Search Results

Search found 328 results on 14 pages for 'esp'.

Page 4/14 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Skyrim Creation Kit with Xbox 360

    - by funseiki
    I posted this on stackoverflow but was advised to post here (here is a link to the stackoverflow question). I'm hoping for constructive feedback on its plausibility. Update on progress: It looks like there are ways to stuff files back onto the console (horizon, modio, xplorer360, etc) and they do require some form of signing. As of now, though, I've had no luck. I was hoping I could get away with just placing the ".esp" into the directory containing marketplace downloads for Skyrim, along with the signed ".bsa" file (basically a zipped up file containing any extra content the .esp will need to refer that doesn't exist in the basic game). This doesn't work, at least not in the ways I've tried, so next I'm going to try install the entire game to my flash drive (if possible) and attempt to traverse through the game's directory (this is probably unlikely). If anyone else has suggestions or luck or wants more detail on my failures comment/answer away. Here is the question: I'm thinking about buying the PC version of Skyrim to get the Creation Kit (I already own a copy for the Xbox). I have read the faq and scoured plenty of forums to see if there was some way to mod Skyrim for a console (Xbox 360, in particular), but they are generally coming up negative. I realize the CreationKit is on the PC, but I was wondering if there was a way to set up the '.esp' (hopefully I'm interpreting this correctly) files to be placed on the Xbox 360 file system in a similar manner to how game add-ons are downloaded from the Xbox Live Marketplace. I believe it is possible to transfer saves between the console and the PC (e.g. google: 'skyrim mod xbox360'), but these are referencing items that already exist in the game (e.g. a console command for maximum carry weight does not require reference to new animations or models). It would probably be easier if one could navigate through the xbox's file system to see where the games' files are placed, but with the current setup, the file system is abstracted away. Any help or insight on the matter would be much appreciated. I would love to work on a project that would make it possible to let console gamers experience and enjoy all the great mods available to the PC community.

    Read the article

  • Can't access shared drive when connecting over VPN

    - by evolvd
    I can ping all network devices but it doesn't seem that DNS is resolving their hostnames. ipconfig/ all is showing that I am pointing to the correct dns server. I can "ping "dnsname"" and it will resolve but it wont resolve any other names. Split tunnel is set up so outside DNS is resolving fine So one issue might be DNS but I have the IP address of the server share so I figure I could just get to it that way. example: \10.0.0.1\ well I can't get to it that way either and I get "the specified network name is no longer available" I can ping it but I can't open the share. Below is the ASA config : ASA Version 8.2(1) ! hostname KG-ASA domain-name example.com names ! interface Vlan1 nameif inside security-level 100 ip address 10.0.0.253 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address dhcp setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns domain-lookup outside dns server-group DefaultDNS name-server 10.0.0.101 domain-name blah.com access-list OUTSIDE_IN extended permit tcp any host 10.0.0.253 eq 10000 access-list OUTSIDE_IN extended permit tcp any host 10.0.0.253 eq 8333 access-list OUTSIDE_IN extended permit tcp any host 10.0.0.253 eq 902 access-list SPLIT-TUNNEL-VPN standard permit 10.0.0.0 255.0.0.0 access-list NONAT extended permit ip 10.0.0.0 255.255.255.0 10.0.1.0 255.255.255.0 pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 ip local pool IPSECVPN-POOL 10.0.1.2-10.0.1.50 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-621.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list NONAT nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface 10000 10.0.0.101 10000 netmask 255.255.255.255 static (inside,outside) tcp interface 8333 10.0.0.101 8333 netmask 255.255.255.255 static (inside,outside) tcp interface 902 10.0.0.101 902 netmask 255.255.255.255 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authentication enable console LOCAL aaa authentication http console LOCAL aaa authentication serial console LOCAL aaa authentication ssh console LOCAL aaa authentication telnet console LOCAL http server enable http 10.0.0.0 255.255.0.0 inside http 0.0.0.0 0.0.0.0 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set myset esp-aes esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map dynmap 1 set transform-set myset crypto dynamic-map dynmap 1 set reverse-route crypto map IPSEC-MAP 65535 ipsec-isakmp dynamic dynmap crypto map IPSEC-MAP interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 65535 authentication pre-share encryption aes hash sha group 2 lifetime 86400 telnet 0.0.0.0 0.0.0.0 inside telnet timeout 5 ssh 0.0.0.0 0.0.0.0 inside ssh 70.60.228.0 255.255.255.0 outside ssh 74.102.150.0 255.255.254.0 outside ssh 74.122.164.0 255.255.252.0 outside ssh timeout 5 console timeout 0 dhcpd dns 10.0.0.101 dhcpd lease 7200 dhcpd domain blah.com ! dhcpd address 10.0.0.110-10.0.0.170 inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ntp server 63.111.165.21 webvpn enable outside svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1 svc enable group-policy EASYVPN internal group-policy EASYVPN attributes dns-server value 10.0.0.101 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn split-tunnel-policy tunnelspecified split-tunnel-network-list value SPLIT-TUNNEL-VPN ! tunnel-group client type remote-access tunnel-group client general-attributes address-pool (inside) IPSECVPN-POOL address-pool IPSECVPN-POOL default-group-policy EASYVPN dhcp-server 10.0.0.253 tunnel-group client ipsec-attributes pre-shared-key * tunnel-group CLIENTVPN type ipsec-l2l tunnel-group CLIENTVPN ipsec-attributes pre-shared-key * ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect icmp ! service-policy global_policy global prompt hostname context I'm not sure where I should go next with troubleshooting nslookup result: Default Server: blahname.blah.lan Address: 10.0.0.101

