Displaying 20 results from an estimated 10000 matches similar to: "Re: 2.6 Kernel and Native IPSEC"
2004 Dec 22
2
IPSec and Roadwarrior
Tom,
After reading your latest postings, I am correct in understanding that,
even with the netfilter-ipsec and policy patches in kernel 2.6, I still
would not be able to connect more that one roadwarrior at a time?
Mitch
2005 May 02
1
Problems with ipsec roadwarrior
Hello,
i have got a problem with the configuration of an roadwarrior ipsec VPN tunnel with shorewall 2.2.3.
I read the Shorewall Kernel 2.6 IPSEC and folowed the instructions to that point
where to modify the hosts with the folowing parameters:
vpn eth0:0.0.0.0/0 ipsec
But i have got an entry like
net eth0:0.0.0.0/0
even in the same file:
If i
2004 Sep 30
4
IPSec connection from fw itself over vpn
Hello everyone,
I''m not sure whether to place my question here or in the racoon mailing
list or even in that of iptables.
I have created an ipsec connection with racoon in tunnel mode to another
gateway to connect one subnet on each side to each other. This works
fine. Only the ipsec gateway itself can''t send packages to the opposite
subnet.
Shorewall is configured according
2005 Jan 07
2
Shorewall & IPSec gateway
To all,
I''ve just recently finished my "Security Gateway Server" project which
separates a 10 laptop WLAN subnet from our main LAN/Internet network. I
used Debian Sarge with kernel 2.6.9/ipsec-netfilter patched, and
Shorewall 2.2.0-RC3 on a Asus P4S533, 2.4 GHz PenIV and 512MB memory.
The Toshiba A60-S166, PenIV, 2.4G laptops run Windows XP Pro and have
internal Atheros based
2004 Dec 19
6
IPSEC vs OpenVPN
While I have concentrated on support for 2.6 native IPSEC in release
2.2.0, I am still of the opinion that unless you absolutely need IPSEC
compatibility that OpenVPN is a much easier (and in the case of
roadwarriors, a much better) solution.
Having already generated all of the required X.509 certificates, it took
me less than 1/2 hr to replace my IPSEC testbed with an OpenVPN one
using the new
2007 Oct 12
1
OT: a very big problem with ipsec-tools on CentOS5 (SOLVED)
Buf ... Solved. Problem was that /etc/pam.d/racoon doesn't exists (I found this
tip on NetBSD ipsec pages). Simply I have copied /etc/pam.d/passwd to
/etc/pam.d/racoon and now all works as expected.
Many thanks for your help Ross.
Ross S. W. Walker wrote:
>
> I think it might just use another one like /etc/pam.d/remote
> cause I audited the package and it wasn't there.
2004 Oct 04
0
2.6 Kernel and Native IPSEC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As I announced earlier, I''m on vacation this week and we are spending
the week at our second home. Before I left, I simulated an IPSEC tunnel
between this house and our home in the Seattle area and I''m pleased to
announce that the real tunnel works flawlessly.
So I believe that I have done all of the testing that I can on the new
2004 Dec 18
0
IPSEC-2.6 Roadwarrior
I''ve successfully tested an IPSEC Roadwarrior configuration where both
the gateway and the roadwarrior are runniing 2.6 with Racoon.
The Shorewall IPSEC-2.6 documentation (http://shorewall.net/IPSEC.htm)
has been updated to reflect my experimentation.
Note that you can get the new ''ipsecvpn'' script from CVS until I release
RC1 in the next day or so.
-Tom
--
Tom
2003 Oct 26
4
linux-xp x509 ipsec connection
hi,
I can''t get a freeswan 2.02 ipsec x509 connection at work
can somebody help me?
