Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I found out, for example, that the racoon daemon did not support the XAUTH style of authorization that so many Sonicwall people use. I hacked the ipsec-tools-0.6b2 package, racoon daemon, (using an update that I found on the internet and adapted) to connect properly using this authorization style.
I don't know how or where to send it to become part of the 'official' source tree, nor do I know what is "officially" being done with regard to XAUTH and Sonicwall. All I knew was that I had a paying customer I couldn't talk to! I did not originate it, but managed to get the stuff working and to fix a few problems along the way. (The original patch developer simply assumed that the authentication would use certificates rather than pre-shared-key [PSK].)
Last edited by sundialsvcs; 08-02-2005 at 03:11 PM.
Originally posted by sundialsvcs More than I ever expected or wished to.
I found out, for example, that the racoon daemon did not support the XAUTH style of authorization that so many Sonicwall people use. I hacked the ipsec-tools-0.6b2 package, racoon daemon, (using an update that I found on the internet and adapted) to connect properly using this authorization style.
I don't know how or where to send it to become part of the 'official' source tree, nor do I know what is "officially" being done with regard to XAUTH and Sonicwall. All I knew was that I had a paying customer I couldn't talk to! I did not originate it, but managed to get the stuff working and to fix a few problems along the way. (The original patch developer simply assumed that the authentication would use certificates rather than pre-shared-key [PSK].)
Hi - thanks for the interesting response.
I've not gotten into using SonicWalls much other than connecting sites with actual SW hardware, so I'm not aware of racoon, or what exactly problems you're having. It sounds like you're getting into (and through) the SWs from outside systems without a SW attached. I've done a little of this, using the SW software, but I thought it was probably a lot better idea to use the hardware, particularly since it seems that only one software-only client is allowed per machine.
I have right now four clients, three with two sites each, and one with four. I have TZ170s at all sites, including my office and at home. Two sites have occasional trouble, but that seems to be due to the 'net connection. One site is very peculiar, in that it flatly refuses to let any communications through - from ME - although the SWs themselves show the "green light" indicating a tunnel exists... and I can get to it by going to one of the others and thence to the trooublesome one - it's only ME that it has problems with - the other three sites in its own subnet are fine. Basically, three sites use the fourth as the location of file servers using NFS and Samba, and everything seems to be working just fine (as long as the ISP keeps things connected!).
So I'm primarily looking at the SW as a VPN system, with the firewalling as a very welcome side benefit - what about you?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.