From: Rosewood (rosewood_at_gmx.de)
Date: Tue Aug 20 2002 - 12:56:40 CEST
Quick follow up
I got PFS to work with a few more tweaking, so yey!
I thought of one other thing. What ports do I need to leave open once I
turn ip_tables on? Just 500 ??
Thanks again!
> -----Original Message-----
> From: Rosewood [mailto:rosewood_at_gmx.de]
> Sent: Tuesday, August 20, 2002 5:39 AM
> To: 'users_at_lists.freeswan.org'
> Subject: Got it to work, now lets tweak
>
>
> First, a big thanks to everyone that has helped me out! Sam,
> Steven, Ken, Simon, Sam, Sam, more Sam, and EVERYONE else on
> the list. I got off to a bumpy start (damn my American ways
> and wanting instant results) but you guys have just been
> awesome. Come by Wichita, KS and Ill buy you a beer (or
> whatever you drink).
>
> Second let me say hot damn, its about time! Tonight around
> 5am CST I finally got my windows box to connect and establish
> a VPN and everything seems to be going great ... Except a few things.
>
> 1: How do I end a connection from the command line for a
> fs2fs connection?
>
> 2: The only way I was able to get SSH Sent to work was by
> turning PFS off. After playing with quite a few settings, I
> found what was holding me up. My IKE Group is set to MODP
> 1024 (group 2). My PFS group is set to none but I have the
> option of using 1,2, or 5. Is PFS important? I seem to
> remember reading somewhere that it was.
>
> 3: Why is routing getting so screwed up? This part is
> really strange, I think. Once I establish a VPN with my
> linux box (fs2fs), I can no longer ping the security gateway,
> nor can the security gateway ping the box. The same thing
> goes for the SSH Sent <-> Freeswan. Once the VPN is
> established, I can ping the local addresses but no longer the
> public. Then, once the VPN is down, I can no longer ping or
> access, but in both cases I can re-establish the VPN. Once I
> do that and then restart IPSec on the gateway, I can ping the
> gateway and access it normally. I honestly didn't remember
> this happening before I was able to connect with SSH Sent.
> Is it related to PFS being Off??
>
> 4: Is there a way to give my self an IP address (specified
> manually) such as 192.168.0.10 ??
>
> 5: Are there pre-built freeswan rpms that have all the dandy
> patches built into them? I installed with the steambaloon
> RPMs because at the time I had never had to recompile a
> kernel. Quite frankly Im still a little uneasy about it
> because I sure would hate to miss a module, and the default
> RH kernel build compiles damn near everything into modules
> that can be loaded if needed. I ask because it seems I need
> the x509 patch, some SSL patch, that NAT-T patch, and the
> send $5 a day to Sam patch :p. Also, if anyone has any
> experience with RH 7.3 and freeswan specifically and could
> lend me a hand, that would be uber cool.
>
> 6: Donations / $$$ / Support. I was (kinda still am) a
> total n00b when it came to this, and everyone here has helped
> me and Freeswan is basically going to make me a lot of money.
> Granted 99.9% of that is going towards college, but I feel a
> rare vein of generoisty building. Is there a general
> donation paypal account? Would I be better off just
> contributing what I can to the forum and beta testing?
> Website update / re-design (it really is kinda in a sad
> state, www.freeswan.org)? Anything really, I would love to help.
>
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Wed Aug 21 2002 - 14:20:01 CEST