WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Xen and IPSEC

from [John A. Sullivan III] [Permanent Link][Original]
To: Marcus Carlson <marcus@xxxxxxxxxxx>
Subject: Re: [Xen-users] Xen and IPSEC
From: "John A. Sullivan III" <jsullivan@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 25 May 2006 12:11:48 -0400
Cc: Xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 25 May 2006 09:12:57 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <4475D165.7080803@xxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4475D165.7080803@xxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
We have used Xen 2.0.7 very successfully for this in the ISCS network
security management project (http://iscs.sourceforge.net).  These are
moderately large production deployments with very complex security
within the tunnels and X.509 certificate based access control for remote
users using both Openswan for IPSec and OpenVPN for SSL. The deployments
have been very, very successful.  We have not yet tried it on Xen 3.0.x.
We are running Fedora Core 3 - John

On Thu, 2006-05-25 at 17:46 +0200, Marcus Carlson wrote:
> Hi!
> 
> Has anyone had any problems or tried isakmpd under linux in a domU?
> 
> I've set it up and the tunnel is working just fine, can ping, ssh to the 
> domU via tunnel, but I can't ping the net behind the router. tcpdump on 
> the external interface (eth0) reveals it is coming in and being 
> decrypted, but on the inside interface (eth1) no packages are being 
> sent. I suppose this is a kernel/ipsec problem but just want to ensure 
> that it is xen thats causing this troubles.
> 
> My setup: Xen 3.02 (debian package), Dom0: Debian unstable, domU; debian 
> stable with kernel modules from unstable.
> 
> Thanks for any help!
> Marcus
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
-- 
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan@xxxxxxxxxxxxxxxxxxx

Financially sustainable open source development
http://www.opensourcedevel.com


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] EVMS or GFS, Javier Guerra
Next by Date:  [Xen-users] Re: [Fedora-xen] Lost peth0, not sure how to get it back..., Mark A Heilpern
Previous by Thread:  [Xen-users] Xen and IPSEC, Marcus Carlson
Next by Thread:  [Xen-users] EVMS or GFS, Karsten Nielsen
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy