Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I have implemented a IPsec connection between two pairs using openswan (opens/wan) in CentOS 6. This is running fine and i can see the traffic is encrypted. However if for whatever reason the IPsec tunnel no longer exists (maybe someone turned it off, maybe it crashed, etc), traffic will still flow between the peers as unencrypted traffic.
How can I ensure that traffic between these two peers is always sent encrypted with IPsec or no traffic between the peers is accepted.
Iptables does not seem to help, as the packets go through the iptables rules twice once encrypted and once again unencrypted.
Thanks in advance.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I would like to set up a VPN server, however it means ipv4 forwarding. Is it possible to set up a VPN without shutting down web services or should i use 2 separate servers ?
Thanks for reading ;)
Setting up a VPN server should not affect your web services. The only limitation is that you cannot use an HTTP(S) port (80 or 443), which I personally find practical (I have already seen Wi-Fi hotspots blocking all the ports except 80 and 443). However, if you get along with another port, you will do fine.
There is a good article about setting up an OpenVPN server on Debian Wiki (here). I have managed to set up the server using only this article.
Wishing you good luck.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
In ping , is it the replay echo and request echo take the same routes ?
and why ?
in other terms do reply messages take the reverse path of the request messages ?
A Ping is in fact an ICMP packet either indicating a request or reply. I would say that the answer to your questions in general is No since there's no guaranty that the path from your host to the destination is the same as the path from the destination to your host. Normally, this depends on the current status of the Network, the routing protocol used by your ISP and many other parameters.
Any way the ping is intended to calculate the round-trip delay (RTT) between your host and the destination. Thus, if the packets are traversing the same path or not should be transparent to any application you are using.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
is it possible to use transaction layer security (tls) to secure an external client/server application without modifying the code of the application itself?
Say a client application on a machine connects to several servers on several machines over an unsecured connection. I want to encrypt this connection using openssl/tls, but I can't modify neither client nor servers, but the machine configurations (linux os running underneath). I just found stunnel but it seems that it just supports a 1:1 connection.
Thanks in advance.
If you have a finite (and reasonably small) number of servers and you can configure the port number on your client for each connection, you could run stunnel on multiple ports, each one corresponding to a different destination.
However, it sounds like setting up a VPN between all these machines would be a better option. Some VPN implementations rely on TLS, but I'm not sure it would be the best choice here. You might want to investigate other methods, such as IPSec too.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I use an Linux Server for nat device.
Currently it looks like [PC1,2,3]--[Linux]--[Internet]
There is no issue at all , but I'm curious about , when I open a service (ex: FTP WWW ) on my PC1 , did my [Linux] also opened a port service on it ?
I did trace code for the
CONFIG_NF_CONNTRACK_FTP
CONFIG_NF_NAT_FTP
but I cant find related code about port open.
Thanks for your read.
There are various techniques used the make a router/firewall automatically forward ports to its clients. For example there are some protocols like: IGD, NAT-PMP et similia.
But those protocol need to be implemented both on router and on client. So automatic port-mapping won't work out of the box in many cases.
The lines in kernel config you are referring to CONFIG_NF_CONNTRACK_FTP CONFIG_NF_NAT_FTP are used for another reason: due to the fact that FTP protocol use two different tcp streams for comunication (one of which does not have to be "listened" by the server) your firewall needs extra "effort" to track the connection and act accordingly.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I m new to the computer networking.
I came across two terms FIREWALL and packet sniffer.
To me the operation wise both appears to be same.Please clarify
Firewall
A firewall can either be software-based or hardware-based and is used to help keep a network secure. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not
Sniffer
A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network
By the way you can also check wikipedia...