Subject: rsh over ipsec
To: None <tech-net@netbsd.org>
From: Jan Schaumann <jschauma@netmeister.org>
List: tech-net
Date: 12/04/2003 15:20:46
--pE2VAHO2njSJCslu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi all,
I have some problems with rsh over ipsec. I used to have it working
just fine, but then disbled it when I used a -current kernel with 1.6.1
userland. Now that I've upgraded all machines to -current, I finally
remembered to switch back to rsh over ipsec, but no luck.
The odd thing is, ipsec is working fine for syslog, but not for rsh.
So, for syslog I have the following setup in /etc/ipsec.conf on the
syslog server:
spdadd <SERVER IP>[514] 0.0.0.0/0 any -P out ipsec esp/transport//use;
spdadd 0.0.0.0/0 <SERVER IP>[514] any -P in ipsec esp/transport//require;
And the reverse for the clients, obviously. That works fine. racoon
negotiaties, connection established, syslog encrypted.
So I add back the entries I used to have for rsh and rlogin:
spdadd <SERVER IP>[any] 0.0.0.0/0[514] any -P out ipsec esp/transport//use;
spdadd 0.0.0.0/0[514] <SERVER IP>[any] -P in ipsec esp/transport//require;
On the client side:
spdadd 0.0.0.0/0[any] <CLIENT IP>[514] any -P in ipsec esp/transport//requi=
re;
spdadd <CLIENT IP>[514] 0.0.0.0/0[any] any -P out ipsec esp/transport//use;
Similarly for port 513.
Now this used to work under 1.6.1 <-> 1.6.1, but doesn't work any more.
I also tried explicitly speciying all IP addresses instead of using
0.0.0.0/0, but to no avail.
Does anybody have an idea?
-Jan
--=20
It's psychosomatic. You need a lobotomy. I'll get a saw.
-- Calvin
--pE2VAHO2njSJCslu
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)
iD8DBQE/z5cefFtkr68iakwRArFkAKCDx4Wplv5B/2HytaFse0kuQRJ4SgCgs3sK
f4OPRT4ImXVqQoUCE/8NfyE=
=vsOi
-----END PGP SIGNATURE-----
--pE2VAHO2njSJCslu--