Date: Wed, 8 Jul 1998 17:43:13 +0000 () From: Marc Rassbach <marc@tandem.milestonerdl.com> To: freebsd-security@FreeBSD.ORG, archie@whistle.com, skip-info@skip.org Subject: FreeBSD 2.2.6/ipfw-natd/SKIP playing nice with NT 4 SKIP (round 5) Message-ID: <Pine.BSF.3.91.980708174051.18990O-100000@tandem.milestonerdl.com>
next in thread | raw e-mail | index | archive | help
(and hopefully the last round!) Thanks to tips from Archie Cobbs at whistle.com I was able to almost get skip and natd on FreeBSD to work with NT 4.0 skip. (The cert. on the NT box starts is 0x5b7d367e4fe8daf60313d75a0fe5b497) The config I desire to have work is one with nomadic users, and the configs I can get working are: non-nomadic users and natd. Nomadic users and no natd. But not the grail of nomadic users and natd. If I boot up with kernel.GENERIC this skiphost -P works as Im wanting. skiphost -i ep0 -p skiphost -i ep0 -a 224.0.0.1 skiphost -i ep0 -a 192.168.138.1 -v 2 -k DES-CBC -t DES-CBC -s 8 -S 0x65acaa1f5edce866d7f473508fda994f skiphost -i ep0 -a 224.0.0.2 skiphost -i ep0 -a 192.168.138.255 skiphost -i ep0 -a "*" -v 2 -k DES-CBC -t DES-CBC -r 8 -R 0x40a6c87db1f6677ab12a98c82f007012 -s 8 -S 0x65acaa1f5edce866d7f473508fda994f skiphost -i ep0 -a "*" -v 2 -k DES-CBC -t DES-CBC -r 8 -R 0x5b7d367e4fe8daf60313d75a0fe5b497 -s 8 -S 0x65acaa1f5edce866d7f473508fda994f skiphost -i ep0 -o on If I use this ipfw list and have a kernel configured for IPFW 00010 allow skip from any to any 00010 allow 79 from any to any 00010 allow esp from any to any 00010 allow ah from any to any 00010 allow udp from any to 192.168.138.1 1640 00010 allow udp from 192.168.138.1 1640 to any 00100 divert 6668 log ip from any to any via 192.168.138.1 65535 allow ip from any to any and this skiphost -P skiphost -i ep0 -p skiphost -i ep0 -a 224.0.0.1 skiphost -i ep0 -a 192.168.138.1 -v 2 -k DES-CBC -t DES-CBC -s 8 -S 0x65acaa1f5edce866d7f473508fda994f skiphost -i ep0 -a 224.0.0.2 skiphost -i ep0 -a 192.168.138.16 skiphost -i ep0 -a 192.168.138.55 skiphost -i ep0 -a 192.168.138.255 skiphost -i ep0 -a "*" -v 2 -k DES-CBC -t DES-CBC -r 8 -R 0x40a6c87db1f6677ab12a98c82f007012 -s 8 -S 0x65acaa1f5edce866d7f473508fda994f skiphost -i ep0 -a "*" -v 2 -k DES-CBC -t DES-CBC -r 8 -R 0x5b7d367e4fe8daf60313d75a0fe5b497 -s 8 -S 0x65acaa1f5edce866d7f473508fda994f skiphost -i ep0 -o on I at least have un-encrypted communications. Asking the skip implementation to be in a nomadic mode breaks with the above config. So, can anyone spot what I did wrong here? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.980708174051.18990O-100000>