LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices


Reply
 
Search this Thread
Old 03-03-2012, 07:31 AM   #1
kayasaman
Member
 
Registered: Sep 2008
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443

Rep: Reputation: 32
icmp: 224.0.0.5 protocol 89 port 44 unreachable (gre encap) - Error over IPSEC/GRE


Hi,

I'm building a router/firewall/gateway/VPN aggregator out of OpenBSD 5.0 x64 RELEASE and am having some issues....


Am very new to Packet Filter (only been using it for round 2/3 days now) and OpenBSD in general.


Following these tutorials with emphasis on the last one I managed to get a VPN connection using IPSEC/GRE between my 2 virtual systems:

http://www.kernel-panic.it/openbsd/vpn/vpn3.html

http://www.openbsdsupport.org/vpn-ipsec.html

http://bsdsupport.org/2007/05/settin...re-on-openbsd/



Here is what I have done, in a Virtual Box setup:


(Simulated) Internal Network1: 88.88.88.0/23
(Simulated) Internal Network2: 88.88.90.0/23

LAN IP of ext_if GW1: 192.168.0.2
int_if GW1: 88.88.88.1
LAN IP of ext_if GW2: 192.168.0.3
int_if GW2: 88.88.90.1


The current and only line in both machines "ipsec.conf" file:

Code:
ike esp transport from 192.168.0.2 to 192.168.0.3

I have set OSPF up as this:

Code:
# $OpenBSD: ospfd.conf,v 1.4 2007/06/19 16:49:56 reyk Exp $

# macros
password="secret"

# global configuration
router-id 0.0.0.1
fib-update yes
# stub router no
# spf-delay 1
# spf-holdtime 5
redistribute 88.88.88.0/23
redistribute 10.0.0.0/30
auth-type none
# auth-key $password
# auth-type simple
# hello-interval 10
# metric 10
# retransmit-interval 5
# router-dead-time 40
# router-priority 1
# transmit-delay 1

# rtlabel "DMZ" external-tag 1

# areas
area 0.0.0.0 {
#       interface em1
        interface gre0
}


and finally Pakcet Filter with these rules:


Code:
# macros

int_if="em1"
ext_if="em0"
remote_gw="192.168.0.3"
remote_nets="{88.88.90.0/23, 10.0.0.0/30}"

tcp_services="{ 22, 113 }"
udp_services="{ 520 }"
#tcp_route="{ 520 }"
udp_route="{ 520 }"
icmp_types="echoreq"

comp1="88.88.88.2"

# options

set block-policy return
set loginterface em0
set skip on "{ lo, enc0 }"

# FTP Proxy rules

anchor "ftp-proxy/*"

pass in quick on $int_if inet proto tcp to any port ftp \
    divert-to 127.0.0.1 port 8021

# match rules

match out on egress inet from !(egress) to any nat-to (egress:0)

# filter rules

block in log (all)
pass out quick log (all)

antispoof quick for { lo $int_if }

pass in on egress inet proto tcp from any to (egress) \
    port $tcp_services 

#pass in on egress inet proto udp from any to (egress) \
#    port $udp_services 

#pass in quick on $ext_if inet proto tcp from any to any \
#    port $tcp_route 

pass in  quick on $ext_if inet proto udp from any to any \
    port $udp_route

pass in  quick on $ext_if proto udp from $remote_gw to $ext_if port {isakmp, ipsec-nat-t}
#pass out on $ext_if proto udp from $ext_if to $remote_gw port {isakmp, ipsec-nat-t}

pass in  quick on enc0 proto ipencap from $remote_gw to $ext_if keep state (if-bound)
#pass out on enc0 proto ipencap from $ext_if to $remote_gw keep state (if-bound)

pass in  quick on enc0 from $remote_nets to $int_if:network keep state (if-bound)
#pass out on enc0 from $int_if:network to $remote_nets keep state (if-bound)

pass in  quick on enc0 proto 44 from $remote_gw to $ext_if keep state (if-bound)

pass in on egress inet proto tcp to (egress) port 80 \
    rdr-to $comp1 synproxy state

pass in inet proto icmp all icmp-type $icmp_types
#block in inet proto icmp all icmp-type $icmp_types

pass in on $int_if

which I got from using this as a guide:


http://www.openbsd.org/faq/pf/example1.html

hostname.gre0 interfaces are setup as such:

gw1:

