Menu
▾
▴
devil-linux-discuss
|
From: Heiko Z. <he...@zu...> - 2007-08-23 15:12:51
|
Hey everyone, I just uploaded a new testing release for 1.2.14 ftp://ftp.devil-linux.org/pub/devel/testing Would be great if some of you could test the latest updates. Thx -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Heiko Z. <he...@zu...> - 2009-07-24 16:25:58
|
I uploaded a new testing release to the FTP server. If you did submit bugs, please download and test if they're resolved now. Please respond to your bugs, so we can close them if they're fixed. -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |
|
From: Dietmar R. <die...@gm...> - 2009-08-19 11:20:11
|
I tried to upgrade from a DL 1.2.14 but it seem like IPP2P Match is missing in the new kernel and iptables. Could it be added. Didi 2009/7/24 Heiko Zuerker <he...@zu...>: > I uploaded a new testing release to the FTP server. > > If you did submit bugs, please download and test if they're resolved now. > Please respond to your bugs, so we can close them if they're fixed. > > -- > > Regards > Heiko Zuerker > http://www.devil-linux.org > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > |
|
From: Heiko Z. <he...@zu...> - 2009-08-19 12:50:34
|
Hey, not sure if it was removed by the netfilter team or we just have it accidentally disabled. Please create a bug report in Mantis, the link is on our website. Heiko Quoting Dietmar Rieder <die...@gm...>: > I tried to upgrade from a DL 1.2.14 but it seem like IPP2P Match is > missing in the new kernel and iptables. Could it be added. > > Didi > > 2009/7/24 Heiko Zuerker <he...@zu...>: >> I uploaded a new testing release to the FTP server. >> >> If you did submit bugs, please download and test if they're resolved now. >> Please respond to your bugs, so we can close them if they're fixed. >> >> -- >> >> Regards >> Heiko Zuerker >> http://www.devil-linux.org >> >> >> ---------------------------------------------------------------- >> This message was sent using IMP, the Internet Messaging Program. >> >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |
|
From: Dietmar R. <die...@gm...> - 2009-08-19 14:33:21
|
2009/8/19 Heiko Zuerker <he...@zu...>: > Hey, > > not sure if it was removed by the netfilter team or we just have it > accidentally disabled. > Please create a bug report in Mantis, the link is on our website. Done! Thanks. Didi |
|
From: Serge L. <fi...@in...> - 2009-08-24 04:16:13
|
Hello,
Dietmar Rieder wrote:
> 2009/8/19 Heiko Zuerker <he...@zu...>:
>> Hey,
>>
>> not sure if it was removed by the netfilter team or we just have it
>> accidentally disabled.
>> Please create a bug report in Mantis, the link is on our website.
>
> Done!
> Thanks.
I've managed to build ipp2p extension for DL 1.4RC2. The only one simple
modification is required. I've added the patch to the pom tarball. The changes
will be submitted soon.
root@gw:~ # iptables -A FORWARD -m ipp2p --edk --kazaa --bit -j DROP
root@gw:~ # iptables -A FORWARD -p tcp -m ipp2p --ares -j DROP
root@gw:~ # iptables -A FORWARD -p udp -m ipp2p --kazaa -j DROP
root@gw:~ #
root@gw:~ # iptables -nvL
Chain INPUT (policy ACCEPT 59 packets, 3836 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
ipp2p v0.8.2-pomng --kazaa --edk --bit
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
ipp2p v0.8.2-pomng --ares
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
ipp2p v0.8.2-pomng --kazaa
Sincerely,
Serge
|
|
From: Heiko Z. <he...@zu...> - 2009-08-24 11:41:16
|
It just hit me, wouldn't the l7filter do the same thing? http://l7-filter.sourceforge.net/ Heiko Quoting Serge Leschinsky <fi...@in...>: > Hello, > > Dietmar Rieder wrote: >> 2009/8/19 Heiko Zuerker <he...@zu...