    Read the article

  • Ipsec config problem // openswan

    - by user90696
    I try to configure Ipsec on server with openswan as client. But receive error - possible, it's auth error. What I wrote wrong in config ? Thank you for answers. #1: STATE_MAIN_I2: sent MI2, expecting MR2 003 "f-net" #1: received Vendor ID payload [Cisco-Unity] 003 "f-net" #1: received Vendor ID payload [Dead Peer Detection] 003 "f-net" #1: ignoring unknown Vendor ID payload [ca917959574c7d5aed4222a9df367018] 003 "f-net" #1: received Vendor ID payload [XAUTH] 108 "f-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3 003 "f-net" #1: discarding duplicate packet; already STATE_MAIN_I3 010 "f-net" #1: STATE_MAIN_I3: retransmission; will wait 20s for response 003 "f-net" #1: discarding duplicate packet; already STATE_MAIN_I3 003 "f-net" #1: discarding duplicate packet; already STATE_MAIN_I3 003 "f-net" #1: discarding duplicate packet; already STATE_MAIN_I3 010 "f-net" #1: STATE_MAIN_I3: retransmission; will wait 40s for response 031 "f-net" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message 000 "f-net" #1: starting keying attempt 2 of at most 3, but releasing whack other side - Cisco ASA. parameters for my connection on our Linux server : VPN Gateway 8.*.*.* (Cisco ) Phase 1 Exchange Type Main Mode Identification Type IP Address Local ID 4.*.*.* (our Linux server IP) Remote ID 8.*.*.* (VPN server IP) Authentication PSK Pre Shared Key Diffie-Hellman Key Group DH 5 (1536 bit) or DH 2 (1024 bit) Encryption Algorithm AES 256 HMAC Function SHA-1 Lifetime 86.400 seconds / no volume limit Phase 2 Security Protocol ESP Connection Mode Tunnel Encryption Algorithm AES 256 HMAC Function SHA-1 Lifetime 3600 seconds / 4.608.000 kilobytes DPD / IKE Keepalive 15 seconds PFS off Remote Network 192.168.100.0/24 Local Network 1 10.0.0.0/16 ............... Local Network 5 current openswan config : # config setup klipsdebug=all plutodebug="control parsing" protostack=netkey nat_traversal=no virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off nhelpers=0 conn f-net type=tunnel keyexchange=ike authby=secret auth=esp esp=aes256-sha1 keyingtries=3 pfs=no aggrmode=no keylife=3600s ike=aes256-sha1-modp1024 # left=4.*.*.* leftsubnet=10.0.0.0/16 leftid=4.*.*.* leftnexthop=%defaultroute right=8.*.*.* rightsubnet=192.168.100.0/24 rightid=8.*.*.* rightnexthop=%defaultroute auto=add

