OpenForum RSS: pf gif ipsec. ��

pf gif ipsec. �� (Billy)

Tue, 26 Feb 2008 14:55:32 GMT

� �� , �� tcpdum gif0� �� 0 ��, �� , �.�. �� , ��

pf gif ipsec. �� (angra)

Tue, 19 Feb 2008 13:14:56 GMT

>�� Shaman (??) on 13-��-07, 19:40
>��! ��!!!! :-)))
>�� .... :-)))
>�� Shaman (??) on 19-��-08, 11:50
>��, �� ....

�� . �� :)

pf gif ipsec. �� (Shaman)

Tue, 19 Feb 2008 08:50:48 GMT

>>>�� -��... :-(
>>>�� , �.�. ��
>>>��
>>
>>��, �� ? (�� ?)
>>�� IPSEC-�...
>
>��! ��!!!! :-)))
>

��, �� ....

�� ipsec-�� tun-��...
�� , �� tun-�� MTU 1500....

�� "��":

09:22:24.913368 rule 0/0(match): pass in on lnc0: 10.107.1.252 > 10.107.12.19: ESP(spi=0x003dba06,seq=0xb), length 140
09:22:24.913544 rule 3/0(match): pass out on gif0: 10.107.254.1 > 10.107.254.2: ICMP echo reply, id 48386, seq 0, length 64
09:22:24.913601 rule 1/0(match): pass out on lnc0: 10.107.12.19 > 10.107.1.252: ESP(spi=0x021d81a9,seq=0xb), length 140
09:22:25.903873 rule 0/0(match): pass in on lnc0: 10.107.1.252 > 10.107.12.19: ESP(spi=0x003dba06,seq=0xc), length 140
09:22:25.904003 rule 3/0(match): pass out on gif0: 10.107.254.1 > 10.107.25

pf gif ipsec. �� (Shaman)

Thu, 13 Sep 2007 15:40:20 GMT

>>�� -��... :-(
>>�� , �.�. ��
>>��
>
>��, �� ? (�� ?)
>�� IPSEC-�...

��! ��!!!! :-)))

pf �� , �� ipsec ��
�� gif ��:

--------------------------------------------------------------------------------
��-1

cat /etc/ipsec.conf
flush;
spdflush;

spdadd 10.107.7.138/32 10.107.7.137/32 any -P out ipsec esp/transport//require;
spdadd 10.107.7.137/32 10.107.7.138/32 any -P in ipsec esp/transport//require;

ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 10.107.6.26 --> 10.107.12.19
inet 10.107.7.138 --> 10.107.7.137 netmask 0xfffffffc

cat /etc/pf.conf|grep gif0
rdr on gif0 proto tcp from any to any port 25 -> 10.107.6.26 port 25

---------------------------------------------------------------------

pf gif ipsec. �� (Shaman)

Wed, 12 Sep 2007 14:38:01 GMT

>�� -��... :-(
>�� , �.�. ��
>��

��, �� ? (�� ?)
�� IPSEC-�...

pf gif ipsec. �� (Shaman)

Wed, 12 Sep 2007 14:35:37 GMT

>[�� ]
>19:02:56.482053 IP ya.ru > 10.240.81.47: ICMP echo reply, id 512, seq 23560, length 40
>19:02:57.370297 IP 10.240.81.47 > ya.ru: ICMP echo request, id 512, seq 23816, length 40
>19:02:57.499830 IP ya.ru > 10.240.81.47: ICMP echo reply, id 512, seq 23816, length 40
>19:02:58.384618 IP 10.240.81.47 > ya.ru: ICMP echo request, id 512, seq 24072, length 40
>19:02:58.516015 IP ya.ru > 10.240.81.47: ICMP echo reply, id 512, seq 24072, length 40
>
>P.S. 10.240.81.47 �� astra �� zeus
>
>
>�� !!! :(

�� -��... :-(
�� , �.�. ��
��

pf gif ipsec. �� (Kvantos)

Mon, 26 Mar 2007 22:12:15 GMT

>>---cut
>>pass out log on gif0 from 10.240.81.142 to any
>>pass in log on gif0 from any to 10.240.81.142
>>---cut
>�� .
>�� quick, �� .

�� pf.conf �� zeus

set block-policy drop
set skip on {lo0 rl0 xl0 rl1 pfsync0}
# ��
pass out log on gif0 from any to any
# ��
pass in log on gif0 from any to any

��

zeus# tcpdump -i pflog0 host 10.240.81.47
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
01:03:42.072060 IP ya.ru > 10.240.81.47: ICMP echo reply, id 512, seq 41992, length 40
01:03:43.091039 IP ya.ru > 10.240.81.47: ICMP echo reply, id 512, seq 42248, length 40
01:03:44.116168 IP ya.ru > 10.240.81.47: ICMP echo reply, id 512, seq 42504, length 40
01:03:45.123596 IP ya.ru > 10.240.81.47: ICMP ech

pf gif ipsec. �� (idle)

Mon, 26 Mar 2007 07:47:52 GMT

>---cut
>pass out log on gif0 from 10.240.81.142 to any
>pass in log on gif0 from any to 10.240.81.142
>---cut
�� .
�� quick, �� .

OpenForum RSS: pf gif ipsec. ��� ���� �� ���� ��� � ������ �� �������

pf gif ipsec. ��� ���� �� ���� ��� � ������ �� ������� (Billy)

pf gif ipsec. ��� ���� �� ���� ��� � ������ �� ������� (angra)

pf gif ipsec. ��� ���� �� ���� ��� � ������ �� ������� (Shaman)

pf gif ipsec. ��� ���� �� ���� ��� � ������ �� ������� (Shaman)

pf gif ipsec. ��� ���� �� ���� ��� � ������ �� ������� (Shaman)

pf gif ipsec. ��� ���� �� ���� ��� � ������ �� ������� (Shaman)

pf gif ipsec. ��� ���� �� ���� ��� � ������ �� ������� (Kvantos)

pf gif ipsec. ��� ���� �� ���� ��� � ������ �� ������� (idle)

OpenForum RSS: pf gif ipsec. ��

pf gif ipsec. �� (Billy)

pf gif ipsec. �� (angra)

pf gif ipsec. �� (Shaman)

pf gif ipsec. �� (Shaman)

pf gif ipsec. �� (Shaman)

pf gif ipsec. �� (Shaman)

pf gif ipsec. �� (Kvantos)

pf gif ipsec. �� (idle)