Re: Strongswan (fwd)
by Roger Grosswiler
Am Fri, 30 Jan 2009 00:09:15 -0500 (EST)
schrieb Paul Wouters <paul(a)xelerance.com>:
>
> Disclaimer: I am the Openswan maintainer and therefor strongly biased.
>
> > i still look for a good solution in vpn. i tried openswan with
> > racoon,
>
> Openswan with racoon? Openswan and Racoon are both different IPsec
> implementations (technically: different IKE implementations). They
> don't "go together".
>
> > openvpn. They are all quite good, openswan is more complicated than
> > openvpn.
>
> Yes, IPsec is more complicated then SSL-VPN's. They are also more
> robust, have more features, do not require routing hacks on the
> server, or require X.509, and not vulnerable to simple TCP-RST
> attacks. But yes, it is easier to use, and sadly has a better chance
> and getting through firewalls. (If anyone has time, I have a project
> lying around to implement "IPsec over fake port 443)
>
> > Now, i stumbeld on strongswan, which seems to be one of the
> > best maintained solution (as i read in linux magazine).
>
> Interesting. I have no idea what that is based on.
>
> > is it planned to get this packed in fedora? If it is, where can i
> > get it?
>
> I see it is currently not in fedora, but anyone who wants to package
> it up and put it in can do so. It is not blacklisted. It is just that
> there has been no one with an interest to package it up.
>
> > The advantage of strongswan is the integration in NetworkManager,
>
> NM integration of Openswan is planned by Red Hat, and is slated to
> be worked on after the NSS support for Openswan is finished.
>
> If anyone wants to work on this, I can give the list of items that
> need to be worked on. The biggest problem is that IPsec is a host-host
> protocol, but is now being used as a user-host protocol. NM requires
> that all information required can be passed as parameters (not config
> files). I am not sure how it handles this for X.509 certificates.
> Openswan uses configuration files, though almost all items can be
> specified via command line parameters (the 'ipsec whack'), there are a
> few that currently cannot - X.509 certs and PSK's.
>
> Also, to properly integrate Openswan with NM, it should also allow
> for L2TP connections within NM, so integration with xl2tpd (the L2TP
> client to use with Openswan) is required. xl2tpd mostly requires a
> username and password as well, and currently uses the chap-secrets
> for this instead of accepting parameters via NM.
>
> > which is done, but not with openswan. Openswan is integrated in
> > system-config-network, it is the question, if it belongs there, as
> > NetworkManager should do most work on networking. OpenVPN and Cisco
> > VPN are handled by NetworkManager too...
>
> I don't see any VPN options in system-config-network on by Fedora-10
> machine.
>
> NM is mostly used on enduser machines. Remember that Openswan is also
> used as IPsec gateway, where NM plays no part whatsoever.
>
> So, NM integration is on its way. If people have time to donate,
> contact me.
>
> Paul
yes, you write as you were the openswan-maintainer ;) and can be
biased.
good to hear, that integration is on its way. As documentation and
response on this mailing list did not flood my disk and mailbox, i am
glad to hear, that someone looks for integration. Even tough, i am not
a pro at all, there are reasons for encrypting traffic (host2host,
network2network) and would delcare myself as a nosey parker ;)
i cant help you on this, as i need help myself and get an easy life
installing encryption ;)
installing ipsec-tools brings you one tab more in
system-config-network, where you can go and create h2h and
n2n-connections. Still it is not in the same place as the 2 others,
which makes usability harder.
Roger
15 years, 3 months
App to manage/track/spawn processes
by bruce
Hi.
Not really a Fedora question, but maybe someone has thoughts on how to
implement this.
I've got a situation where I'm looking to have a process where I spawn off a
number of external apps. I'd like an app to manage the entire process of
creating/tracking the child apps. So basically, I'd like to be able to fire
off 10 copies of the child app, track the health/status of the child copies
while they're running, abd be able to continually fire off additional copies
of the child app when the number of running child apps gets below a given
threshold.