*************************************************************************************
global situation
*************************************************************************************
the linux gateway (chivas) is a single machine 192.168.1.250 with a local net 192.168.1.0/24,
a dyn IP via a DSL
2004 Dec 16
6
[OT] New (old) Firewall at shorewall.net
I''ve rebuilt my old P-II/233 with Debian Sarge and it is now serving as
my main firewall. It is running a home-built 2.6.9 kernel with the
ipsec-netfilter and policy match patches.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \
2003 Jul 03
0
IPSEC, multiple subnets and multiple road warriors, oh my! :)
Hi all,
I''ve been using Shorewall 1.42 for a month on two firewalls at work and
my own personal colocated server and love it. While pretty familiar
with iptables, I don''t like dealing with it on a daily basis, and
Shorewall certainly makes life easier. I''ve deployed Shorewall on both
our Toronto and Ottawa office firewalls, and have configured a
FreeS/WAN IPSEC
2006 Aug 21
0
[Fwd: Re: Connecting CentOS to IPSEC VPN (Checkpoint FW1)]
Sorry Dag,
it is possible to use linux as a roadwarrior client:
http://www.fw-1.de/aerasec/ng/vpn-racoon/CP-VPN1-NG-Linux-racoon-roadwarrior.html
-------- Original Message --------
Subject: Re: [CentOS] Connecting CentOS to IPSEC VPN (Checkpoint FW1)
Date: Mon, 21 Aug 2006 15:20:55 +0200
From: carlopmart <carlopmart at gmail.com>
To: CentOS mailing list <centos at centos.org>
2007 Oct 12
0
OT: a very big problem with ipsec-tools on CentOS5
Hi all,
I am trying to establish a vpn tunnel between one CentOS5 IPSec server and a
roadwarrior client, CentOS5 too. Roadwarrior use ipsec-tools version 0.6.5-8
(that comes with CentOS5) and server uses version 0.7 (downloaded from
ipsec-tools website).
My server configuration is:
path include "/etc/racoon";
path certificate "/etc/racoon/certs";
path pre_shared_key
2013 Apr 11
2
IKEv2/IPSEC "Road Warrior" VPN Tunneling?
Is there a "cookbook" for setting this up? There are examples for
setting up a tunnel between two fixed-address networks (e.g. a remote
LAN that needs to be "integrated" with a central LAN over IPSec but I
can't find anything addressing the other situation -- remote user(s)
where the connecting IPs are not known in advance, such as a person with
a laptop or smartphone in a
2004 Sep 01
11
IPSEC VPN clients on local network
I have problems connecting IPSEC VPN clients on the masqueraded network
to outside VPN servers.
It looks like this:
ipsec-user
| 192.168.1.10 (DHCP assigned)
|
| 192.168.1.1
fw-1 (shorewall, Linux 2.6)
| 20.20.20.20
(internet)
| 30.30.30.30
fw-2 (IPSEC VPN endpoint)
| 192.168.100.1
|
| 192.168.100.2
server
ipsec-user (a road warrior) is supposed to create an IPSEC tunnel to his
home
2014 Jan 10
1
Switch mode three-node routing problem
Dear tinc community,
I am using tinc in switch mode. I have three nodes. Two nodes reside on
routers, vpn-eth is bridged with internal lan, each router has several
machines connected to it's internal lan. Third node is the roadwarrior -
"endpoint" linux PC.
When the roadwarrior is off - everything works perfectly, machines on both
sides can communicate without a problem in any
2004 Aug 09
1
shorewall, ipsec, transport mode (not tunnel mode)
What do I have to do to pass ipsec traffic through shorewall? I am not using ipsec to create a tunnel, I am using it in transport mode to encrypt
communications between specific hosts on my LAN. when the firewall is clear''d traffic works perfectly and i am able to communicate with the hosts i have setup ipsec on, however when i start shorewall i cannot communicate with those hosts
2006 Aug 21
3
Connecting CentOS to IPSEC VPN (Checkpoint FW1)
Hi,
Does anyone have experience using IPSEC on CentOS in order to connect to
vendor IPSEC-based VPN products (specifically Checkpoint FW1) ?
Is the included IPSEC implementation sufficient, or do people have to rely
on OpenSWAN or FreeSWAN ? I'd be testing tomorrow and I'm interested with
experiences others have had and things to look out for.
Thanks in advance,
-- dag wieers, dag
2003 Jan 14
1
MULTIPLE IPSEC TUNNELS
I am have a shorewall firewall and freeswan ipsec running on a redhat 8.0
Linux gateway machine. I have one working tunnel defined, all works well. I
am not clear how to define mutiple concurrent tunnels. I can not add further
interface entries as all the tunnels come in on ipsec0, do I still have
mutiple zone definitions? some of the tunnels will be dynamic roadwarriors
and as such would need a
2005 Mar 03
2
2.6.11 / IPSEC / Netfilter
Hello,
Having combed through the changefile from kernel.org it seems to me that
policy matching is still not in the 2.6 kernel. Is that a sadly correct
statement?
Joh