>: >>> Hey, >>> >>> not sure if it was removed by the netfilter team or we just have it >>> accidentally disabled. >>> Please create a bug report in Mantis, the link is on our website. >> >> Done! >> Thanks. > I've managed to build ipp2p extension for DL 1.4RC2. The only one simple > modification is required. I've added the patch to the pom tarball. > The changes > will be submitted soon. > > root@gw:~ # iptables -A FORWARD -m ipp2p --edk --kazaa --bit -j DROP > root@gw:~ # iptables -A FORWARD -p tcp -m ipp2p --ares -j DROP > root@gw:~ # iptables -A FORWARD -p udp -m ipp2p --kazaa -j DROP > root@gw:~ # > root@gw:~ # iptables -nvL > Chain INPUT (policy ACCEPT 59 packets, 3836 bytes) > pkts bytes target prot opt in out source > destination > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 > ipp2p v0.8.2-pomng --kazaa --edk --bit > 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 > ipp2p v0.8.2-pomng --ares > 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 > ipp2p v0.8.2-pomng --kazaa > > Sincerely, > Serge > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > -- Regards Heiko Zuerker http://www.devil-linux.org ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. |
|
From: Serge L. <fi...@in...> - 2009-08-25 03:06:20
|
Heiko Zuerker wrote: > It just hit me, wouldn't the l7filter do the same thing? > http://l7-filter.sourceforge.net/ > Probably yes. :-) I didn't compare those extensions. We can leave it as an option for individual builders because p-o-m is controlled by external config file and everything is disabled by default. Serge |
|
From: Dietmar R. <die...@gm...> - 2009-09-08 11:40:21
|
2009/8/25 Serge Leschinsky <fi...@in...>: > Heiko Zuerker wrote: >> It just hit me, wouldn't the l7filter do the same thing? >> http://l7-filter.sourceforge.net/ >> > Probably yes. :-) I didn't compare those extensions. We can leave it as an > option for individual builders because p-o-m is controlled by external config > file and everything is disabled by default. > Does, this mean, that I'd have to build (compile) DL on my own? As far as I found out, shorewall (which I'm using and which is shipped with DL) is not supporting l7-filter... Didi |
|
From: Heiko Z. <he...@zu...> - 2009-09-08 13:07:41
|
> -----Original Message----- > From: Dietmar Rieder [mailto:die...@gm...] > Sent: Tuesday, September 08, 2009 6:40 AM > To: dev...@li... > Subject: Re: [Devil-Linux-discuss] new testing release > > 2009/8/25 Serge Leschinsky <fi...@in...>: > > Heiko Zuerker wrote: > >> It just hit me, wouldn't the l7filter do the same thing? > >> http://l7-filter.sourceforge.net/ > >> > > Probably yes. :-) I didn't compare those extensions. We can leave it > as an > > option for individual builders because p-o-m is controlled by > external config > > file and everything is disabled by default. > > > > Does, this mean, that I'd have to build (compile) DL on my own? > As far as I found out, shorewall (which I'm using and which is shipped > with DL) is not supporting l7-filter... I thought Serge wrote in an earlier post that he fixed it. Heiko |
|
From: Serge L. <fi...@in...> - 2009-09-09 02:40:04
|
Heiko Zuerker wrote: >> Does, this mean, that I'd have to build (compile) DL on my own? >> As far as I found out, shorewall (which I'm using and which is shipped >> with DL) is not supporting l7-filter... > > I thought Serge wrote in an earlier post that he fixed it. > Actually, I was not sure we need it enabled by default, so the last change was really absent. I've submitted the change just now and it will be a part of official DL. Sincerely, Serge |
|
From: Dietmar R. <die...@gm...> - 2009-09-09 08:09:39
|
2009/9/9 Serge Leschinsky <fi...@in...>: > Actually, I was not sure we need it enabled by default, so the last change was > really absent. I've submitted the change just now and it will be a part of > official DL. Thank you so much... Didi |
|
From: Heiko Z. <he...@zu...> - 2009-09-11 20:10:27
|
> -----Original Message----- > From: Heiko Zuerker [mailto:he...@zu...] > Sent: Friday, July 24, 2009 11:26 AM > To: Devil-Linux Developer Mailinglist; Devil-Linux Discuss Mailinglist > Subject: [Devil-Linux-discuss] new testing release > > I uploaded a new testing release to the FTP server. > > If you did submit bugs, please download and test if they're resolved > now. > Please respond to your bugs, so we can close them if they're fixed. I uploaded the latest testing version to the FTP server. Heiko |
|
From: Dietmar R. <die...@gm...> - 2009-09-14 09:38:53
|
