Hosting Provided By

Re: linux-ipsec: Notes from _trying_ to install & configure Linux FreeS/WAN...

From: Richard Guy Briggs <rgb(at)conscoop.ottawa.on.ca>
Date: Thu Nov 26 1998 - 17:19:19 EST

-----BEGIN PGP SIGNED MESSAGE-----
> On Wed, 25 Nov 1998, Richard Guy Briggs wrote:

Well, we could simply say you need to compile your kernel. Aside from that, check for patch.

> > Right, make the kernel first and make sure it works, steps 1, 3, 4, 5 say

Good.

> > I'm thinking the nexthop parameter should disappear and the automatic I/F

There is usually a route that will route for a particular address, no matter how general. I hesitated before including the word 'default' in the previous statement since 'default' has special meaning. If I want to route to 192.168.5.0/24, a route to 192.168.0.0/16 will catch it and the latter's gateway will work for a more specific route to 192.168.5.0/24.

> > Alright...mcr and I have been talking about updating tcpdump-ascii, I will

The ascii extensions were added to easily see if things are recognisable where it is not so obvious from a hex dump.

Do you need help?

> > Hmmm, this nexthop stuff has to be automated...

The only case I can think of is if a particular subnet is not visible at all before running any route command. For example, I have 3 ethernets on my firewall (some have more). I make sure I can see everything I need to prior to adding a cryptotunnel. If I have to route to a reserved address, then I set up an IPIP tunnel to get them there. Here is my routing table:

# route -n
Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0       42 eth0
192.168.4.0     192.168.2.110   255.255.255.0   UG    1      0        0 eth0
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        3 eth1
207.236.55.0    0.0.0.0         255.255.255.0   U     0      0       62 eth2
192.168.1.0     192.168.2.103   255.255.255.0   UG    0      0      248 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0       10 lo
0.0.0.0         207.236.55.1    0.0.0.0         UG    1      0     2727 eth2

If I want to route to 192.168.1.0/24 or 192.168.4.0, I have to replace an existing route, using its gateway. If I want to route to 192.168.3.0/24, I replace the existing route, using the bsd notation of gateway, which is the address of the physical address to which it is attached. If I want to route to 209.xxx.xxx.xxx/24, I don't replace a route, but rather use the default route and its gateway.

> > It looks like KLIPS was static linked and one of the startup scripts tried

Test for any file called /proc/net/ipsec_*.

> Henry Spencer

slainte mhath, RGB
- --

Richard Guy Briggs -- PGP key available                Auto-Free Ottawa! Canada
rgb at conscoop dot ottawa dot on dot ca                <
http://flora.org/afo/>

<http://www.conscoop.ottawa.on.ca/rgb/> FreeS/WAN:<http://flora.org/freeswan> Please send all spam to root(at)127.0.0.1 Marillion:<http://www.marillion.co.uk>

Do you need more help?

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNl3T5N+sBuIhFagtAQFHDgP/altShWDdlJSxluKr58uehTqiozMdFUfE 6zFt8H+cthJbj1twwmNaM3t4HUlG+OGhyMd5JPA2PZLETBsPOXboP8LfdYoW+6FG gtIPrr5ewxJ20rn2UOXSzHfBg90mYYrhtTnfv5Hw+bu7YWx3khQQ3FU16Fw2TSUc fVelhVEoeKs=
=nUDg
-----END PGP SIGNATURE----- Received on Thu Nov 26 17:56:20 1998

This message: [ Message body ]
Next message: Henry Spencer: "Re: linux-ipsec: Building freeSwan on DEC Alpha pt 3 :-)"
In reply to Henry Spencer: "Re: linux-ipsec: Notes from _trying_ to install & configure Linux FreeS/WAN..."
Next in thread: Henry Spencer: "Re: linux-ipsec: Notes from _trying_ to install & configure Linux FreeS/WAN..."
Reply: Henry Spencer: "Re: linux-ipsec: Notes from _trying_ to install & configure Linux FreeS/WAN..."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:08 EDT