Code:
10.0.0.1 10.0.0.2 netmask 0xffffffff link0 up
tunnel 192.168.0.2 192.168.0.3
!route add -net 88.88.90 -netmask 255.255.254.0 10.0.0.2
gw2:

Code:
10.0.0.2 10.0.0.1 netmask 0xffffffff link0 up
tunnel 192.168.0.3 192.168.0.2
!route add -net 88.88.88 -netmask 255.255.254.0 10.0.0.1

Everything is fine and I can ping the gw2 tunnel interface, 10.0.0.2, from gw1!


However, I am getting these errors for OSPF:

Code:
# tcpdump -ni enc0       
tcpdump: listening on enc0, link-type ENC
13:27:01.157864 (authentic,confidential): SPI 0x54f8e8ff: 10.0.0.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.2 backbone [tos 0xc0] [ttl 1] (gre encap)
13:27:01.157954 (authentic,confidential): SPI 0x20c8346c: 10.0.0.1 > 10.0.0.2: icmp: 224.0.0.5 protocol 89 port 44 unreachable (gre encap)
13:27:06.802510 (authentic,confidential): SPI 0x20c8346c: 10.0.0.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.1 backbone [tos 0xc0] [ttl 1] (gre encap)
13:27:06.803104 (authentic,confidential): SPI 0x54f8e8ff: 10.0.0.2 > 10.0.0.1: icmp: 224.0.0.5 protocol 89 port 44 unreachable (gre encap)
I haven't been able to debug it yet as I'm not quite sure what the issue is???


If OSPF information is not get encapsulated or a firewall (PF) rule needs to be created in order to send the information specifically through the enc0 or gre0 interface... or if PF is blocking multicast from getting through??


Using "tcpdump -e -n -r /var/log/pflog" this is the output:

