[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Fri May 13 17:57:02 2005 -->
- <!--x-from-r13: obo ng irelfrpheryvahk.pbz (Pbo Fbkra) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] VPN (s are) hell -->
- <li><em>date</em>: Fri May 13 17:57:02 2005</li>
- <li><em>from</em>: bob at verysecurelinux.com (Bob Toxen)</li>
- <li><em>in-reply-to</em>: <<a href="msg00271.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00047.html">[email protected]</a>> <<a href="msg00271.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] VPN (s are) hell</li>
Thanks,
Bob
> Best regards,
> Bob Toxen, CTO
> Fly-By-Day Consulting, Inc.
> d/b/a Horizon Network Security
> "Your expert in Firewalls, Virus and Spam Filters, VPNs,
> Network Monitoring, and Network Security consulting"
> <a rel="nofollow" href="http://www.verysecurelinux.com";>http://www.verysecurelinux.com</a> [Network & Linux/Unix Security Consulting]
> <a rel="nofollow" href="http://www.realworldlinuxsecurity.com";>http://www.realworldlinuxsecurity.com</a> [My 5* book: "Real World Linux Security"]
> <a rel="nofollow" href="http://www.verysecurelinux.com/sunset.html";>http://www.verysecurelinux.com/sunset.html</a> [Sunset Computer]
> bob at verysecurelinux.com (e-mail)
> +1 770-662-8321 (Office: 10am-6pm M-F US Eastern Time)
> +1 404-216-5100 (Cell away from office)
> My recent training and talks on Linux security include:
> at IBM's Linux Competency Center in New York City on Mar. 06 2003
> at the Atlanta SecureWorld Expo in Atlanta on May 22 2003
> at the Enterprise Linux Forum in Silicon Valley on June 04 2003
> at Computer Associates' Atlanta Linux Security Summit on Sep. 16 2003
> in New Jersey on Oct. 27-30 2003
> at Southeast Cybercrime Summit in Atlanta on Mar. 4 2004
> at the FBI's Atlanta headquarters on Mar. 10 2004
> in Denver, CO on Apr. 15-16 2004
> in New Jersey on May. 25-26 2004
> at the Atlanta SecureWorld Expo in Atlanta on May 27 2004
> in Denver, CO on Jul. 12-13 2004
> at Linux World SF signing at Prentice Hall's booth on Aug. 03 2004
> in Denver, CO on Sep. 27-28 2004
> in Boston, MA on Oct. 11-14 2004
> at Atlanta Unix Users Group on Nov. 01 2004
> in New Jersey on Nov. 15-16 2004
> in Denver, CO on 2/28-3/04 This Year
> Author,
> "Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
> 2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
> Also available in Japanese, Chinese, Czech, and Polish.
> If you spend more on coffee than on IT security, you will be hacked.
> What's more, you deserve to be hacked.
> -- White House cybersecurity adviser Richard Clarke
> Public key available at <a rel="nofollow" href="http://www.verysecurelinux.com/pubkey.txt";>http://www.verysecurelinux.com/pubkey.txt</a>, keyservers,
> and on the CD-ROM that comes sealed and attached to Real World Linux Security
> pub 1024D/E3A1C540 2000-06-21 Bob Toxen <book at realworldlinuxsecurity.com>
> Key fingerprint = 30BA AA0A 31DD B68B 47C9 601E 96D3 533D E3A1 C540
> sub 2048g/03FFCCB9 2000-06-21
> On Tue, May 03, 2005 at 11:45:21PM -0400, James P. Kinney III wrote:
> > I have a new VPN I'm setting up and it just isn't working right. I'm
> > sure its a firewall issue but I'm stumped.
> >
> > It's a net-to-net setup using OpenSwan on the gateways. From one end on
> > the LAN, I can ping another machine on the other LAN by IP address.
> > However, I _can't_ ping back the other way which is why I think it's a
> > firewall issue. I can see the traffic moving with tcpdump running on
> > multiple interfaces. I can see the ESP packets leaving and returning to
> > the external interfaces and I can the the decrypted packets entering the
> > LAN interfaces. I did some ping size tests and can get a max MTU of
> > 15236 which is bigger than normal.
> >
> > I can't get jack else through the tunnel. No ssh, no http, no netbios,
> > no telnet, nada, bipcus.
> >
> > I set up a rule in iptables on both ends to not NAT the traffic for the
> > other end (I don't expect I should be seeing any pings work otherwise).
> >
> > I have both ends of the firewall so open I'm worried right now.
> >
> > So I have developed a one way ping tunnel. Argghhhhh.
> > --
> > James P. Kinney III \Changing the mobile computing world/
> > CEO & Director of Engineering \ one Linux user /
> > Local Net Solutions,LLC \ at a time. /
> > 770-493-8244 \.___________________________./
> > <a rel="nofollow" href="http://www.localnetsolutions.com";>http://www.localnetsolutions.com</a>
> >
> > GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> > <jkinney at localnetsolutions.com>
> > Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00047" href="msg00047.html">[ale] VPN (s are) hell</a></strong>
<ul><li><em>From:</em> jkinney at localnetsolutions.com (James P. Kinney III)</li></ul></li>
<li><strong><a name="00271" href="msg00271.html">[ale] VPN (s are) hell</a></strong>
<ul><li><em>From:</em> transam at verysecurelinux.com (Bob Toxen)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00274.html">[ale] Window Chopping</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00276.html">[ale] Fwd: Federal Court Scraps Broadcast Flag!</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00271.html">[ale] VPN (s are) hell</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00049.html">[ale] Launchd from Apple</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00275"><strong>Date</strong></a></li>
<li><a href="threads.html#00275"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>