[ale] VPN (s are) hell
Bob Toxen
transam at verysecurelinux.com
Fri May 13 13:26:50 EDT 2005
I'm available on a consulting basis and have extensive VPN and FW experience.
Best regards,
Bob Toxen, CTO
Fly-By-Day Consulting, Inc.
d/b/a Horizon Network Security
"Your expert in Firewalls, Virus and Spam Filters, VPNs,
Network Monitoring, and Network Security consulting"
http://www.verysecurelinux.com [Network & Linux/Unix Security Consulting]
http://www.realworldlinuxsecurity.com [My 5* book: "Real World Linux Security"]
http://www.verysecurelinux.com/sunset.html [Sunset Computer]
bob at verysecurelinux.com (e-mail)
+1 770-662-8321 (Office: 10am-6pm M-F US Eastern Time)
+1 404-216-5100 (Cell away from office)
My recent training and talks on Linux security include:
at IBM's Linux Competency Center in New York City on Mar. 06 2003
at the Atlanta SecureWorld Expo in Atlanta on May 22 2003
at the Enterprise Linux Forum in Silicon Valley on June 04 2003
at Computer Associates' Atlanta Linux Security Summit on Sep. 16 2003
in New Jersey on Oct. 27-30 2003
at Southeast Cybercrime Summit in Atlanta on Mar. 4 2004
at the FBI's Atlanta headquarters on Mar. 10 2004
in Denver, CO on Apr. 15-16 2004
in New Jersey on May. 25-26 2004
at the Atlanta SecureWorld Expo in Atlanta on May 27 2004
in Denver, CO on Jul. 12-13 2004
at Linux World SF signing at Prentice Hall's booth on Aug. 03 2004
in Denver, CO on Sep. 27-28 2004
in Boston, MA on Oct. 11-14 2004
at Atlanta Unix Users Group on Nov. 01 2004
in New Jersey on Nov. 15-16 2004
in Denver, CO on 2/28-3/04 This Year
Author,
"Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
Also available in Japanese, Chinese, Czech, and Polish.
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke
Public key available at http://www.verysecurelinux.com/pubkey.txt, keyservers,
and on the CD-ROM that comes sealed and attached to Real World Linux Security
pub 1024D/E3A1C540 2000-06-21 Bob Toxen <book at realworldlinuxsecurity.com>
Key fingerprint = 30BA AA0A 31DD B68B 47C9 601E 96D3 533D E3A1 C540
sub 2048g/03FFCCB9 2000-06-21
On Tue, May 03, 2005 at 11:45:21PM -0400, James P. Kinney III wrote:
> I have a new VPN I'm setting up and it just isn't working right. I'm
> sure its a firewall issue but I'm stumped.
>
> It's a net-to-net setup using OpenSwan on the gateways. From one end on
> the LAN, I can ping another machine on the other LAN by IP address.
> However, I _can't_ ping back the other way which is why I think it's a
> firewall issue. I can see the traffic moving with tcpdump running on
> multiple interfaces. I can see the ESP packets leaving and returning to
> the external interfaces and I can the the decrypted packets entering the
> LAN interfaces. I did some ping size tests and can get a max MTU of
> 15236 which is bigger than normal.
>
> I can't get jack else through the tunnel. No ssh, no http, no netbios,
> no telnet, nada, bipcus.
>
> I set up a rule in iptables on both ends to not NAT the traffic for the
> other end (I don't expect I should be seeing any pings work otherwise).
>
> I have both ends of the firewall so open I'm worried right now.
>
> So I have developed a one way ping tunnel. Argghhhhh.
> --
> James P. Kinney III \Changing the mobile computing world/
> CEO & Director of Engineering \ one Linux user /
> Local Net Solutions,LLC \ at a time. /
> 770-493-8244 \.___________________________./
> http://www.localnetsolutions.com
>
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list