    Read the article

  • Printf in assembler doesn't print

    - by Gaim
    Hi there, I have got a homework to hack program using buffer overflow ( with disassambling, program was written in C++, I haven't got the source code ). I have already managed it but I have a problem. I have to print some message on the screen, so I found out address of printf function, pushed address of "HACKED" and address of "%s" on the stack ( in this order ) and called that function. Called code passed well but nothing had been printed. I have tried to simulate the environment like in other place in the program but there has to be something wrong. Do you have any idea what I am doing wrong that I have no output, please? Thanks a lot EDIT: This program is running on Windows XP SP3 32b, written in C++, Intel asm there is the "hack" code CPU Disasm Address Hex dump Command Comments 0012F9A3 90 NOP ;hack begins 0012F9A4 90 NOP 0012F9A5 90 NOP 0012F9A6 89E5 MOV EBP,ESP 0012F9A8 83EC 7F SUB ESP,7F ;creating a place for working data 0012F9AB 83EC 7F SUB ESP,7F 0012F9AE 31C0 XOR EAX,EAX 0012F9B0 50 PUSH EAX 0012F9B1 50 PUSH EAX 0012F9B2 50 PUSH EAX 0012F9B3 89E8 MOV EAX,EBP 0012F9B5 83E8 09 SUB EAX,9 0012F9B8 BA 1406EDFF MOV EDX,FFED0614 ;address to jump, it is negative because there mustn't be 00 bytes 0012F9BD F7DA NOT EDX 0012F9BF FFE2 JMP EDX ;I have to jump because there are some values overwritten by the program 0012F9C1 90 NOP 0012F9C2 0090 00000000 ADD BYTE PTR DS:[EAX],DL 0012F9C8 90 NOP 0012F9C9 90 NOP 0012F9CA 90 NOP 0012F9CB 90 NOP 0012F9CC 6C INS BYTE PTR ES:[EDI],DX ; I/O command 0012F9CD 65:6E OUTS DX,BYTE PTR GS:[ESI] ; I/O command 0012F9CF 67:74 68 JE SHORT 0012FA3A ; Superfluous address size prefix 0012F9D2 2069 73 AND BYTE PTR DS:[ECX+73],CH 0012F9D5 203439 AND BYTE PTR DS:[EDI+ECX],DH 0012F9D8 34 2C XOR AL,2C 0012F9DA 2066 69 AND BYTE PTR DS:[ESI+69],AH 0012F9DD 72 73 JB SHORT 0012FA52 0012F9DF 74 20 JE SHORT 0012FA01 0012F9E1 3120 XOR DWORD PTR DS:[EAX],ESP 0012F9E3 6C INS BYTE PTR ES:[EDI],DX ; I/O command 0012F9E4 696E 65 7300909 IMUL EBP,DWORD PTR DS:[ESI+65],-6F6FFF8D 0012F9EB 90 NOP 0012F9EC 90 NOP 0012F9ED 90 NOP 0012F9EE 31DB XOR EBX,EBX ; hack continues 0012F9F0 8818 MOV BYTE PTR DS:[EAX],BL ; writing 00 behind word "HACKED" 0012F9F2 83E8 06 SUB EAX,6 0012F9F5 50 PUSH EAX ; address of "HACKED" 0012F9F6 B8 3B8CBEFF MOV EAX,FFBE8C3B 0012F9FB F7D0 NOT EAX 0012F9FD 50 PUSH EAX ; address of "%s" 0012F9FE B8 FFE4BFFF MOV EAX,FFBFE4FF 0012FA03 F7D0 NOT EAX 0012FA05 FFD0 CALL EAX ;address of printf This code is really ugly because I am new in assembler and there mustn't be null bytes because of buffer-overflow bug

    Read the article

  • Windows32 API: "mov edi,edi" on function entry?

