IPsec & Multiple WAN links

2002-10-01 Thread Cambria, Mike
Hi, I've been running FreeBSD on 2 boxes, each with their own WAN links for over 18 months or so. Each box has its own WAN link (one uses T1 leased line to a remote site, the other uses DSL to an ISP.) The ISP link runs IPsec and racoon The other end of the IPsec tunnel is a VPN appliance.

RE: xl checksum and dsniff

2002-07-12 Thread Cambria, Mike
> -Original Message- > From: Andrew R. Reiter [mailto:[EMAIL PROTECTED]] > :Next I'll try to track down if this is this a libnet problem, libnids > :problem or dsniff problem, so I know which project I need to inform. > > IIRC, the problem is BPF b/c it doesn't know the checksum since the

RE: xl checksum and dsniff

2002-07-12 Thread Cambria, Mike
> #define XL905B_CSUM_FEATURES0 This worked. dsniff is behaving just fine now. Next I'll try to track down if this is this a libnet problem, libnids problem or dsniff problem, so I know which project I need to inform. Thanks, MikeC To Unsubscribe: send mail to [EMAIL PROTECTED] wit

RE: xl checksum and dsniff

2002-07-12 Thread Cambria, Mike
> -Original Message- > From: Jonathan Lemon [mailto:[EMAIL PROTECTED]] >> > > >My guess is that doing hw checksum by the nic could be the > issue. This is > >the only real difference I can see at present. > > > >Any ideas? > > Test your theory. Turn off hardware checksums with 'ifcon

RE: Unnumbered IP Interface

2002-03-26 Thread Cambria, Mike
d wanted to get some hints. For example, Archie's answer for unnumbered interfaces isn't in the route manpage. I'm glad I asked. MikeC -Original Message- From: Julian Elischer [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 9:49 PM To: Cambria, M

RE: Unnumbered IP Interface

2002-03-25 Thread Cambria, Mike
bs [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 1:19 AM To: Julian Elischer Cc: Cambria, Mike; '[EMAIL PROTECTED]' Subject:Re: Unnumbered IP Interface Julian Elischer writes: > A while ago it was possible to use 'route' to add a rout eto a p2p > interf

RE: Unnumbered IP Interface

2002-03-21 Thread Cambria, Mike
with it. Thanks again, MikeC -Original Message- From: Julian Elischer [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 4:05 PM To: Cambria, Mike Cc: '[EMAIL PROTECTED]' Subject:Re: Unnumbered IP Interface Unnumbered interfaces are not supported offi

Unnumbered IP Interface

2002-03-21 Thread Cambria, Mike
Hi, Can an unnumbered IP interface be configured on FreeBSD (4.5-Stable)? Will Zebra and/or GateD (or RouteD) handle it properly? Thanks, MikeC To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message

Workaround (RE: TCP connection via IPsec machine also running natd)

2002-01-07 Thread Cambria, Mike
dresses on the other side of natd. It works just fine. This will suffice until I can figure out how to connect to a socket via a tunnel endpoint which is also doing natd. MikeC -Original Message----- From: Cambria, Mike Sent: Friday, January 04, 2002 4:09 PM To: '[EMAIL PROTECTE

TCP connection via IPsec machine also running natd

2002-01-04 Thread Cambria, Mike
I'm having problems connecting (e.g. telnet, ssh, ftp etc.) to a machine which is at the other end of an IPsec tunnel. Passing data with machines, via this tunnel, on subnets for which the tunnel endpoint is acting as a router work just fine. I'm using FreeBSD 4.4-Stable (cvsup'ed shortly after

SBEI wanADAPT drivers in BSD

2001-10-30 Thread Cambria, Mike
Hi, According to this link at the SBE website ( http://www.sbei.net/linux_bsd.htm# ), OpenBSD v2.9 and NetBSD v1.6 now include SBEI drivers. I'm curious why FreeBSD isn't included. Is it simply an oversight or is there a reason (e.g. driver doesn't work

RE: Port-based routing?

2001-10-29 Thread Cambria, Mike
I think ipfw can do this. At least the man page reads like it does. There is a "fwd" action which will change the next hop to something you specify. I've been meaning to try it myself but just never had a reason. MikeC Michael C. Cambria Avaya Inc. Consulting Engineer For

RE: (KAME-snap 5064) Can I define a SPD per interface?

2001-07-03 Thread Cambria, Mike
>I can only find a way to define a global SPD using setkey. Is it possible >to define an (IPv4) SPD on a per interface basis using KAME / FreeBSD4? >If not, are there any plans to add this in the future? >Is there any reason one wouldn't want to have this? no. do you want SPD per inte

Can I define a SPD per interface?

2001-07-02 Thread Cambria, Mike
I can only find a way to define a global SPD using setkey. Is it possible to define an (IPv4) SPD on a per interface basis using KAME / FreeBSD4? If not, are there any plans to add this in the future? Is there any reason one wouldn't want to have this? Thanks, MikeC To Unsubscribe: send ma

RE: natd not translating ESP packets

2001-01-02 Thread Cambria, Mike
Updating my ipfw/natd system to 4.2-Release worked. MikeC -Original Message- From: Blaz Zupan [mailto:[EMAIL PROTECTED]] Sent: Friday, December 29, 2000 11:18 AM To: Michael C. Cambria Cc: [EMAIL