From: John A. Sullivan III (john.sullivan_at_nexusmgmt.com)
Date: Wed Aug 21 2002 - 16:54:47 CEST
Sorry, I realized just as I hit the send button that I had made a type,
you will need 500/udp and not 55/udp! - John
Rosewood wrote:
>Quick follow up
>
>I got PFS to work with a few more tweaking, so yey!
>
>I thought of one other thing. What ports do I need to leave open once I
>turn ip_tables on? Just 500 ??
>
>Thanks again!
>
>
>
>>-----Original Message-----
>>From: Rosewood [mailto:rosewood_at_gmx.de]
>>Sent: Tuesday, August 20, 2002 5:39 AM
>>To: 'users_at_lists.freeswan.org'
>>Subject: Got it to work, now lets tweak
>>
>>
>>First, a big thanks to everyone that has helped me out! Sam,
>>Steven, Ken, Simon, Sam, Sam, more Sam, and EVERYONE else on
>>the list. I got off to a bumpy start (damn my American ways
>>and wanting instant results) but you guys have just been
>>awesome. Come by Wichita, KS and Ill buy you a beer (or
>>whatever you drink).
>>
>>Second let me say hot damn, its about time! Tonight around
>>5am CST I finally got my windows box to connect and establish
>>a VPN and everything seems to be going great ... Except a few things.
>>
>>1: How do I end a connection from the command line for a
>>fs2fs connection?
>>
>>2: The only way I was able to get SSH Sent to work was by
>>turning PFS off. After playing with quite a few settings, I
>>found what was holding me up. My IKE Group is set to MODP
>>1024 (group 2). My PFS group is set to none but I have the
>>option of using 1,2, or 5. Is PFS important? I seem to
>>remember reading somewhere that it was.
>>
>>3: Why is routing getting so screwed up? This part is
>>really strange, I think. Once I establish a VPN with my
>>linux box (fs2fs), I can no longer ping the security gateway,
>>nor can the security gateway ping the box. The same thing
>>goes for the SSH Sent <-> Freeswan. Once the VPN is
>>established, I can ping the local addresses but no longer the
>>public. Then, once the VPN is down, I can no longer ping or
>>access, but in both cases I can re-establish the VPN. Once I
>>do that and then restart IPSec on the gateway, I can ping the
>>gateway and access it normally. I honestly didn't remember
>>this happening before I was able to connect with SSH Sent.
>>Is it related to PFS being Off??
>>
>>4: Is there a way to give my self an IP address (specified
>>manually) such as 192.168.0.10 ??
>>
>>5: Are there pre-built freeswan rpms that have all the dandy
>>patches built into them? I installed with the steambaloon
>>RPMs because at the time I had never had to recompile a
>>kernel. Quite frankly Im still a little uneasy about it
>>because I sure would hate to miss a module, and the default
>>RH kernel build compiles damn near everything into modules
>>that can be loaded if needed. I ask because it seems I need
>>the x509 patch, some SSL patch, that NAT-T patch, and the
>>send $5 a day to Sam patch :p. Also, if anyone has any
>>experience with RH 7.3 and freeswan specifically and could
>>lend me a hand, that would be uber cool.
>>
>>6: Donations / $$$ / Support. I was (kinda still am) a
>>total n00b when it came to this, and everyone here has helped
>>me and Freeswan is basically going to make me a lot of money.
>> Granted 99.9% of that is going towards college, but I feel a
>>rare vein of generoisty building. Is there a general
>>donation paypal account? Would I be better off just
>>contributing what I can to the forum and beta testing?
>>Website update / re-design (it really is kinda in a sad
>>state, www.freeswan.org)? Anything really, I would love to help.
>>
>>
>>
>
>_______________________________________________
>Users mailing list
>Users_at_lists.freeswan.org
>http://lists.freeswan.org/mailman/listinfo/users
>
>
-- John A. Sullivan III Group Technology Director Nexus Management +1 207-985-7880 john.sullivan_at_nexusmgmt.com_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Wed Aug 21 2002 - 20:20:11 CEST