08-07-2014
VPN as client removes your host from the local net and attaches it to the net of the server, except for the VPN packets themselves. Local net access would ruin the security model -- Either you are all out or all in. Else you could be forwarding outside packets to the inside and inside packets to the outside, extending the formerly secure net.
9 More Discussions You Might Find Interesting
1. IP Networking
Hi,
I am involved in a project on Debian. One of my requirement is to route an IP packet in my application to a proxy server and receive the reply from the proxy server as an IP packet. My application handles data at the IP frame level. My application creates an IP packet(with all the necessary... (0 Replies)
Discussion started by: Rajesh_BK
0 Replies
2. UNIX for Dummies Questions & Answers
on ubuntu try without saving changes
i'm trying to do root stuff with sudo & su
I tried to change permissions (on files) but unsuccessfully
whoami is ubuntu
i'm doing this to experiment with root & sudo
error msgs i'm gettin
useradd: unable to lock password file
help?
thanks:) (2 Replies)
Discussion started by: JudoMan
2 Replies
3. Ubuntu
Hi all,
I am trying to configure and connect Cisco VPN on Ubuntu 10.04.
I've imported .pcf file. The new vpn conn appears in the VPN Connections option. Now when I select it, it doesn't connect. Nothing happens.
I am not able to connect to VPN at all. I tried using kvpnc as well but it... (10 Replies)
Discussion started by: morningSunshine
10 Replies
4. Ubuntu
Hi I have an Ubuntu 10.10 machine. I want to recover root password. I know it have to be done while booting but in boot shell.
I tried to do it but failed.
Please remedy my problem. (2 Replies)
Discussion started by: nixhead
2 Replies
5. SuSE
Hello All,
I'm using my Ubuntu 10.04 client connected via SSH to a SuSE Linux server (SuSE Linux Enterprise Server 11 (x86_64) version 11 patchlevel=1).
I'm trying to run an install of WebSphere Portal but can't seem to be able to run the GUI installer.
Running xclock as root returns this... (7 Replies)
Discussion started by: kartrait
7 Replies
6. Solaris
Hi All
After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies
7. UNIX for Dummies Questions & Answers
I have a dell pc with Ubuntu as the only OS, however, the only admin user no longer works here.
Due to my requirements, I have to either remove Ubuntu (12.04) and install XP or do a dual boot by adding XP. Any thoughts on how to either change the pw to allow me to make changes or take Ubuntu... (1 Reply)
Discussion started by: kuriosity_prime
1 Replies
8. IP Networking
I need to configure a proxy on my local machine to use an upstream proxy (installed on another machine). The upstream proxy requires Digest/NTLM authorization. I want the local proxy to deal with the upstream proxy's authorization details and provides authorization free access to users that connect... (0 Replies)
Discussion started by: Russel
0 Replies
9. UNIX for Beginners Questions & Answers
I have created a cronjob that successfully executes and among other thing runs aria2c to download several files and save them to a folder. However, since it executes as sudo, the downloaded folder is saved with those permissions.
Is there a way to execute the cronjob so that the downloaded folder... (4 Replies)
Discussion started by: cmccabe
4 Replies
LEARN ABOUT CENTOS
ipsec__updown
_UPDOWN(8) Executable programs _UPDOWN(8)
NAME
ipsec__updown - kernel and routing manipulation script
SYNOPSIS
_updown is invoked by pluto when it has brought up a new connection. This script is used to insert the appropriate routing entries for
IPsec operation on some kernel IPsec stacks, such as KLIPS and MAST, and may do other necessary work that is kernel or user specific, such
as defining custom firewall rules. The interface to the script is documented in the pluto man page.
VARIABLES
The _updown is passed along a number of variables which can be used to act differently based on the information:
PLUTO_VERSION
indicates what version of this interface is being used. This document describes version 1.1. This is upwardly compatible with version
1.0.
PLUTO_VERB
specifies the name of the operation to be performed, which can be one of prepare-host, prepare-client, up-host, up-client, down-host or
down-client. If the address family for security gateway to security gateway communications is IPv6, then a suffix of -v6 is added to
this verb.
PLUTO_CONNECTION
is the name of the connection for which we are routing.
PLUTO_NEXT_HOP
is the next hop to which packets bound for the peer must be sent.
PLUTO_INTERFACE
is the name of the ipsec interface to be used.
PLUTO_ME
is the IP address of our host.
PLUTO_MY_CLIENT
is the IP address / count of our client subnet. If the client is just the host, this will be the host's own IP address / max (where max
is 32 for IPv4 and 128 for IPv6).
PLUTO_MY_CLIENT_NET
is the IP address of our client net. If the client is just the host, this will be the host's own IP address.
PLUTO_MY_CLIENT_MASK
is the mask for our client net. If the client is just the host, this will be 255.255.255.255.
PLUTO_PEER
is the IP address of our peer.
PLUTO_PEER_CLIENT
is the IP address / count of the peer's client subnet. If the client is just the peer, this will be the peer's own IP address / max
(where max is 32 for IPv4 and 128 for IPv6).
PLUTO_PEER_CLIENT_NET
is the IP address of the peer's client net. If the client is just the peer, this will be the peer's own IP address.
PLUTO_PEER_CLIENT_MASK
is the mask for the peer's client net. If the client is just the peer, this will be 255.255.255.255.
PLUTO_MY_PROTOCOL
lists the protocols allowed over this IPsec SA.
PLUTO_PEER_PROTOCOL
lists the protocols the peer allows over this IPsec SA.
PLUTO_MY_PORT
lists the ports allowed over this IPsec SA.
PLUTO_PEER_PORT
lists the ports the peer allows over this IPsec SA.
PLUTO_MY_ID
lists our id.
PLUTO_PEER_ID
lists our peer's id.
PLUTO_PEER_CA
lists the peer's CA.
SEE ALSO
ipsec(8), ipsec_pluto(8).
HISTORY
Man page written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Michael Richardson. Original program written by Henry
Spencer.
AUTHOR
Paul Wouters
placeholder to suppress warning
libreswan 12/16/2012 _UPDOWN(8)