernel and/or iptables does not not support policy match: ipsec
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> Hello,
>
>
> I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running,
> but I still have a problem:
>
> Validating hosts file...
> Error: Your kernel and/or iptables does not not support policy
match: ipsec
>
> I had a look for netfilter patch-o-matic, but I did not find the
2004 Aug 14
0
Shorewall 2.1.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.4
ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.4
Contains improvements to the support for kernel 2.6 IPSEC.
Warning: The Netfilter IPSEC changes that this version of Shorewall
depends on do not appear to work properly with bridging. I therefore
recommend that you not try ipsec to/from a
2004 Aug 19
0
Shorewall 2.1.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.5
ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.5
This completes the implementation of Kernel 2.6 IPSEC support in Shorewall.
Documentation is still minimal -- see the releasenotes and
http://shorewall.net/IPSEC-2.6.html
- -Tom
- --
Tom Eastep \ Nothing is foolproof to a sufficiently
2004 Aug 24
3
iptables-1.2.9 RPM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I''ve built a 1.2.9 iptables RPM that corrects the two iptables-save
problems that I know about. It is available at:
http://shorewall.net/pub/shorewall/iptables/iptables-1.2.9-95.7.i386.rpm
ftp://shorewall.net/pub/shorewall/iptables/iptables-1.2.9-95.7.i386.rpm
I''m using this on SuSe 9.1 -- for other distros, YYMV...
This RPM works
2004 Oct 24
0
Shorewall 2.2.0 Beta 1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The first beta in the 2.2 series is now available. Download location is:
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta1
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta1
The features available in this release and the migration considerations
are covered in the release notes. Highlights include:
1. The behavior
2004 Nov 02
3
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2004 Nov 02
0
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2004 Aug 09
1
shorewall, ipsec, transport mode (not tunnel mode)
What do I have to do to pass ipsec traffic through shorewall? I am not using ipsec to create a tunnel, I am using it in transport mode to encrypt
communications between specific hosts on my LAN. when the firewall is clear''d traffic works perfectly and i am able to communicate with the hosts i have setup ipsec on, however when i start shorewall i cannot communicate with those hosts