Code:
13:28:07.463164 rule 4/(match) pass out on em0: esp 192.168.0.2 > 192.168.0.3 spi 0x20c8346c seq 152 len 120 [tos 0xc0]
13:28:07.463616 rule 4/(match) pass in on em0: esp 192.168.0.3 > 192.168.0.2 spi 0x54f8e8ff seq 152 len 104
13:28:07.463680 rule 4/(match) pass in on enc0: 10.0.0.2 > 10.0.0.1: [|icmp] (gre encap)
13:28:07.463701 rule 4/(match) pass in on gre0: 0.0.0.0 > 0.0.0.0: icmp: 224.0.0.5 protocol 89 port 44 unreachable
13:28:11.227269 rule 4/(match) pass in on em0: esp 192.168.0.3 > 192.168.0.2 spi 0x54f8e8ff seq 153 len 120 [tos 0xc0]
13:28:11.227324 rule 4/(match) pass in on enc0: 10.0.0.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.2 backbone [|ospf] [tos 0xc0] [ttl 1] (gre encap)
13:28:11.227343 rule 3/(match) block in on gre0: 10.0.0.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.2 backbone [|ospf] [tos 0xc0] [ttl 1]
13:28:17.573174 rule 4/(match) pass out on gre0: 10.0.0.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.1 backbone [|ospf] [tos 0xc0] [ttl 1]
13:28:17.573192 rule 4/(match) pass out on enc0: 10.0.0.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.1 backbone [|ospf] [tos 0xc0] [ttl 1] (gre encap)
13:28:17.573241 rule 4/(match) pass out on em0: esp 192.168.0.2 > 192.168.0.3 spi 0x20c8346c seq 154 len 120 [tos 0xc0]
13:28:17.573770 rule 4/(match) pass in on em0: esp 192.168.0.3 > 192.168.0.2 spi 0x54f8e8ff seq 154 len 104
13:28:17.573827 rule 4/(match) pass in on enc0: 10.0.0.2 > 10.0.0.1: [|icmp] (gre encap)
13:28:17.573841 rule 4/(match) pass in on gre0: 0.0.0.0 > 0.0.0.0: icmp: 224.0.0.5 protocol 89 port 44 unreachable
13:28:21.237151 rule 4/(match) pass in on em0: esp 192.168.0.3 > 192.168.0.2 spi 0x54f8e8ff seq 155 len 120 [tos 0xc0]
13:28:21.237206 rule 4/(match) pass in on enc0: 10.0.0.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.2 backbone [|ospf] [tos 0xc0] [ttl 1] (gre encap)
13:28:21.237226 rule 3/(match) block in on gre0: 10.0.0.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.2 backbone [|ospf] [tos 0xc0] [ttl 1]
13:28:27.683256 rule 4/(match) pass out on gre0: 10.0.0.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.1 backbone [|ospf] [tos 0xc0] [ttl 1]
13:28:27.683281 rule 4/(match) pass out on enc0: 10.0.0.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.1 backbone [|ospf] [tos 0xc0] [ttl 1] (gre encap)
13:28:27.683353 rule 4/(match) pass out on em0: esp 192.168.0.2 > 192.168.0.3 spi 0x20c8346c seq 156 len 120 [tos 0xc0]
13:28:27.683713 rule 4/(match) pass in on em0: esp 192.168.0.3 > 192.168.0.2 spi 0x54f8e8ff seq 156 len 104
13:28:27.683775 rule 4/(match) pass in on enc0: 10.0.0.2 > 10.0.0.1: [|icmp] (gre encap)
13:28:27.683796 rule 4/(match) pass in on gre0: 0.0.0.0 > 0.0.0.0: icmp: 224.0.0.5 protocol 89 port 44 unreachable
13:28:31.247351 rule 4/(match) pass in on em0: esp 192.168.0.3 > 192.168.0.2 spi 0x54f8e8ff seq 157 len 120 [tos 0xc0]
13:28:31.247405 rule 4/(match) pass in on enc0: 10.0.0.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.2 backbone [|ospf] [tos 0xc0] [ttl 1] (gre encap)
13:28:31.247425 rule 3/(match) block in on gre0: 10.0.0.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.2 backbone [|ospf] [tos 0xc0] [ttl 1]
13:28:31.511811 rule 4/(match) pass out on em0: 192.168.0.2.520 > 224.0.0.9.520: RIPv2-resp [items 4]: {0.0.0.0->192.168.0.1}(16)[|rip] [tos 0xc0] [ttl 1]
13:28:37.793330 rule 4/(match) pass out on gre0: 10.0.0.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.1 backbone [|ospf] [tos 0xc0] [ttl 1]
13:28:37.793348 rule 4/(match) pass out on enc0: 10.0.0.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.1 backbone [|ospf] [tos 0xc0] [ttl 1] (gre encap)
13:28:37.793398 rule 4/(match) pass out on em0: esp 192.168.0.2 > 192.168.0.3 spi 0x20c8346c seq 158 len 120 [tos 0xc0]
13:28:37.793782 rule 4/(match) pass in on em0: esp 192.168.0.3 > 192.168.0.2 spi 0x54f8e8ff seq 158 len 104
13:28:37.793824 rule 4/(match) pass in on enc0: 10.0.0.2 > 10.0.0.1: [|icmp] (gre encap)
13:28:37.793838 rule 4/(match) pass in on gre0: 0.0.0.0 > 0.0.0.0: icmp: 224.0.0.5 protocol 89 port 44 unreachable
13:28:41.257815 rule 4/(match) pass in on em0: esp 192.168.0.3 > 192.168.0.2 spi 0x54f8e8ff seq 159 len 120 [tos 0xc0]
13:28:41.257893 rule 4/(match) pass in on enc0: 10.0.0.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.2 backbone [|ospf] [tos 0xc0] [ttl 1] (gre encap)
13:28:41.257921 rule 3/(match) block in on gre0: 10.0.0.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 0.0.0.2 backbone [|ospf] [tos 0xc0] [ttl 1]
Can anyone give me a hand in debugging the error message above???



