Lorenzo Milesi | 22 Jun 14:10 2011
Picon

Configure IPSec (also for iPhone)

Hi.

I usually configure OpenVPN as preferred remote access, but a customer requested the use of IPSec, which I
don't know as well as the first.

I enabled IPSec in endian 2.4.1 web config, created CA Authority, created an account, but when I try to
connect from iPhone nothing happens.
I tried from Cisco IPSec client for Windows, but won't say much...

Anyone using ipsec?
thanks
--

-- 
Lorenzo Milesi - lorenzo.milesi@...

YetOpen S.r.l. - http://www.yetopen.it/
Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY -
Tel 0341 220 205 - Fax 178 6070 222

GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it

-------- D.Lgs. 196/2003 --------

Si avverte che tutte le informazioni contenute in questo messaggio sono
riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
possibile.
Grazie.

------------------------------------------------------------------------------
(Continue reading)

Johnathan Revell | 22 Jun 14:41 2011

Re: Configure IPSec (also for iPhone)

I've tried, numerous times.

Gave up in the end.

Johnathan

> 
Johnathan Revell BSc (Hons) MBCS
IT Director
Tel: 01302 304000 Fax: 01302 322573 Web: http://www.crashrepairparts.com/ |
http://www.everythingcitroen.com/ | http://www.everythingpeugeot.com/ | http://www.bodyrepairquote.com/
http://www.crashrepairparts.com http://www.everythingcitroen.com
http://www.everythingpeugeot.com http://www.bodyrepairquote.com
Imperial Automotive Ltd is registered in England and Wales.
Registered Office: Cross Bank, Carr Hill, Balby, Doncaster DN4 8BE
Company Reg. No. 04290042 VAT No. GB590774016
http://www.facebook.com/CrashRepairParts/

> From: Lorenzo Milesi [mailto:lorenzo.milesi@...]
> Sent: 22 June 2011 13:11
> To: efw-user
> Subject: [Efw-user] Configure IPSec (also for iPhone)
> 
> Hi.
> 
> I usually configure OpenVPN as preferred remote access, but a customer
> requested the use of IPSec, which I don't know as well as the first.
> 
> I enabled IPSec in endian 2.4.1 web config, created CA Authority, created an
> account, but when I try to connect from iPhone nothing happens.
(Continue reading)

Kevin Murphy | 22 Jun 15:20 2011
Picon

Re: Configure IPSec (also for iPhone)

Likewise.  Tried IPsec on a couple of occasions without luck but its so much more complicated than OpenVPN and also there are issues with the implementation on endian too. 

Kevin

> From: johnathan-Mz9GGyS9ConmQsXbKtj5Y1aTQe2KTcn/@public.gmane.org
> To: efw-user-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> Date: Wed, 22 Jun 2011 13:41:16 +0100
> Subject: Re: [Efw-user] Configure IPSec (also for iPhone)
>
> I've tried, numerous times.
>
> Gave up in the end.
>
> Johnathan
>
> >
> Johnathan Revell BSc (Hons) MBCS
> IT Director
> Tel: 01302 304000 Fax: 01302 322573 Web: http://www.crashrepairparts.com/ | http://www.everythingcitroen.com/ | http://www.everythingpeugeot.com/ | http://www.bodyrepairquote.com/
> http://www.crashrepairparts.com http://www.everythingcitroen.com http://www.everythingpeugeot.com http://www.bodyrepairquote.com
> Imperial Automotive Ltd is registered in England and Wales.
> Registered Office: Cross Bank, Carr Hill, Balby, Doncaster DN4 8BE
> Company Reg. No. 04290042 VAT No. GB590774016
> http://www.facebook.com/CrashRepairParts/
>
> > From: Lorenzo Milesi [mailto:lorenzo.milesi <at> yetopen.it]
> > Sent: 22 June 2011 13:11
> > To: efw-user
> > Subject: [Efw-user] Configure IPSec (also for iPhone)
> >
> > Hi.
> >
> > I usually configure OpenVPN as preferred remote access, but a customer
> > requested the use of IPSec, which I don't know as well as the first.
> >
> > I enabled IPSec in endian 2.4.1 web config, created CA Authority, created an
> > account, but when I try to connect from iPhone nothing happens.
> > I tried from Cisco IPSec client for Windows, but won't say much...
> >
> > Anyone using ipsec?
> > thanks
> > --
> > Lorenzo Milesi - lorenzo.milesi <at> yetopen.it
> >
> > YetOpen S.r.l. - http://www.yetopen.it/
> > Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY -
> > Tel 0341 220 205 - Fax 178 6070 222
> >
> > GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it
> >
> > -------- D.Lgs. 196/2003 --------
> >
> > Si avverte che tutte le informazioni contenute in questo messaggio sono
> > riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
> > messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
> > senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
> > possibile.
> > Grazie.
> >
> >
> > ------------------------------------------------------------------------------
> > Simplify data backup and recovery for your virtual environment with vRanger.
> > Installation's a snap, and flexible recovery options mean your data is safe,
> > secure and there when you need it. Data protection magic?
> > Nope - It's vRanger. Get your free trial download today.
> > http://p.sf.net/sfu/quest-sfdev2dev
> > _______________________________________________
> > Efw-user mailing list
> > Efw-user-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> > https://lists.sourceforge.net/lists/listinfo/efw-user
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with vRanger.
> Installation's a snap, and flexible recovery options mean your data is safe,
> secure and there when you need it. Data protection magic?
> Nope - It's vRanger. Get your free trial download today.
> http://p.sf.net/sfu/quest-sfdev2dev
> _______________________________________________
> Efw-user mailing list
> Efw-user-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> https://lists.sourceforge.net/lists/listinfo/efw-user
------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user
Andre Mueller | 22 Jun 14:45 2011

Re: Configure IPSec (also for iPhone)


Hello

I was also interested to connect our iPhones by IPSec to the endian but 
unfortunately it seems that it is not possible as the iPhones requests 
an additional password, that the endian mask does not provide. I did 
some research on the web and further to this, it seems that the iPhone 
reads also some manufacturer ID -> Cisco and refuses all other 
manufacturers devices.

greetings, André

I am connecting actually the iPhone by PPTP by port forwarding through 
endian to an other server with PPTP (not very secure and a bit silly but 
the only work around at this time).

Am 22.06.11 14:10, schrieb Lorenzo Milesi:
> Hi.
>
> I usually configure OpenVPN as preferred remote access, but a customer requested the use of IPSec, which I
don't know as well as the first.
>
> I enabled IPSec in endian 2.4.1 web config, created CA Authority, created an account, but when I try to
connect from iPhone nothing happens.
> I tried from Cisco IPSec client for Windows, but won't say much...
>
> Anyone using ipsec?
> thanks

--

-- 

------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Data protection magic?
Nope - It's vRanger. Get your free trial download today.
http://p.sf.net/sfu/quest-sfdev2dev
_______________________________________________
Efw-user mailing list
Efw-user <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user
Lorenzo Milesi | 27 Jun 22:37 2011
Picon

Re: Configure IPSec (also for iPhone)

> Likewise. Tried IPsec on a couple of occasions without luck but its
> so much more complicated than OpenVPN and also there are issues with
> the implementation on endian too.

for the record, I enabled IPSec on a Xen VM and EFW 2.4.1: after few minutes the VM was made UNUSABLE,
unstoppable, unkillable!
I had to bring it down with improper kills of the daemon managing VM disk (qemu-dm).
It was a NIGHTMARE, I've spent a whole day trying to undestand what was wrong, and in the end was this damn
ipsec! 

Please, pull it off if it works this way!

maxxer

-- 
Lorenzo Milesi - lorenzo.milesi@...

YetOpen S.r.l. - http://www.yetopen.it/
Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY -
Tel 0341 220 205 - Fax 178 6070 222

GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it

-------- D.Lgs. 196/2003 --------

Si avverte che tutte le informazioni contenute in questo messaggio sono
riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
possibile.
Grazie.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
Andre Mueller | 28 Jun 08:18 2011

Re: Configure IPSec (also for iPhone)


IPsec on EFW 2.4.1 and before are working perfect and stable for me 
(except for the iPhone) since years for single user connections but also 
to connect sites together with heavy traffic/load (also with different 
products on the end points).

best regards, andre

P.S. I have no experience with EFW in a VM configuration

Am 27.06.11 22:37, schrieb Lorenzo Milesi:
>> Likewise. Tried IPsec on a couple of occasions without luck but its
>> so much more complicated than OpenVPN and also there are issues with
>> the implementation on endian too.
>
> for the record, I enabled IPSec on a Xen VM and EFW 2.4.1: after few minutes the VM was made UNUSABLE,
unstoppable, unkillable!
> I had to bring it down with improper kills of the daemon managing VM disk (qemu-dm).
> It was a NIGHTMARE, I've spent a whole day trying to undestand what was wrong, and in the end was this damn ipsec!
>
> Please, pull it off if it works this way!
>
> maxxer
>

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
Andres Gonzalez | 29 Jun 15:55 2011
Picon

dansguardian

Hello,

I have an EFW box for about 70 users with proxy and content filtering services on.
The problem is that over 2 or 3 days I have to restart the proxy service because the dansguardian process consumes all the RAM memory.

Is there any configuration that could be done?

HARDWARE specs:

PROC: Intel(R) Core(TM)2 Quad CPU Q8400 <at> 2.66GHz
RAM: 2 GB
HDD: SSD 32 GB

Regards.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user
compdoc | 29 Jun 16:42 2011

Re: dansguardian

>The problem is that over 2 or 3 days I have to restart the proxy service because the dansguardian process consumes all the RAM memory.

 

 

Been a while, but I think dansguardian can get stuck trying to update itself. There were always so many issues with the content filter and with snort, I keep them turned off.

 

Once a service like dansguardian or spamassassin becomes outdated, they stop updating themselves.

 

It's been ages since people have reported various EFW bugs, but none of the bugs have been fixed. (unless you fix them yourself)

 

Once a community version is released, Endian pretty much forgets about it. They're in the business of selling firewalls, and only release a free version because it's in the open source agreement.

 

You're often on your own.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Efw-user mailing list
Efw-user@...
https://lists.sourceforge.net/lists/listinfo/efw-user
Lorenzo Milesi | 29 Jun 19:45 2011
Picon

Re: dansguardian

> Once a community version is released, Endian pretty much forgets about
> it. They're in the business of selling firewalls, and only release a
> free version because it's in the open source agreement.
> You're often on your own.

They also have a $ version, based on the community. I wonder if the bug tracker used for the community is used
to track issues and then fix them only in the paid version.

-- 
Lorenzo Milesi - lorenzo.milesi@...

YetOpen S.r.l. - http://www.yetopen.it/
Via Carlo Torri Tarelli 19 - 23900 Lecco - ITALY -
Tel 0341 220 205 - Fax 178 6070 222

GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it

-------- D.Lgs. 196/2003 --------

Si avverte che tutte le informazioni contenute in questo messaggio sono
riservate ed a uso esclusivo del destinatario. Nel caso in cui questo
messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo
senza copiarlo, a non inoltrarlo a terzi e ad avvertirci non appena
possibile.
Grazie.

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2

Gmane