2009/9/11 Heiko Zuerker <he...@zu...>: >> -----Original Message----- >> From: Heiko Zuerker [mailto:he...@zu...] >> Sent: Friday, July 24, 2009 11:26 AM >> To: Devil-Linux Developer Mailinglist; Devil-Linux Discuss Mailinglist >> Subject: [Devil-Linux-discuss] new testing release >> >> I uploaded a new testing release to the FTP server. >> >> If you did submit bugs, please download and test if they're resolved >> now. >> Please respond to your bugs, so we can close them if they're fixed. > > I uploaded the latest testing version to the FTP server. I just tried the new testing version, but unfortunately the shipped version of Shorewall is buggy and therefore unusable. Would it be possible to include the fixed version shorewall-perl-4.2.11.1 or even better a recent stable version shorewall-4.4.1.2? Thanks Didi |
|
From: PeterJannesen, V. <P.J...@vi...> - 2007-09-04 06:13:37
|
Hi Heiko, I did a small test on the new testing release (from 1.2.14-2007-05-24 to 2007-08-23) I read earlier that openswan is replaced by strongswan and it seems that IPSec is not working anymore. It seams that the tunnels are comming up but the routes are not created. Furher it seems that /usr/lib/ipsec/_updown is not supporting /etc/sysconfig/pluto_updown anymore. I use pluto_updown to put the route in a different table with rules. I my first impression is that strongswan is not supporting pluto_updown. This is a problem because you can't change the standard /usr/lib/ipsec/_updown script with out creating a custom build. -- Peter=20 -----Original Message----- From: dev...@li... [mailto:dev...@li...] On Behalf Of Heiko Zuerker Sent: donderdag 23 augustus 2007 16:49 To: dev...@li... Subject: [Devil-Linux-discuss] new testing release Hey everyone, I just uploaded a new testing release for 1.2.14 ftp://ftp.devil-linux.org/pub/devel/testing Would be great if some of you could test the latest updates. Thx --=20 Regards Heiko Zuerker http://www.devil-linux.org ------------------------------------------------------------------------ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Devil-linux-discuss mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
|
From: Heiko Z. <he...@zu...> - 2007-09-09 14:05:59
|
Peter, I took a quick look at the Strongswan 4.1 documentation and there's a parameter you have to set. Here's the extract from the doc: ------------- 11.1 Environment variables in the updown script strongSwan makes the following environment variables available in the updown script indicated by the leftupdown parameter: ------------- I'm not sure about the routes, it's quite a while since I used xxxxxSWAN Heiko On Tue, September 4, 2007 01:13, PeterJannesen, Visiq wrote: > Hi Heiko, > > > I did a small test on the new testing release (from 1.2.14-2007-05-24 to > 2007-08-23) > > > I read earlier that openswan is replaced by strongswan and it seems that > IPSec is not working anymore. > It seams that the tunnels are comming up but the routes are not created. > > > Furher it seems that /usr/lib/ipsec/_updown is not supporting > /etc/sysconfig/pluto_updown anymore. > I use pluto_updown to put the route in a different table with rules. I > my first impression is that strongswan is not supporting pluto_updown. This > is a problem because you can't change the standard /usr/lib/ipsec/_updown > script with out creating a custom build. > > -- Peter > > > -----Original Message----- > From: dev...@li... > [mailto:dev...@li...] On Behalf Of > Heiko Zuerker > Sent: donderdag 23 augustus 2007 16:49 > To: dev...@li... > Subject: [Devil-Linux-discuss] new testing release > > > Hey everyone, > > > I just uploaded a new testing release for 1.2.14 > ftp://ftp.devil-linux.org/pub/devel/testing > > > Would be great if some of you could test the latest updates. > > > Thx > > > -- > > > Regards > Heiko Zuerker > http://www.devil-linux.org > > > > > ------------------------------------------------------------------------ > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: PeterJannesen, V. <P.J...@vi...> - 2007-09-11 07:54:24
|