    - by Ira Baxter
    I'm stepping through Structured Error Handling recovery code in Windows 7 (e.g, what happens after SEH handler is done and passes back "CONTINUE" code). Here's a function which is called: 7783BD9F mov edi,edi 7783BDA1 push ebp 7783BDA2 mov ebp,esp 7783BDA4 push 1 7783BDA6 push dword ptr [ebp+0Ch] 7783BDA9 push dword ptr [ebp+8] 7783BDAC call 778692DF 7783BDB1 pop ebp 7783BDB2 ret 8 I'm used to the function prolog of "push ebp/mov ebp,esp". What's the purpose of the "mov edi,edi"?

    Read the article

  • Can you explain why gcc -S output something like assemble?

    - by Mask
    $ gcc -S buffer-overflow.c && cat buffer-overflow.s _foo: pushl %ebp ;2 movl %esp, %ebp ;3 subl $16, %esp ;4 movl LC1, %eax ;5 movl %eax, -4(%ebp) ;6 leal -4(%ebp), %eax ;7 leal 8(%eax), %edx ;8 movl $_bad, %eax ;9 movl %eax, (%edx) ;10 leave ret _main: ... call _foo ;1 ... The help information says it should not compile nor assemble: -S Compile only; do not assemble or link Why are they contradictory?

    Read the article

  • learn ia32 for C

    - by David Lee
    I am trying to translate the following: Action: pushl %ebp movl %esp, %eax subl $32, %esp movl $0, -8(%eax) movl $0, -4(%eax) movl -4(%eax), %eax cmpl 32(%eax), %ebp movl -4(%ebp), %eax sall $2, %ebp addl 8(%ebp), %ebp movl (%ebp), %ebp addl %ebp, -8(%eax) addl $1, -4(%eax) What is the best way to learn assembly and translating this code?

    Read the article

  • calling c function from assembly

    - by void
    I'm trying to use a function in assembly in a C project, the function is supposed to call a libc function let's say printf() but I keep getting a segmentation fault. In the .c file I have the declaration of the function let's say int do_shit_in_asm() In the .asm file I have .extern printf .section .data printtext: .ascii "test" .section .text .global do_shit_in_asm .type do_shit_in_asm, @function do_shit_in_asm: pushl %ebp movl %esp, %ebp push printtext call printf movl %ebp, %esp pop %ebp ret Any pointers would be appreciated. as func.asm -o func.o gcc prog.c func.o -o prog

