|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
RE: [PLUG] request for help in testing something...
|
Sorry, I don't know what you're talking about. I was trying to provide
a solution, for 2.2 series kernels, that followed the information in the
VPN mini howto, which is:
/usr/doc/HOWTO/mini/VPN
on my system. I have read that document, but do not posess 2 machines
suitable for testing the informaion in the document. I haven't seen
anything mentinoed about patching the kernel in that document.
I was under the assuption that the methodology that the VPN mini HOWTO
describes was a common way of creating a VPN with linux -- which I also
had heard was broken under the 2.1 and up series of kernels.
Thank you for your time.
k
------------------------------------------------------------------------------
"Think determanisticly, act randomly."
-- Unknown
mortis@voicenet.com http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
On Mon, 31 Jan 2000, Charles Stack wrote:
> Kyle, have you had any luck?
>
> I was reading through the VPN How-To again last night and I'm confused. One
> one hand, it says you have to apply the patches to pass GRE and ISAKMP
> packets. Then, if you follow the links, it tells you that the stock 2.2
> kernel can pass those packets. You only need to make the mods if your
> server is going to vpn masq the clients...not if the clients are running
> something like CheckPoint's SecureRemote.
>
> But, it gets better. Reading the links, they also tell you that they have
> had no sucess with Checkpoint's FWZ protocol.
>
> So...what is one to do? Is it all really necessarity to go through the
> hassles of patching the 2.2 kernel?
>
> cjs
>
> -----Original Message-----
> From: plug-admin@lists.nothinbut.net
> [mailto:plug-admin@lists.nothinbut.net]On Behalf Of Kyle Burton
> Sent: Friday, January 28, 2000 11:34 AM
> To: PLUG - Philadelphia Area Linux Users Group
> Subject: [PLUG] request for help in testing something...
>
>
> First, I've heard that the 2.2 series of kernels breaks the methodology
> used to create VPNs based on the VPN mini howto. The reason that 2.2
> breaks the methodology, afaik, is that it breaks the pty-redir utility.
> The reason this happens, afaik, is because pty-redir looks for the
> controlling pty by stepping through all of the ptys in the /dev directory
> looking for the first one that it finds that is both readable and writable
> by the uid of the process running pty-redir. Again, afaik, this breaks on
> 2.2 because of the unix98 ptys -- they're in /dev/pts, and named differently
> (eg: /dev/pts/1) instead of /dev/pty??. So, I looked at the sources for
> pty-redir and tried to get it to work for the 2.2 kernel.
>
> One major change I made was to use ttyname(3) instead of trying to find
> the name by searching the file system -- so this should deterministicly
> get the pty name -- and, in theory, it should work for 2.2 and 2.0 series
> kernels, as we're not searching for the file name, we're asking for the
> name.
>
> Anyway, my problem is I can't really test the rest of the equasion -- I
> don't have 2 boxes where I can try setting up a VPN between.
>
> My question to those of you on the list is: would anyone on the list be
> will be willing to help me test this version of pty-redir2 to see if it
> can be used under either kernel version to create a VPN based on the
> instructions in the VPN howto. The 'new' version can be obtained from:
>
> http://www.bgw.org/projects/pty-redir2/
>
> If you do wish to try it, please download the pty-redir2-20000128.tar.gz,
> the pty-redir2.tar.gz was the first version and tried to follow the original
> pty-redir's methodology for finding the controlling pty, which could have
> lead to problems (I think), so it's probably best not to use it.
>
> Thanks for your time,
> Kyle
>
>
> ----------------------------------------------------------------------------
> --
> Live fast, die young, and leave a good looking corpse.
> -- James Dean
> mortis@voicenet.com
> http://www.voicenet.com/~mortis
> ----------------------------------------------------------------------------
> --
>
>
> ______________________________________________________________________
> Philadelphia Linux Users Group - http://plug.nothinbut.net
> Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
> General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
>
>
> ______________________________________________________________________
> Philadelphia Linux Users Group - http://plug.nothinbut.net
> Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
> General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
>
>
______________________________________________________________________
Philadelphia Linux Users Group - http://plug.nothinbut.net
Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
|
|