From: Pascal C. Kocher (pascal.kocher_at_netbeat.biz)
Date: Fri Aug 09 2002 - 16:24:18 CEST
Have you implemented the Delete notification patch[1]? Without this
patch, the SA stays until the lifetime is over. With the patch, Sas are
deleted as soon as you close the VPN connection or disable VPN.
Best regards,
Pascal.
[1] http://open-source.arkoon.net
> -----Ursprüngliche Nachricht-----
> Von: Malcolm Turnbull [mailto:malcolm.turnbull_at_waterers.co.uk]
> Gesendet: Freitag, 9. August 2002 15:35
> An: users
> Betreff: Re: AW: AW: [Users] Whats the simplest way to set up
> road warriorvpn
>
>
> Thats the weird thing... thats what I am doing !
>
> And even if I uninstall sentinel, reboot the machine...
> I can't access the firewall for about 4 hours !?
> Then it suddenly starts working again...
>
> Its as if freeswan is trying to tunnel all my traffic ?
>
>
>
>
> Pascal C. Kocher wrote:
> | Try using the external IP of you firewall to ssh into. This way you
> | won't loose access, unless you tunnel all the traffic
> through the ipsec
> | tunnel.
> |
> | Best regards,
> | Pascal.
> |
> |
> |>-----Ursprüngliche Nachricht-----
> |>Von: Malcolm Turnbull [mailto:malcolm.turnbull_at_waterers.co.uk]
> |>Gesendet: Freitag, 9. August 2002 15:01
> |>An: Pascal C. Kocher
> |>Betreff: Re: AW: [Users] Whats the simplest way to set up
> |>road warrior vpn
> |>
> |>
> |>Yes its the default gateway..
> |>Unfortunately as soon as I activate the VPN I loose my SSH
> |>access to the
> |>~ firewall...
> |>
> |>I'll try setting up a dial up machine in the office to diagnose..
> |>
> |>
> |>Pascal C. Kocher wrote:
> |>| Hi Malcolm
> |>|
> |>| Is the VPN gateway the default gateway for your network? If
> |>not you must
> |>| make sure that the packets from the internal hosts pass
> |>through your VPN
> |>| gateway again.
> |>|
> |>| Try pinging an internal host from your roadwarrior and make
> |>a "tcpdump
> |>| -i ipsec0 -n" on the VPN Gateway to see the packets.
> |>|
> |>| Best regards,
> |>| Pascal.
> |>|
> |>|
> |>|>-----Ursprüngliche Nachricht-----
> |>|>Von: Malcolm Turnbull [mailto:malcolm.turnbull_at_waterers.co.uk]
> |>|>Gesendet: Freitag, 9. August 2002 14:01
> |>|>An: users
> |>|>Betreff: [Users] Whats the simplest way to set up road warrior vpn
> |>|>
> |>|>
> |>|>
> |>|>
> |>|>I've tried sentinel to freeswan using PSK (connects phase 1
> |>& 2 but no
> |>|>access)
> |>|>I've tried Win2K IPSEC to freeswan using PSK (it said it was
> |>|>negotiating
> |>|>connection but didn't do anything...)
> |>|>
> |>|>
> |>|>I'm quite happy to pay for a) software or b) help
> |>|>
> |>|>Has anyone got clear instructions how to do this ?
> |>|>What would you seugest is the easiest cpombination of
> |>|>software to use ?
> |>|>
> |>|>
> |>|>I have read all the DOCs (twice) honest...
> |>|>
> |>|>
> |>|>My server is MDK 8.2 netfilter & freeswan 1.95
> |>|>
> |>|>Once I've done it I will post a FAQ on my web site to help others.
> |>|>
> |>|>
> |>|>
> |>|>
> |>|>
> |>|>--
> |>|>
> |>|>Regards,
> |>|>
> |>|>Malcolm Turnbull
> |>|>
> |>|>IT Manager
> |>|>Crocus.co.uk Ltd
> |>|>
> |>|>01344 629661
> |>|>07715 770523
> |>|>
> |>|
> |>| http://www.crocus.co.uk/
> |>|
> |>|
> |>|
> |>| _______________________________________________
> |>| Users mailing list
> |>| Users_at_lists.freeswan.org
> |>| http://lists.freeswan.org/mailman/listinfo/users
> |>|
> |>
> |>
> |>--
> |>
> |>Regards,
> |>
> |>Malcolm Turnbull
> |>
> |>IT Manager
> |>Crocus.co.uk Ltd
> |>
> |>01344 629661
> |>07715 770523
> |>
> |
> | http://www.crocus.co.uk/
> |
> |
> |
>
>
> --
>
> Regards,
>
> Malcolm Turnbull
>
> IT Manager
> Crocus.co.uk Ltd
>
> 01344 629661
> 07715 770523
>
http://www.crocus.co.uk/
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Fri Aug 09 2002 - 21:19:31 CEST