    Read the article

  • Messing with the stack in assembly and c++

    - by user246100
    I want to do the following: I have a function that is not mine (it really doesn't matter here but just to say that I don't have control over it) and that I want to patch so that it calls a function of mine, preserving the arguments list (jumping is not an option). What I'm trying to do is, to put the stack pointer as it was before that function is called and then call mine (like going back and do again the same thing but with a different function). This doesn't work straight because the stack becomes messed up. I believe that when I do the call it replaces the return address. So, I did a step to preserve the return address saving it in a globally variable and it works but this is not ok because I want it to resist to recursitivy and you know what I mean. Anyway, i'm a newbie in assembly so that's why I'm here. Please, don't tell me about already made software to do this because I want to make things my way. Of course, this code has to be compiler and optimization independent. My code (If it is bigger than what is acceptable please tell me how to post it): // A function that is not mine but to which I have access and want to patch so that it calls a function of mine with its original arguments void real(int a,int b,int c,int d) { } // A function that I want to be called, receiving the original arguments void receiver(int a,int b,int c,int d) { printf("Arguments %d %d %d %d\n",a,b,c,d); } long helper; // A patch to apply in the "real" function and on which I will call "receiver" with the same arguments that "real" received. __declspec( naked ) void patch() { _asm { // This first two instructions save the return address in a global variable // If I don't save and restore, the program won't work correctly. // I want to do this without having to use a global variable mov eax, [ebp+4] mov helper,eax push ebp mov ebp, esp // Make that the stack becomes as it were before the real function was called add esp, 8 // Calls our receiver call receiver mov esp, ebp pop ebp // Restores the return address previously saved mov eax, helper mov [ebp+4],eax ret } } int _tmain(int argc, _TCHAR* argv[]) { FlushInstructionCache(GetCurrentProcess(),&real,5); DWORD oldProtection; VirtualProtect(&real,5,PAGE_EXECUTE_READWRITE,&oldProtection); // Patching the real function to go to my patch ((unsigned char*)real)[0] = 0xE9; *((long*)((long)(real) + sizeof(unsigned char))) = (char*)patch - (char*)real - 5; // calling real function (I'm just calling it with inline assembly because otherwise it seems to works as if it were un patched // that is strange but irrelevant for this _asm { push 666 push 1337 push 69 push 100 call real add esp, 16 } return 0; }

    Read the article

  • interpreting assembly instructions

    - by David Lee
    I am trying to translate the following: Action: pushl %ebp movl %esp, %eax subl $32, %esp movl $0, -8(%eax) movl $0, -4(%eax) movl -4(%eax), %eax cmpl 32(%eax), %ebp movl -4(%ebp), %eax sall $2, %ebp addl 8(%ebp), %ebp movl (%ebp), %ebp addl %ebp, -8(%eax) addl $1, -4(%eax) What is the best way to learn assembly and translating this code?

