[Openswan Users] there is a way to insert iptables rules, dynamically on ipsec tunnel creation???
Utkarsh Shah
utkarsh at elitecore.com
Sat Jun 30 01:31:11 EDT 2007
Hi,
You can run commends whenever connection goes up and down by specifying
it in _updown script which is usually located at /usr/lib/ipsec
and specify same updown script in your config if its not default.
Regards,
Utkarsh Shah
users-request at openswan.org wrote:
> Send Users mailing list submissions to
> users at openswan.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.openswan.org/mailman/listinfo/users
> or, via email, send a message with subject or body 'help' to
> users-request at openswan.org
>
> You can reach the person managing the list at
> users-owner at openswan.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Users digest..."
>
>
> Today's Topics:
>
> 1. Re: Heartbeat and l2tp (James)
> 2. openswan to cisco pix ipsec problem (isakmp error) (Teodor Iacob)
> 3. Cisco IPSec incompatibility (mehrunes dagon)
> 4. Re: Problems when using subnet 0.0.0.0/0 (????? ??????)
> 5. there is a way to insert iptables rules dynamically on ipsec
> tunnel creation??? (Matias Lopez Bergero)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 29 Jun 2007 10:45:50 -0700
> From: James <james at nttmcl.com>
> Subject: Re: [Openswan Users] Heartbeat and l2tp
> To: Jacco de Leeuw <jacco2 at dds.nl>
> Cc: users at openswan.org
> Message-ID: <4685454E.9010303 at nttmcl.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Jacco de Leeuw wrote:
>
>> James wrote:
>>
>>
>>
>>> Hi guys i have an issue with heartbeat and l2tp
>>> i have heartbeat setup to take control of xxx.xxx.1.3
>>> the real internal ip of the itnerface is xxx.xxx.1.4
>>> i set ipsec.conf left = xxx.xxx.1.3
>>> i set l2tpd.conf local ip = xxx.xxx.1.3
>>>
>>>
>> I don't know about your Heartbeat setup, but this is clearly wrong.
>> 'left' and 'local ip' cannot be the same. 'left' is your external
>> interface and 'local ip' is an address on your internal network.
>>
>>
>>
>>> i notice that when i try connecting with a winxp client using those
>>> settings it never gets to the l2tp authentiation stage
>>> a tcpdump shows some of these:
>>>
>>>
>> I can't imagine that it works without the HA stuff as it is now.
>> Have you tried that first?
>>
>> Jacco
>>
>>
> yeah it worked fine without the ha stuff.
> i changed the local ip for l2tp by the way. even though it worked before
> i changed it.
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 29 Jun 2007 22:31:45 +0300
> From: Teodor Iacob <theo at kappa.ro>
> Subject: [Openswan Users] openswan to cisco pix ipsec problem (isakmp
> error)
> To: users at openswan.org
> Message-ID: <46855E21.1060108 at kappa.ro>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> I'm trying to setup a linux box to connect to a Cisco Pix device for
> which you can find the config attached. Also attached you can find
> the ipsec.conf and logs from both linux box and the cisco device.
> I've been given by this provider the following comments to setup
> this connection:
>
> Encryption Phase 1(IKE):
> Key management = IKE
> Diffie-Hellman Group = 2
> Encrypt Algorithm = 3DES
> Hash Algorithm = SHA1
> Authentication Method = Preshared
> Life Time = 14400sec
>
> Encryption Phase 2(IPSec):
> Encapsulation = ESP
> Encrypt Algorithm = 3DES
> Hash Algorithm = SHA1
> Perfect Forward Secrecy = NO
> Life Time = 28800 sec
>
> The connection is done over the internet with public ip addresses.
> The linux box is running Fedora Core 6 with OpenSwan 2.4.5-2.1 (rpm package)
> Any help is highly appreciated...
>
> Thank you,
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070630/1f06c173/attachment.html
More information about the Users
mailing list