Many thanks!

Last edited by kayasaman; 03-03-2012 at 07:33 AM.
 
Old 03-03-2012, 11:37 AM   #2
bsdsupport
LQ Newbie
 
Registered: Mar 2012
Posts: 2

Rep: Reputation: Disabled
Quote:
pass in quick on enc0 proto 44 from $remote_gw to $ext_if keep state (if-bound)
This says protocol 44 -
sip-frag 44 SIP-FRAG # SIP Fragment

The error you refer to says protocol 89 -
ospf 89 OSPFIGP # Open Shortest Path First IGP

You may try switching the protocol to 89 in your pf rule.

It's been some time since I wrote the article you reference, but I still use this configuration (with OSPF as well).

I would first try to get ospf working with the following pf rules
Code:
set skip on enc0
set skip on gre0
Here's what mine look like today
Code:
pass in on $ext_if proto udp from $ipsec_hosts to $my_ext port 500
pass in on $ext_if proto esp from $ipsec_hosts to $my_ext

pass in on $ext_if proto gre from $gre_hosts to $my_ext
pass in on $gre_if from any to any
Where $ipsec_hosts and $gre_hosts contain $ext_if address of the remote host
and $my_ext is my $ext_if address
 
Old 03-03-2012, 11:59 AM   #3
kayasaman
Member
 
Registered: Sep 2008
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443

Original Poster
Rep: Reputation: 32
Thanks so much for the response!! :-)


I actually managed to hack it out and get it working a while ago but been a bit lazy to post back... simply due to not getting much sleep these last 2/3 days as was flat-out trying to learn this; mainly how PF works as it's quite different from what I'm used to on Cisco's IOS!


Well here are my additions:


Code:
# macros

int_if="em1"
ext_if="em0"
vpn_if="gre0"
remote_gw="192.168.0.3"
remote_nets="{88.88.90.0/23, 10.0.0.0/30}"
for the macros portion.


I think the options stayed the same:

Code:
# options

set block-policy return
set loginterface em0
set skip on "{ lo, enc0 }"
....yep they did


and finally for the bottom part of pf.conf {snipped}:


Code:
pass in  quick on $ext_if inet proto udp from any to any \
    port $udp_route

pass in  quick on $ext_if proto udp from $remote_gw to $ext_if port {isakmp, ipsec-nat-t}
#pass out on $ext_if proto udp from $ext_if to $remote_gw port {isakmp, ipsec-nat-t}

pass in  quick on enc0 proto ipencap from $remote_gw to $ext_if keep state (if-bound)
#pass out on enc0 proto ipencap from $ext_if to $remote_gw keep state (if-bound)

pass in  quick on enc0 from $remote_nets to $int_if:network keep state (if-bound)
#pass out on enc0 from $int_if:network to $remote_nets keep state (if-bound)

pass in  quick on enc0 proto 44 from $remote_gw to $ext_if keep state (if-bound)

pass in on egress inet proto tcp to (egress) port 80 \
    rdr-to $comp1 synproxy state

pass in inet proto icmp all icmp-type $icmp_types
#block in inet proto icmp all icmp-type $icmp_types

pass in on $int_if

pass in on $vpn_if

I'm not sure if I need these "extra" rule sets though:


Code:
pass in  quick on enc0 proto ipencap from $remote_gw to $ext_if keep state (if-bound)
#pass out on enc0 proto ipencap from $ext_if to $remote_gw keep state (if-bound)

pass in  quick on enc0 from $remote_nets to $int_if:network keep state (if-bound)
#pass out on enc0 from $int_if:network to $remote_nets keep state (if-bound)

pass in  quick on enc0 proto 44 from $remote_gw to $ext_if keep state (if-bound)

as not sure what affect they have??? I mean running tcpdump, the rule numbers never get matched so....