    Read the article

  • Cisco ASA (Client VPN) to LAN - through second VPN to second LAN

    - by user50855
    We have 2 site that is linked by an IPSEC VPN to remote Cisco ASAs: Site 1 1.5Mb T1 Connection Cisco(1) 2841 Site 2 1.5Mb T1 Connection Cisco 2841 In addition: Site 1 has a 2nd WAN 3Mb bonded T1 Connection Cisco 5510 that connects to same LAN as Cisco(1) 2841. Basically, Remote Access (VPN) users connecting through Cisco ASA 5510 needs access to a service at the end of Site 2. This is due to the way the service is sold - Cisco 2841 routers are not under our management and it is setup to allow connection from local LAN VLAN 1 IP address 10.20.0.0/24. My idea is to have all traffic from Remote Users through Cisco ASA destined for Site 2 to go via the VPN between Site 1 and Site 2. The end result being all traffic that hits Site 2 has come via Site 1. I'm struggling to find a great deal of information on how this is setup. So, firstly, can anyone confirm that what I'm trying to achieve is possible? Secondly, can anyone help me to correct the configuration bellow or point me in the direction of an example of such a configuration? Many Thanks. interface Ethernet0/0 nameif outside security-level 0 ip address 7.7.7.19 255.255.255.240 interface Ethernet0/1 nameif inside security-level 100 ip address 10.20.0.249 255.255.255.0 object-group network group-inside-vpnclient description All inside networks accessible to vpn clients network-object 10.20.0.0 255.255.255.0 network-object 10.20.1.0 255.255.255.0 object-group network group-adp-network description ADP IP Address or network accessible to vpn clients network-object 207.207.207.173 255.255.255.255 access-list outside_access_in extended permit icmp any any echo-reply access-list outside_access_in extended permit icmp any any source-quench access-list outside_access_in extended permit icmp any any unreachable access-list outside_access_in extended permit icmp any any time-exceeded access-list outside_access_in extended permit tcp any host 7.7.7.20 eq smtp access-list outside_access_in extended permit tcp any host 7.7.7.20 eq https access-list outside_access_in extended permit tcp any host 7.7.7.20 eq pop3 access-list outside_access_in extended permit tcp any host 7.7.7.20 eq www access-list outside_access_in extended permit tcp any host 7.7.7.21 eq www access-list outside_access_in extended permit tcp any host 7.7.7.21 eq https access-list outside_access_in extended permit tcp any host 7.7.7.21 eq 5721 access-list acl-vpnclient extended permit ip object-group group-inside-vpnclient any access-list acl-vpnclient extended permit ip object-group group-inside-vpnclient object-group group-adp-network access-list acl-vpnclient extended permit ip object-group group-adp-network object-group group-inside-vpnclient access-list PinesFLVPNTunnel_splitTunnelAcl standard permit 10.20.0.0 255.255.255.0 access-list inside_nat0_outbound_1 extended permit ip 10.20.0.0 255.255.255.0 10.20.1.0 255.255.255.0 access-list inside_nat0_outbound_1 extended permit ip 10.20.0.0 255.255.255.0 host 207.207.207.173 access-list inside_nat0_outbound_1 extended permit ip 10.20.1.0 255.255.255.0 host 207.207.207.173 ip local pool VPNPool 10.20.1.100-10.20.1.200 mask 255.255.255.0 route outside 0.0.0.0 0.0.0.0 7.7.7.17 1 route inside 207.207.207.173 255.255.255.255 10.20.0.3 1 crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 288000 crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set reverse-route crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto map outside_dyn_map 20 match address acl-vpnclient crypto map outside_dyn_map 20 set security-association lifetime seconds 28800 crypto map outside_dyn_map 20 set security-association lifetime kilobytes 4608000 crypto isakmp identity address crypto isakmp enable outside crypto isakmp policy 20 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 group-policy YeahRightflVPNTunnel internal group-policy YeahRightflVPNTunnel attributes wins-server value 10.20.0.9 dns-server value 10.20.0.9 vpn-tunnel-protocol IPSec password-storage disable pfs disable split-tunnel-policy tunnelspecified split-tunnel-network-list value acl-vpnclient default-domain value YeahRight.com group-policy YeahRightFLVPNTunnel internal group-policy YeahRightFLVPNTunnel attributes wins-server value 10.20.0.9 dns-server value 10.20.0.9 10.20.0.7 vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value YeahRightFLVPNTunnel_splitTunnelAcl default-domain value yeahright.com tunnel-group YeahRightFLVPN type remote-access tunnel-group YeahRightFLVPN general-attributes address-pool VPNPool tunnel-group YeahRightFLVPNTunnel type remote-access tunnel-group YeahRightFLVPNTunnel general-attributes address-pool VPNPool authentication-server-group WinRadius default-group-policy YeahRightFLVPNTunnel tunnel-group YeahRightFLVPNTunnel ipsec-attributes pre-shared-key *