Heiko, The _updown script (located in /usr/lib/ipsec) of openswan includes /etc/sysconfig/pluto_updown. When you set the variable IPROUTETABLE to for example "ipsec" All ipsec routes are places in de ipsec route table and the te correct rules are also generated. The _updown script of strongswan don't include /etc/sysconfig/pluto_updown. So you must edit /usr/lib/ipsec/_updown directly bot this is implosible because it is stored on CD. This is a problem when you need iproute2. -- Peter -----Original Message----- From: dev...@li... [mailto:dev...@li...] On Behalf Of Heiko Zuerker Sent: zondag 9 september 2007 16:06 To: dev...@li... Subject: Re: [Devil-Linux-discuss] new testing release Peter, I took a quick look at the Strongswan 4.1 documentation and there's a parameter you have to set. Here's the extract from the doc: ------------- 11.1 Environment variables in the updown script strongSwan makes the following environment variables available in the updown script indicated by the leftupdown parameter: ------------- I'm not sure about the routes, it's quite a while since I used xxxxxSWAN Heiko On Tue, September 4, 2007 01:13, PeterJannesen, Visiq wrote: > Hi Heiko, > > > I did a small test on the new testing release (from 1.2.14-2007-05-24=20 > to > 2007-08-23) > > > I read earlier that openswan is replaced by strongswan and it seems=20 > that IPSec is not working anymore. > It seams that the tunnels are comming up but the routes are not created. > > > Furher it seems that /usr/lib/ipsec/_updown is not supporting=20 > /etc/sysconfig/pluto_updown anymore. > I use pluto_updown to put the route in a different table with rules. I > my first impression is that strongswan is not supporting pluto_updown. > This is a problem because you can't change the standard=20 > /usr/lib/ipsec/_updown script with out creating a custom build. > > -- Peter > > > -----Original Message----- > From: dev...@li... > [mailto:dev...@li...] On Behalf=20 > Of Heiko Zuerker > Sent: donderdag 23 augustus 2007 16:49 > To: dev...@li... > Subject: [Devil-Linux-discuss] new testing release > > > Hey everyone, > > > I just uploaded a new testing release for 1.2.14=20 > ftp://ftp.devil-linux.org/pub/devel/testing > > > Would be great if some of you could test the latest updates. > > > Thx > > > -- > > > Regards > Heiko Zuerker > http://www.devil-linux.org > > > > > ---------------------------------------------------------------------- > -- > - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/=20 > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > > ---------------------------------------------------------------------- > --- This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/=20 > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > --=20 Regards Heiko Zuerker http://www.devil-linux.org ------------------------------------------------------------------------ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Devil-linux-discuss mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
|
From: Heiko Z. <he...@zu...> - 2007-09-11 11:46:54
|
Hey, I thought I saw a comment in the script that it is using iproute2, but I could be mistaken. Couldn't you copy the strongswan script into /etc/xxxx and just point to it by using the leftupdown parameter? Since the file would then reside in a writable location you should be able to do the necessary modifications. Heiko On Tue, September 11, 2007 02:54, PeterJannesen, Visiq wrote: > Heiko, > > > The _updown script (located in /usr/lib/ipsec) of openswan includes > /etc/sysconfig/pluto_updown. When you set the variable IPROUTETABLE to > for example "ipsec" All ipsec routes are places in de ipsec route table and > the te correct rules are also generated. > > The _updown script of strongswan don't include > /etc/sysconfig/pluto_updown. So you must edit /usr/lib/ipsec/_updown > directly bot this is implosible because it is stored on CD. > > This is a problem when you need iproute2. > > > -- Peter > > > -----Original Message----- > From: dev...@li... > [mailto:dev...@li...] On Behalf Of > Heiko Zuerker > Sent: zondag 9 september 2007 16:06 > To: dev...