However, if you did write the artical initially - it's awsome! :-)


I wonder, I was trying to use this as a pre-cursor to integrate with Cisco ISR routers using IPSEC over GRE like done above but not sure if will work??


Using sample Cisco IOS syntax this is what I would like to interface OpenBSD with:

Code:
crypto isakmp policy 10
 authentication pre-share
crypto isakmp key key1 address ip1
crypto isakmp key key2 address ip2
crypto isakmp invalid-spi-recovery
!
!
crypto ipsec transform-set geo-sync-set-01 esp-3des esp-md5-hmac 
!
crypto ipsec profile geo-sync-profile-01
 set transform-set geo-sync-set-01 
!
!
crypto map geo-sync-01 10 ipsec-isakmp 
 set peer ip1
 set peer ip2
 set transform-set geo-sync-set-01 
 match address 101

interface Tunnel0
 bandwidth 1000000
 ip address 10.255.255.102 255.255.255.252
 ip accounting output-packets
 ip accounting access-violations
 ip rip v2-broadcast
 ip rip send version 2
 ip rip receive version 2
 tunnel source Dialer0
 tunnel destination ip1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile geo-sync-profile-01


ip access-list extended TUNNEL0
 permit icmp 10.255.255.100 0.0.0.3 any
 permit ip 10.255.255.100 0.0.0.3 any
 permit icmp 192.168.0.0 0.0.1.255 any
 permit ip 192.168.0.0 0.0.1.255 any
 permit icmp 172.16.0.0 0.0.0.127 any
 permit ip 172.16.0.0 0.0.0.127 any
 permit icmp 172.16.0.192 0.0.0.63 any
 permit ip 172.16.0.192 0.0.0.63 any
 permit icmp 172.16.1.0 0.0.0.63 any
 permit ip 172.16.1.0 0.0.0.63 any
 deny   icmp any any
 deny   ip any any

access-list 101 permit udp any host ip1 eq isakmp
access-list 101 permit udp any host ip2 eq isakmp
access-list 101 permit esp any host wan_ip
access-list 101 permit gre host 10.255.255.101 host 10.255.255.102
access-list 101 permit gre any host wan_ip
access-list 101 deny   ip any any

To be honest, I am really struggling to understand PF mentality... probably as due to stated above, have only been using it for a couple of days but doing things like:


Code:
block in all
pass in quick interface em0
is kinda the reverse of the IOS ACL statements above where the:

Code:
deny any any
permit ip 1.1.1.1 255.255.255.0
statement would never match!


Also the rules are strange too as tcpdump tells me that it's either blocking according to rule 3 or passing according to rule 4 however:

Code:
# pfctl -sr
anchor "ftp-proxy/*" all
pass in quick on em1 inet proto tcp from any to any port = ftp flags S/SA divert-to 127.0.0.1 port 8021
match out on egress inet from ! (egress) to any nat-to (egress:0) round-robin
block return in log (all) all
pass out log (all) quick all flags S/SA
block drop in quick on ! lo inet6 from ::1 to any
block drop in quick on ! lo inet from 127.0.0.0/8 to any
block drop in quick inet6 from ::1 to any prio 0
block drop in quick on lo0 inet6 from fe80::1 to any prio 0
block drop in quick inet from 127.0.0.1 to any prio 0
block drop in quick on ! em1 inet from 88.88.88.0/23 to any
block drop in quick inet from 88.88.88.1 to any prio 0
block drop in quick on em1 inet6 from fe80::a00:27ff:feda:e4a6 to any prio 0
pass in on egress inet proto tcp from any to (egress) port = ssh flags S/SA
pass in on egress inet proto tcp from any to (egress) port = auth flags S/SA
pass in quick on em0 inet proto udp from 192.168.0.3 to 192.168.0.2 port = isakmp
pass in quick on em0 inet proto udp from 192.168.0.3 to 192.168.0.2 port = ipsec-nat-t
pass in quick on em0 inet proto udp from any to any port = route
pass in quick on enc0 inet proto ipencap from 192.168.0.3 to 192.168.0.2 keep state (if-bound)
pass in quick on enc0 inet proto sip-frag from 192.168.0.3 to 192.168.0.2 keep state (if-bound)
pass in quick on enc0 inet from 88.88.90.0/23 to 88.88.88.0/23 flags S/SA keep state (if-bound)
pass in quick on enc0 inet from 10.0.0.0/30 to 88.88.88.0/23 flags S/SA keep state (if-bound)
pass in on egress inet proto tcp from any to (egress) port = www flags S/SA synproxy state rdr-to 88.88.88.2
pass in inet proto icmp all icmp-type echoreq
pass in on em1 all flags S/SA
pass in on gre0 all flags S/SA
where is the rule 3 and 4 referring to???


