similar to: [Fwd: Building custom _updown script for freeswan to make it talk with shorewall]

The version of Shorewall in the CVS development tree contains the first implementation of dynamic zones. While these zones are aimed at IPSEC Road Warriors, there is nothing ipsec-specific in the implementation except for a small extension in the tunnels file. There are two new commands: add and delete shorewall {add|delete} <interface>[:<host or subnet>] zone The interface

Hi, Problem: I want 2 vpn tunnels for 2 subnets over one interface ipsec0. Documentation only describes config for 1 vpn or road warriors. I defined 2 vpn zones ''fre'' and ''swe''. #ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local fre VPN_Fre VPN Fre swe VPN_Swe VPN Swe Interface ipsec0 is tunnel over eth1. Local is eth0. ipsec0 serves 2 zones: fre

I have a plan to make freeswan and shorewall talk to each other. Shorewall doesn''t currently have proper handles to make ipsec and firewall work properly together and I''m planning on building a custom _updown script for freeswan to make it communicate with shorewall. How can I make shorewall work properly with different road warriors with different dynamic ip-addresses and

Hi there, I am plotting relative warp scores (equivalent to pca scores) and I want to label (color code and shape) the points by group. I can't figure out how to do this beyond simple plotting. plot(RW1, RW2); Do I need to make vectors of each group and then plot them separately onto the same plot? How do I go about this? Thanks! -- View this message in context:

I am have a shorewall firewall and freeswan ipsec running on a redhat 8.0 Linux gateway machine. I have one working tunnel defined, all works well. I am not clear how to define mutiple concurrent tunnels. I can not add further interface entries as all the tunnels come in on ipsec0, do I still have mutiple zone definitions? some of the tunnels will be dynamic roadwarriors and as such would need a

Hello, I have two rows which are almost identical but miss different values at different locations. I would like to merge these two rows so that the missing values are replaced by the element in the same column on the other row making one row. If both rows contain a NA, NA remains in the output. 1 2 3 4 5 Row1 AA AG GG NA NA Row2 NA AG GG AA NA The

I am new to Shorewall and FreeSwan, please excuse my ignorance I was wondering if someone could help me. I had help getting my FreeSwan running with the following iptables commands: iptables -I FORWARD -s 0/0 -d 192.168.1.0/24 -i ipsec0 -o eth1 -j ACCEPT iptables -I FORWARD -s 192.168.1.0/24 -d 0/0 -i eth1 -o ipsec0 -j ACCEPT If I manually run this FreeSwan works, however I am not sure

Hi list, I am trying to create a VPN between two different locations. On the first location we have a cisco pix 525 Natting the internal 192.168.100.x network, while on the second location we have a Centos3 box Natting via iptables the internal 192.168.10.x netowrk. My goal is to connect this 2 over the internet via IPsec. I created the IPsec Net2Net via the network configuration graphic

Hi all! I have got a vpn connection set up using FreeSwan and shorewall. Everything works fine but I want to add another subnet to the whole. This means that 1 box will get two net-to-net connections. I want to limit the services on one subnet however. Cuurently I have defined a vpn zone for the current connection and allow all vpn<->loc traffic. How would I go about in tightening the

Hello, I seem to have the Freeswan IPSEC tunnel working between my two sites, but I am still having a problem that looks to be because of something I have configured wrong in my shorewall setup.. I have a LEAF Oxygen < 1.9 heavily modifed firewall setup.. Using FreeSwan 1.91, and Kernel 2.4.8. Modified to use IPTables and standard Debian network/interfaces. I am also using Shorewall

Hi. I am trying to force some traffic that goes to address 203.7.93.94 through a VPN tunnel. I use freeswan 1.98b and Shorewall 1.4.6c in one machine. The 203.7.93.94 is in the DMZ on the other end. (Both ends use the same shorewall and freeswan). I have successfully set up a tunnel between the two network (using a point to point topology, not hub). I added a static routing that redirect

hi, I can''t get a freeswan 2.02 ipsec x509 connection at work can somebody help me? ************************************************************************************* global situation ************************************************************************************* the linux gateway (chivas) is a single machine 192.168.1.250 with a local net 192.168.1.0/24, a dyn IP via a DSL

Once you have Samba shares up and running on the internal network, how do you go about making them available (browsable) via the Internet--a VPN? I hate to say it but in Windows 2k it's just a matter of a few clicks on the server and client. I'm hoping that it's not much harder with a Linux server/Windows client. Anything involving something like SSH will be too hard for most users.

Hi, Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey on which I have one address on my side acting as an SNAT router for all traffic from my network to a network segment on the far side. my network --- my gateway ---------------------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can

Hello, it looks like the usual way to do ipsec on centos5 won't work anymore on centos6 I installed ipsec-tools but an interface type IPsec is not recognized by the kernel ifup ipsec0 Device does not seem to be present, delaying initialization. I am not planning to use the awful OpenSwan, I Want to sue the Kame implementation which was working fine on CentOS5 any hints ? thank you

Hi, I had a look at this page which describes a single VPN zone called "vpn": http://www.shorewall.net/IPSEC-2.6.html Is this the most current information? It is the top page found by Google for "shorewall ipsec" Is there any information about setting up multiple VPN zones for different classes of road warrior? E.g. lets say there are two classes of road warrior:

Hello! I've got a problem with DNS,VPN and SAMBA. I do have 3 Linux servers on distinct subnets. (192.168.1.1 ,192.168.2.1 and 192.168.3.1). I have done a VPN between the 3 subnets and I could do a ping from 192.168.1.1 to the others without problems. Each sever has 2 network cards. One of them is connected to ADSL.

Hi All, Is it possible to establish site-to-site VPN using dynamic IP addresss assigned by ISP ? If yes, I would like to request a sample ipsec.conf for such scenario... Thanks and warmest regards aslay ################################################### # This message has been scanned for viruses and # # dangerous content by Pensteel Digital Solutions # # Open Source Security Server,

Hello, I use Julian Anastasov ''routes'' (to be more specific: static_routes, alt_routes and nf_reroute) patches on a 2.4.32 kernel. On the same host I run IPSec. I have discovered after a few hours of networking problems that, when IPSec is enabled on that patched kernel, inspecting packets with tcpdump while arping-ing a host from a network physically connected to this

I have just setup a VPN connection three sites using IPCOP. Everything seems to be talking ok, apart from browsing the network neighborhood. There are no NT/Win2K/XP servers running on any of the sites, all sites are just running win98 pc's using tcp/ip. I have tried configuring all PC's to be on the same workgroup and setup sharing, but still each site can only see the pc's