Re: Tunnel TCP ports

From: Gabel Martin (martin.gabel@siemens.com)
Date: Mon Dec 01 2003 - 06:12:12 EST

• Next message: Jeff Durand: "kmem_backend_free('kmem_default_backend', 77a74000, 32768): no such allocation"
• Previous message: Qing Chang: "SUMMARY: SUN SE 3510 FC does not present backup slice"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> Hi,
A lot of people suggested me to set up a IPsec tunnel. After a bit digging
in the sunmanagers mailinglist archive, I found
an intresting post from Rob Lelanghe. But I still have severals problems. So
this is what I did:
> I've two ultra 10 running Sol8 with the suplemental encryption package.
> Box A: ip: 192.168.0.4 Box B ip: 192.168.0.6
>
> 1. create an empty file /etc/inet/ipsecinit.conf
> 2. load it with ipsecconf -a /etc/inet/ipsecinit.conf
> 3. create ipseckey.conf:
> add esp spi 1 src 192.168.0.4 dst 192.168.0.6 auth_alg md5
> BC62474CCC139ABC7979D28C871674FB \
> encr_alg des encrkey 2E1E8CDCD08F759E
> add esp spi 1 src 192.168.0.6 dst 192.168.0.4 auth_alg md5
> BC62474CCC139ABC7979D28C871674FB \
> encr_alg des encrkey
> 4. load it with ipseckey -f /etc/inet/ipseckey.conf
> 5. copied both files to box B and did the same as above
> 6. Set Tunnel on Box A: ifconfig ip.tun0 plumb
> ifconfig ip.tun0 10.0.0.1 10.0.0.2 tsrc 192.168.0.4
> tdst 192.168.0.6 encr_algs des encr_auth_algs md5 up
> 7. Set Tunnel on Box B: ifconfig ip.tun0 plumb
> ifconfig ip.tun0 10.0.0.2 10.0.0.1 tsrc 192.168.0.6
> tdst 192.168.0.4 encr_algs des encr_auth_algs md5 up
>
up to this point, all went fine. But when I open snoop to look at the
packages it seems that they are not tunneled/encrypted.
> I cvan see a telnet session fully unencrypted (login - passwd).
> Unfortunately I've no firewall between these machines, only a switch
> (since this is only a test system)
> Do you have any idea how to force the packets to use the IPsec-tunnel ?
> Another thing is, that my standart interface - hme0 - is up. So I guess
> ther packets use this way. However when I disable it (ifconfig hme0 down)
> the system tells me that the network is unreachable (10.0.0.2 network
> unreachable from 192.168.0.4)
>
> Please help
> TIA
>
CU
may

-------------------------------------------------------------
original Message:
hi everybody,

I face the following problem: Our customer has two servers separated by two
firewalls. Both servers exchange data using a wide range of tcp-ports.
Unfortunately the network administration refuses our request to open all (or
at least a range) of ports between these two machines. So what we need is a
"tool" to multiplex/tunnel all inbound and outbound traffic. SSH would do
the job, but only for a session and not for calls made by our applications
or the system. Does anyone know a way or a 3rd party tool to manage this ?

TIA
may
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Jeff Durand: "kmem_backend_free('kmem_default_backend', 77a74000, 32768): no such allocation"
• Previous message: Qing Chang: "SUMMARY: SUN SE 3510 FC does not present backup slice"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:35 EDT