similar to: Shorewall 2.1.4

Magnus Hyllander wrote: > > I guess what I''m wondering is, how does Shorewall (netfilter) know which > zone a certain road warrior belongs to? I''ve just completed getting dynamic zones working with ipsec again. A dynamic IPSEC zone is defined in /etc/shorewall/zones by following the short name (first column) with ":ipsec". The code is in CVS. There are a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In this release: 1) Dynamic Ipsec Zones now work. 2) Output Traffic Accounting by user/group is supported (thanks to Tuomas Jormola). 3) The following negative test options are added in /etc/shorewall/ipsec and /etc/shorewall/masq: reqid!=<number> spi!=<number> proto!=esp|ah|ipcomp mode!=tunnel|transport

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.5 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.5 This completes the implementation of Kernel 2.6 IPSEC support in Shorewall. Documentation is still minimal -- see the releasenotes and http://shorewall.net/IPSEC-2.6.html - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The first beta in the 2.2 series is now available. Download location is: http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta1 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta1 The features available in this release and the migration considerations are covered in the release notes. Highlights include: 1. The behavior

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

>sample setups of freeswan working with shorewall? I just implemented this a few days ago. In my case it was the simple scenario of two private subnets (with different private network numbers!) already equipped with Shorewall firewalls on which I added Freeswan. The hardest part was being patient enough for the other end''s firewall (a 486= ) to compile the patched kernel. I basically

Hello listmates, I've got this Centos 5.5 box which I am trying to configure as an OpenVPN server. Now 2.1.4 seems to have added pkcs11 support and that stops me from creating the CA and other necessary files: [root at gw5fl 2.0]# . ./vars bash: /usr/share/doc/openvpn-2.1.4/easy-rsa/2.0/whichopensslcnf: Permission denied NOTE: If you run ./clean-all, I will be doing a rm -rf on

Hello all, I''ve recently upgraded a Suse 9.1 box to Suse 9.2 (reinstall actually). This is mainly a test server that I use for testing our device with nat/snat etc. I just got around to reinstalling Shorewall 2.2.4, and I''m having an odd problem at startup I was hoping someone could perhaps shed some light on. I''ve created a very basic setup just to get Shorewall

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

What do I have to do to pass ipsec traffic through shorewall? I am not using ipsec to create a tunnel, I am using it in transport mode to encrypt communications between specific hosts on my LAN. when the firewall is clear''d traffic works perfectly and i am able to communicate with the hosts i have setup ipsec on, however when i start shorewall i cannot communicate with those hosts

Version: 2.1.4 OS: Gentoo stable/amd64 OpenSSL version: 1.0.0h I'm having a slight problem with the client certificates in Dovecot 2.1.4. I've set-up the client certificate verification/authentication, and it seems that Dovecot is choking on the trustchain with CRL's that I'm providing to it (attached to this mail). When I enable the client authentication using certificates, and

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Hello all -- I am trying to get Shorewall, ipsec and RedHat ES version 3 to cooperate. Before posting any specific problems, I thought I''d find out if I have the right stuff to work with. (I''ve gotten ipsec to work flawlessly with Shorewall using RH 8 and 9 kernels, so I have some experience with it. Shorewall 2.0.12 works fine on this ES 3 box, except for the ipsec part)

I set up an ipsec/racoon vpn tunnel test environment. The gateway machines are 192.168.0.30 and 192.168.0.31 on the external adaptor and 10.0.1.1 and 10.0.2.1 internally. The test workstations are 10.0.1.10 and 10.0.2.10. The tunnel seems to be working as in 10.0.1.10 can talk to 10.0.2.10 an vice versa and they can both use the net via NAT, however 192.168.0.30 and 192.168.0.31 cannot directly

http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.3 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.3 This version includes my first cut at IPSEC support for 2.6 Kernels with the new policy match facility. That facility must be installed using patch-o-matic-ng as described on the Netfilter site. I''m anticipating that the facility will be part of standard kernels by the time

Hello, I seem to have the Freeswan IPSEC tunnel working between my two sites, but I am still having a problem that looks to be because of something I have configured wrong in my shorewall setup.. I have a LEAF Oxygen < 1.9 heavily modifed firewall setup.. Using FreeSwan 1.91, and Kernel 2.4.8. Modified to use IPTables and standard Debian network/interfaces. I am also using Shorewall

To all, I''ve just recently finished my "Security Gateway Server" project which separates a 10 laptop WLAN subnet from our main LAN/Internet network. I used Debian Sarge with kernel 2.6.9/ipsec-netfilter patched, and Shorewall 2.2.0-RC3 on a Asus P4S533, 2.4 GHz PenIV and 512MB memory. The Toshiba A60-S166, PenIV, 2.4G laptops run Windows XP Pro and have internal Atheros based

I am trying to get a debian system with openswan 2.2 shorewall 2.1.11 + debian kernel 2.6.8 working together. I have read the documentation (IPSEC using Linux Kernel 2.6) and before I go and compile my own modules I would like to know if the standard debian kernel already has the Netfilter+ipsec patches and the policy match patches installed. Does anyone know? thanks Jim

Hi all, I mentioned this on the #dovecot irc channel, but I thought I would post here so I can provide more details. The basic problem is that when I upgraded from 2.1.4 to 2.1.7, some users no longer are able to see their folders in pine/alpine. The folders are actually there, and are subscribed (according to doveadm) and its possible to do operations on those folders, if you know the name (for

Ventrilo in version 2.1.4 work properly good under wine. I talk with friend without any problems with sound, but there is one with "Push-to-talk" function (hotkey). When frame with ventrilo have lost focus i can't use this function. I spent a lot of time to googled about it and I found program called xbindkeys. I got idea, that I can use this program to send keystroke to ventrilo.