It seems {I think} that it's referring to this:

Code:
block return in log (all) all
pass out log (all) quick all flags S/SA
but am not sure.....


????? Muchos Confusion!
 
Old 03-03-2012, 01:09 PM   #4
bsdsupport
LQ Newbie
 
Registered: Mar 2012
Posts: 2

Rep: Reputation: Disabled
In pf, as you've probably read, the last matching rule wins, unless a rule with the quick keyword matches, processing stops immediately.

http://www.openbsd.org/faq/pf/filter.html#quick

This takes some getting used to, I agree.

When I first started using pf, every rule I created had the quick keyword, and the deny any any rule was last. This was easier to understand at the time as it behaved more like the firewalls I was used to.

Quote:
I wonder, I was trying to use this as a pre-cursor to integrate with Cisco ISR routers using IPSEC over GRE like done above but not sure if will work??
I've setup OpenBSD <-> Cisco GRE tunnels before, but not with IPSec.

As for more useful pf output you can try
Code:
# pfctl -vvsr
Which will include rule numbers, and other useful data, so you can see if those rules are ever matched.

Code:
...
@4 block return in log all
  [ Evaluations: 285241    Packets: 11976     Bytes: 614748      States: 0     ]
...
 
Old 03-03-2012, 01:14 PM   #5
kayasaman
Member
 
Registered: Sep 2008
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443

Original Poster
Rep: Reputation: 32
Thanks a lot for your responses!!!


I really appreciate them, as it's so hard to get to learn something which has a slightly different mentality... almost like driving a car then going to a motorbike or driving on the otherside of the road if transitioning between say; anywhere in the world and Hong Kong, UK/Eire, Australia, Japan etc....



That's why explanations such as yours are so useful to help 'get the knack' of things so to speak.
 
Old 03-03-2012, 01:23 PM   #6
kayasaman
Member
 
Registered: Sep 2008
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443

Original Poster
Rep: Reputation: 32
Oh btw...

if you've got any links or docs or advice on GRE with Cisco, would it be possible to relay that stuff on to me - hopefully if that isn't being too demanding or rude??

Any kind of config on both sides would be useful


Many thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Port forward GRE and PPTP using IPtables twistedpair Linux - Networking 19 04-12-2015 08:12 AM
How to Port forward GRE and PPTP using IPtables vijaik Linux - Networking 0 02-27-2012 07:58 AM
Vpn poptop - CTRL: PTY read or GRE write failed (pty,gre)=(5,6) dezeque Linux - Networking 8 12-11-2009 01:56 PM
Linux to Cisco IPSEC/GRE VPN using ISP or EVDO billyg96r Linux - Newbie 10 04-02-2008 08:59 AM
GRE keepalives. How can a SUSE 9.0 Linux box send GRE keepalives? dlef Linux - Networking 1 06-28-2005 12:00 PM


All times are GMT -5. The time now is 03:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration