Menu
▾
▴
Re: [Devil-Linux-discuss] new testing release
|
From: Stefan E. <Ste...@av...> - 2007-09-12 06:21:58
|
Hi, that's exactly the way I did it. Just specify something like leftupdown=/etc/ipsec.d/_updown_tunnel in /etc/ipsec.conf and copy the tunnel-script to /etc/ipsec.d and this should work fine. I did this, because I modified the script to dynamically add and remove firewall rules to enable different firewall zones in shorewall to deal with the vpn connections defined in ipsec.conf. Stefan Heiko Zuerker wrote: > Hey, > > I thought I saw a comment in the script that it is using iproute2, but I > could be mistaken. > Couldn't you copy the strongswan script into /etc/xxxx and just point to > it by using the leftupdown parameter? Since the file would then reside in > a writable location you should be able to do the necessary modifications. > > Heiko > > On Tue, September 11, 2007 02:54, PeterJannesen, Visiq wrote: >> Heiko, >> >> >> The _updown script (located in /usr/lib/ipsec) of openswan includes >> /etc/sysconfig/pluto_updown. When you set the variable IPROUTETABLE to >> for example "ipsec" All ipsec routes are places in de ipsec route table and >> the te correct rules are also generated. >> >> The _updown script of strongswan don't include >> /etc/sysconfig/pluto_updown. So you must edit /usr/lib/ipsec/_updown >> directly bot this is implosible because it is stored on CD. >> >> This is a problem when you need iproute2. >> >> >> -- Peter >> >> >> -----Original Message----- >> From: dev...@li... >> [mailto:dev...@li...] On Behalf Of >> Heiko Zuerker >> Sent: zondag 9 september 2007 16:06 >> To: dev...@li... >> Subject: Re: [Devil-Linux-discuss] new testing release >> >> >> Peter, >> >> >> I took a quick look at the Strongswan 4.1 documentation and there's a >> parameter you have to set. Here's the extract from the doc: >> ------------- >> 11.1 Environment variables in the updown script >> >> >> strongSwan makes the following environment variables available in the >> updown script indicated by the leftupdown parameter: ------------- >> >> >> I'm not sure about the routes, it's quite a while since I used xxxxxSWAN >> >> >> Heiko >> >> >> >> On Tue, September 4, 2007 01:13, PeterJannesen, Visiq wrote: >> >>> Hi Heiko, >>> >>> >>> >>> I did a small test on the new testing release (from 1.2.14-2007-05-24 >>> to 2007-08-23) >>> >>> >>> >>> I read earlier that openswan is replaced by strongswan and it seems >>> that IPSec is not working anymore. It seams that the tunnels are comming >>> up but the routes are not >> created. >>> >>> Furher it seems that /usr/lib/ipsec/_updown is not supporting >>> /etc/sysconfig/pluto_updown anymore. >>> I use pluto_updown to put the route in a different table with rules. I >>> >>> my first impression is that strongswan is not supporting pluto_updown. >>> This is a problem because you can't change the standard >>> /usr/lib/ipsec/_updown script with out creating a custom build. >>> >>> >>> -- Peter >>> >>> >>> >>> -----Original Message----- >>> From: dev...@li... >>> [mailto:dev...@li...] On Behalf >>> Of Heiko Zuerker >>> Sent: donderdag 23 augustus 2007 16:49 >>> To: dev...@li... >>> Subject: [Devil-Linux-discuss] new testing release >>> >>> >>> >>> Hey everyone, >>> >>> >>> >>> I just uploaded a new testing release for 1.2.14 >>> ftp://ftp.devil-linux.org/pub/devel/testing >>> >>> >>> >>> Would be great if some of you could test the latest updates. >>> >>> >>> >>> Thx >>> >>> >>> >>> -- >>> >>> >>> >>> Regards >>> Heiko Zuerker >>> http://www.devil-linux.org >>> >>> >>> >>> >>> >>> ---------------------------------------------------------------------- >>> -- >>> - >>> This SF.net email is sponsored by: Splunk Inc. >>> Still grepping through log files to find problems? Stop. >>> Now Search log events and configuration files using AJAX and a >>> >> browser. >>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>> _______________________________________________ >>> Devil-linux-discuss mailing list >>> Dev...@li... >>> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >>> >>> >>> >>> ---------------------------------------------------------------------- >>> --- This SF.net email is sponsored by: Splunk Inc. >>> Still grepping through log files to find problems? Stop. >>> Now Search log events and configuration files using AJAX and a >>> >> browser. >>> Download your FREE copy of Splunk now >> http://get.splunk.com/ >>> _______________________________________________ >>> Devil-linux-discuss mailing list >>> Dev...@li... >>> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >>> >>> >>> >> >> -- >> >> >> Regards >> Heiko Zuerker >> http://www.devil-linux.org >> >> >> >> >> ------------------------------------------------------------------------ >> - >> This SF.net email is sponsored by: Microsoft Defy all challenges. >> Microsoft(R) Visual Studio 2005. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2005. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> _______________________________________________ >> Devil-linux-discuss mailing list >> Dev...@li... >> https://lists.sourceforge.net/lists/listinfo/devil-linux-discuss >> |