Of course I'd like to know if I'm already running a given child app, so I
only have a child app with the same input args running once. I'd also like
to be able to track when a child app is halted/stuck, so I can gracefully
kill it, and restart it...
Any thoughts on any kind of open source app that does this, or gets close...
I started to architect a quick solution to this when I couldn't find
anything on the 'net, but figured I'f ping here as well.
Comments/Thoughts are good.
thanks!!
15 years, 3 months
F10 NX Server
by Joseph L. Casale
Trying to access an F10 box with NX for a user that *had* compiz enabled but
it's off now and nxagent segfaults, I see this is/was an issue of compiz is
enabled but it's not anymore. Any ideas?
Thanks!
jlc
15 years, 3 months
Update revisor
by Terry Polzin
I'm running F8 what files need to be changed and or created in order to create
an updated F10 image since it's not something I can select from the revisor
menu without apparently some manipulation.
15 years, 3 months
Linux Bowl - Any Ideas?
by Marc Ferguson
Hi Folks,
I just purchased www.linuxbowl.com. I thought it would be fun to have it...
or ironic since I'm not really into football. So; the question is what do I
do with it!? I'd love to make it a community project since I'm already
strapped for extra time. Shoot me some of your ideas and let's see what
sticks!
--
Marc F.
www.fergytech.com
Registered Linux User: #410978
"When life gives me lemons... I make Linuxaide, hmm good stuff!" -Marc F.
15 years, 3 months
Re: Sound with gstreamer-apps is unbearable
by Hugh Caley
Ah, OK, I've also had this problem since F9. I'd assumed it was general
pulse audio problems, glad to know it's actually specific to my hardware
(seriously).
The information is much appreciated.
Hugh
> Welcome on the band of snd_intel8x0 guys.!!!
> I have your hardware and same problems. Many bugs related, it seems
> connected to incorrect time scheduling of kernel and related drivers
> I had these problems since end of F9, switched to F10 but no real
> improvements (i.e. if I run Rhythmbox and I listen to a radio stream I
> note many breaks and buffer becomes empty)
> Try pulseaudio -k then pulseaudio -vv in a terminal and you will see
> many interesting warnings (rewinds and so on).
> Now some improvements with alsa-lib-0.19 but I am running F11, I am
> waiting for 29 series kernel tha unfortunately don't boot at the
> moment on my hardware
> Have a look to:
> Bug 462026 - music file play -> sound sparks.
> Bug 447594 - audio going through pulseaudio causes skipping, dies
> Bug 446192 - horrible skipping audio
> Bug 441087 - Sound/music playing faster than it should on intel chipset
>
> IMHO this bug has been underestimated for a long time
>
> --
> Antonio Montagnani
> Skype : antoniomontag
>
--
Hugh Caley, Linux Administrator
Aldon Computer Group
6001 Shellmound St. Suite 600
Emeryville, CA 94608
(510) 285-8542 | hughc(a)aldon.com
15 years, 3 months
How to diagnose spontaneous reboots?
by Neil Bird
Ordinarily, I'd say that this sort of thing is hardware related, and
although I will be trying memtest for a while over the weekend, I'm
suspicious that this has only started happening immediately after I upgraded
from Fedora 8 to Fedora 10.
I'm running 'nuvexport', which is a script that pulls in MythV recordings
and spits out normalised video files; in this case, an XVID AVI using (I
think) ffmpeg. Several minutes into the run, the PC just ups and reboots.
This has now happened twice, and has never before.
I will also be trying the run from init level 1 just to make sure nothing
else running might be affecting it.
But the question is: if there *is* a bug (kernel?) that's letting a
user-mode process reboot the machine, how to track it?
--
[neil@fnx ~]# rm -f .signature
[neil@fnx ~]# ls -l .signature
ls: .signature: No such file or directory
[neil@fnx ~]# exit
15 years, 3 months