@li... > Subject: Re: [Devil-Linux-discuss] new testing release > > > Peter, > > > I took a quick look at the Strongswan 4.1 documentation and there's a > parameter you have to set. Here's the extract from the doc: > ------------- > 11.1 Environment variables in the updown script > > > strongSwan makes the following environment variables available in the > updown script indicated by the leftupdown parameter: ------------- > > > I'm not sure about the routes, it's quite a while since I used xxxxxSWAN > > > Heiko > > > > On Tue, September 4, 2007 01:13, PeterJannesen, Visiq wrote: > >> Hi Heiko, >> >> >> >> I did a small test on the new testing release (from 1.2.14-2007-05-24 >> to 2007-08-23) >> >> >> >> I read earlier that openswan is replaced by strongswan and it seems >> that IPSec is not working anymore. It seams that the tunnels are comming >> up but the routes are not > created. >> >> >> Furher it seems that /usr/lib/ipsec/_updown is not supporting >> /etc/sysconfig/pluto_updown anymore. >> I use pluto_updown to put the route in a different table with rules. I >> > >> my first impression is that strongswan is not supporting pluto_updown. > >> This is a problem because you can't change the standard >> /usr/lib/ipsec/_updown script with out creating a custom build. >> >> >> -- Peter >> >> >> >> -----Original Message----- >> From: dev...@li... >> [mailto:dev...@li...] On Behalf >> Of Heiko Zuerker >> Sent: donderdag 23 augustus 2007 16:49 >> To: dev...@li... >> Subject: [Devil-Linux-discuss] new testing release >> >> >> >> Hey everyone, >> >> >> >> I just uploaded a new testing release for 1.2.14 >> ftp://ftp.devil-linux.org/pub/devel/testing >> >> >> >> Would be great if some of you could test the latest updates. >> >> >> >> Thx >> >> >> >> -- >> >> >> >> Regards >> Heiko Zuerker >> http://www.devil-linux.org >> >> >> >> >> >> ---------------------------------------------------------------------- >> -- >> - >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a >> > browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> >> >> >> ---------------------------------------------------------------------- >> --- This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a >> > browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> >> >> > > > -- > > > Regards > Heiko Zuerker > http://www.devil-linux.org > > > > > ------------------------------------------------------------------------ > - > This SF.net email is sponsored by: Microsoft Defy all challenges. > Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Stefan E. <Ste...@av...> - 2007-09-12 06:21:58
|
Hi, that's exactly the way I did it. Just specify something like leftupdown=/etc/ipsec.d/_updown_tunnel in /etc/ipsec.conf and copy the tunnel-script to /etc/ipsec.d and this should work fine. I did this, because I modified the script to dynamically add and remove firewall rules to enable different firewall zones in shorewall to deal with the vpn connections defined in ipsec.conf. Stefan Heiko Zuerker wrote: > Hey, > > I thought I saw a comment in the script that it is using iproute2, but I > could be mistaken. > Couldn't you copy the strongswan script into /etc/xxxx and just point to > it by using the leftupdown parameter? Since the file would then reside in > a writable location you should be able to do the necessary modifications. > > Heiko > > On Tue, September 11, 2007 02:54, PeterJannesen, Visiq wrote: >> Heiko, >> >> >> The _updown script (located in /usr/lib/ipsec) of openswan includes >> /etc/sysconfig/pluto_updown. When you set the variable IPROUTETABLE to >> for example "ipsec" All ipsec routes are places in de ipsec route table and >> the te correct rules are also generated. >> >> The _updown script of strongswan don't include >> /etc/sysconfig/pluto_updown. So you must edit /usr/lib/ipsec/_updown >> directly bot this is implosible because it is stored on CD. >> >> This is a problem when you need iproute2. >> >> >> -- Peter >> >> >> -----Original Message----- >> From: dev...@li... >> [mailto:dev...@li...] On Behalf Of >> Heiko Zuerker >> Sent: zondag 9 september 2007 16:06 >> To: dev...@li... >> Subject: Re: [Devil-Linux-discuss] new testing release >> >> >> Peter, >> >> >> I took a quick look at the Strongswan 4.1 documentation and there's a >> parameter you have to set. Here's the extract from the doc: >> ------------- >> 11.1 Environment variables in the updown script >> >> >> strongSwan makes the following environment variables available in the >> updown script indicated by the leftupdown parameter: ------------- >> >> >> I'm not sure about the routes, it's quite a while since I used xxxxxSWAN >> >> >> Heiko >> >> >> >> On Tue, September 4, 2007 01:13, PeterJannesen, Visiq wrote: >> >>> Hi Heiko, >>> >>> >>> >>> I did a small test on the new testing release (from 1.2.14-2007-05-24 >>> to 2007-08-23) >>> >>> >>> >>> I read earlier that openswan is replaced by strongswan and it seems >>> that IPSec is not working anymore. It seams that the tunnels are comming >>> up but the routes are not >> created. >>> >>> Furher it seems that /usr/lib/ipsec/_updown is not supporting >>> /etc/sysconfig/pluto_updown anymore. >>> I use pluto_updown to put the route in a different table with rules. I >>> >>> my first impression is that strongswan is not supporting pluto_updown. >>> This is a problem because you can't change the standard >>> /usr/lib/ipsec/_updown script with out creating a custom build. >>> >>> >>> -- Peter >>> >>> >>> >>> -----Original Message----- >>> From: dev...@li... >>> [mailto:dev...@li...] On Behalf >>> Of Heiko Zuerker >>> Sent: donderdag 23 augustus 2007 16:49 >>> To: dev...@li... >>> Subject: [Devil-Linux-discuss] new testing release >>> >>> >>> >>> Hey everyone, >>> >>> >>> >>> I just uploaded a new testing release for 1.2.14 >>> ftp://ftp.devil-linux.org/pub/devel/testing >>> >>> >>> >>> Would be great if some of you could test the latest updates. >>> >>> >>> >>> Thx >>> >>> >>> >>> -- >>> >>> >>> >>> Regards >>> Heiko Zuerker >>> http://www.devil-linux.org >>> >>> >>> >>> >>> >>> ---------------------------------------------------------------------- >>> -- >>> - >>> This SF.net email is sponsored by: Splunk Inc. >>> Still grepping through log files to find problems? Stop. >>> Now Search log events and configuration files using AJAX and a >>> >> browser. >>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>> _______________________________________________ >>> Devil-linux-discuss mailing list >>> Dev...@li... >>> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >>> >>> >>> >>> ---------------------------------------------------------------------- >>> --- This SF.net email is sponsored by: Splunk Inc. >>> Still grepping through log files to find problems? Stop. >>> Now Search log events and configuration files using AJAX and a >>> >> browser. >>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>> _______________________________________________ >>> Devil-linux-discuss mailing list >>> Dev...@li... >>> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >>> >>> >>> >> >> -- >> >> >> Regards >> Heiko Zuerker >> http://www.devil-linux.org >> >> >> >> >> ------------------------------------------------------------------------ >> - >> This SF.net email is sponsored by: Microsoft Defy all challenges. >> Microsoft(R) Visual Studio 2005. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2005. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> |
|
From: PeterJannesen, V. <P.J...@vi...> - 2007-09-12 10:06:04
|
Hey, I can use de openswan _updown (already has the code to put the routes in a different table and rules) script as a template. Create the file in /etc/ipsec.d/... and I very thing is right it wil work. I will give this a try. -- Peter -----Original Message----- From: dev...@li... [mailto:dev...@li...] On Behalf Of Heiko Zuerker Sent: dinsdag 11 september 2007 13:47 To: dev...@li... Subject: Re: [Devil-Linux-discuss] new testing release Hey, I thought I saw a comment in the script that it is using iproute2, but I could be mistaken. Couldn't you copy the strongswan script into /etc/xxxx and just point to it by using the leftupdown parameter? Since the file would then reside in a writable location you should be able to do the necessary modifications. Heiko On Tue, September 11, 2007 02:54, PeterJannesen, Visiq wrote: > Heiko, > > > The _updown script (located in /usr/lib/ipsec) of openswan includes=20 > /etc/sysconfig/pluto_updown. When you set the variable IPROUTETABLE to > for example "ipsec" All ipsec routes are places in de ipsec route=20 > table and the te correct rules are also generated. > > The _updown script of strongswan don't include=20 > /etc/sysconfig/pluto_updown. So you must edit /usr/lib/ipsec/_updown=20 > directly bot this is implosible because it is stored on CD. > > This is a problem when you need iproute2. > > > -- Peter > > > -----Original Message----- > From: dev...@li... > [mailto:dev...@li...] On Behalf=20 > Of Heiko Zuerker > Sent: zondag 9 september 2007 16:06 > To: dev...@li... > Subject: Re: [Devil-Linux-discuss] new testing release > > > Peter, > > > I took a quick look at the Strongswan 4.1 documentation and there's a=20 > parameter you have to set. Here's the extract from the doc: > ------------- > 11.1 Environment variables in the updown script > > > strongSwan makes the following environment variables available in the=20 > updown script indicated by the leftupdown parameter: ------------- > > > I'm not sure about the routes, it's quite a while since I used=20 > xxxxxSWAN > > > Heiko > > > > On Tue, September 4, 2007 01:13, PeterJannesen, Visiq wrote: > >> Hi Heiko, >> >> >> >> I did a small test on the new testing release (from 1.2.14-2007-05-24 >> to 2007-08-23) >> >> >> >> I read earlier that openswan is replaced by strongswan and it seems=20 >> that IPSec is not working anymore. It seams that the tunnels are=20 >> comming up but the routes are not > created. >> >> >> Furher it seems that /usr/lib/ipsec/_updown is not supporting=20 >> /etc/sysconfig/pluto_updown anymore. >> I use pluto_updown to put the route in a different table with rules.=20 >> I >> > >> my first impression is that strongswan is not supporting pluto_updown. > >> This is a problem because you can't change the standard=20 >> /usr/lib/ipsec/_updown script with out creating a custom build. >> >> >> -- Peter >> >> >> >> -----Original Message----- >> From: dev...@li... >> [mailto:dev...@li...] On Behalf=20 >> Of Heiko Zuerker >> Sent: donderdag 23 augustus 2007 16:49 >> To: dev...@li... >> Subject: [Devil-Linux-discuss] new testing release >> >> >> >> Hey everyone, >> >> >> >> I just uploaded a new testing release for 1.2.14=20 >> ftp://ftp.devil-linux.org/pub/devel/testing >> >> >> >> Would be great if some of you could test the latest updates. >> >> >> >> Thx >> >> >> >> -- >> >> >> >> Regards >> Heiko Zuerker >> http://www.devil-linux.org >> >> >> >> >> >> --------------------------------------------------------------------- >> - >> -- >> - >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a >> > browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/=20 >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> >> >> >> --------------------------------------------------------------------- >> - >> --- This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a >> > browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/=20 >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> >> >> > > > -- > > > Regards > Heiko Zuerker > http://www.devil-linux.org > > > > > ---------------------------------------------------------------------- > -- > - > This SF.net email is sponsored by: Microsoft Defy all challenges. > Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > > ---------------------------------------------------------------------- > --- This SF.net email is sponsored by: Microsoft Defy all challenges. > Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Devil-linux-discuss mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss > > --=20 Regards Heiko Zuerker http://www.devil-linux.org ------------------------------------------------------------------------ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Devil-linux-discuss mailing list Dev...@li... https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss |
|
From: Heiko Z. <he...@zu...> - 2007-09-20 19:13:14
|
I just uploaded a new testing release for 1.2.14 ftp://ftp.devil-linux.org/pub/devel/testing Would be great if some of you could test the latest updates. -- Regards Heiko Zuerker http://www.devil-linux.org |
|
From: Dietmar R. <die...@gm...> - 2007-09-24 06:46:33
|
2007/9/20, Heiko Zuerker <he...@zu...>: > I just uploaded a new testing release for 1.2.14 > > ftp://ftp.devil-linux.org/pub/devel/testing > > Would be great if some of you could test the latest updates. I built my own ISO from source and I'm running it on 2 machines. One acts as firewall using shorewall and the other acts as VPN gateway using shorewall, openvpn and strongswan. As you see, I do not use much of the included software, therefore I build my own ISO which is limited to the functionality I need. But for this the new ISO works fine, except that after upgrading the config, shorewall isn't started automagically anymore. I had to (re)-activate it again via setup. Didi |