    Read the article

  • Cisco ASA 5505 site to site IPSEC VPN won't route from multiple LANs

    - by franklundy
    Hi I've set up a standard site to site VPN between 2 ASA 5505s (using the wizard in ASDM) and have the VPN working fine for traffic between Site A and Site B on the directly connected LANs. But this VPN is actually to be used for data originating on LAN subnets that are one hop away from the directly connected LANs. So actually there is another router connected to each ASA (LAN side) that then route to two completely different LAN ranges, where the clients and servers reside. At the moment, any traffic that gets to the ASA that has not originated from the directly connected LAN gets sent straight to the default gateway, and not through the VPN. I've tried adding the additional subnets to the "Protected Networks" on the VPN, but that has no effect. I have also tried adding a static route to each ASA trying to point the traffic to the other side, but again this hasn't worked. Here is the config for one of the sites. This works for traffic to/from the 192.168.144.x subnets perfectly. What I need is to be able to route traffic from 10.1.0.0/24 to 10.2.0.0/24 for example. ASA Version 8.0(3) ! hostname Site1 enable password ** encrypted names name 192.168.144.4 Site2 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.144.2 255.255.255.252 ! interface Vlan2 nameif outside security-level 0 ip address 10.78.254.70 255.255.255.252 (this is a private WAN circuit) ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd ** encrypted ftp mode passive access-list inside_access_in extended permit ip any any access-list outside_access_in extended permit icmp any any echo-reply access-list outside_1_cryptomap extended permit ip 192.168.144.0 255.255.255.252 Site2 255.255.255.252 access-list inside_nat0_outbound extended permit ip 192.168.144.0 255.255.255.252 Site2 255.255.255.252 pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-603.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 access-group inside_access_in in interface inside access-group outside_access_in in interface outside route outside 0.0.0.0 0.0.0.0 10.78.254.69 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute dynamic-access-policy-record DfltAccessPolicy aaa authentication ssh console LOCAL http server enable http 0.0.0.0 0.0.0.0 outside http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs crypto map outside_map 1 set peer 10.78.254.66 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 no crypto isakmp nat-traversal telnet timeout 5 ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 console timeout 0 management-access inside threat-detection basic-threat threat-detection statistics port threat-detection statistics protocol threat-detection statistics access-list group-policy DfltGrpPolicy attributes vpn-idle-timeout none username enadmin password * encrypted privilege 15 tunnel-group 10.78.254.66 type ipsec-l2l tunnel-group 10.78.254.66 ipsec-attributes pre-shared-key * ! ! prompt hostname context

    Read the article

  • got VPN l2l connect between a site & HQ but not traffice using ASA5505 on both ends

    - by vinlata
    Hi, Could anyone see what did I do wrong here? this is one configuration of site1 to HQ on ASA5505, I can get connected but seems like no traffic going (allowed) between them, could it be a NAT issue? any helps would much be appreciated Thanks interface Vlan1 nameif inside security-level 100 ip address 172.30.205.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address pppoe setroute ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 shutdown ! interface Ethernet0/3 shutdown ! interface Ethernet0/4 shutdown ! interface Ethernet0/5 shutdown ! interface Ethernet0/6 shutdown ! interface Ethernet0/7 shutdown ! passwd .dIuXDIYzD6RSHz7 encrypted ftp mode passive dns server-group DefaultDNS domain-name errg.net object-group network HQ network-object 172.22.0.0 255.255.0.0 network-object 172.22.0.0 255.255.128.0 network-object 172.22.0.0 255.255.255.128 network-object 172.22.1.0 255.255.255.128 network-object 172.22.1.0 255.255.255.0 access-list inside_access_in extended permit ip any any access-list outside_access_in extended permit icmp any any echo-reply access-list outside_20_cryptomap extended permit ip 172.30.205.0 255.255.255.0 o bject-group HQ access-list inside_nat0_outbound extended permit ip 172.30.205.0 255.255.255.0 o bject-group HQ access-list policy-nat extended permit ip 172.30.205.0 255.255.255.0 172.22.0.0 255.255.0.0 pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 nat-control global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) 172.30.205.0 access-list policy-nat access-group inside_access_in in interface inside access-group outside_access_in in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute username errgadmin password Os98gTdF8BZ0X2Px encrypted privilege 15 http server enable http 64.42.2.224 255.255.255.240 outside http 172.22.0.0 255.255.0.0 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto map outside_map 190 match address outside_20_cryptomap crypto map outside_map 190 set pfs crypto map outside_map 190 set peer 66.7.249.109 crypto map outside_map 190 set transform-set ESP-3DES-SHA crypto map outside_map 190 set phase1-mode aggressive crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 30 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp policy 65535 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 crypto isakmp nat-traversal 190 crypto isakmp ipsec-over-tcp port 10000 tunnel-group 66.7.249.109 type ipsec-l2l tunnel-group 66.7.249.109 ipsec-attributes pre-shared-key * telnet timeout 5 ssh 172.30.205.0 255.255.255.0 inside ssh 172.22.0.0 255.255.0.0 outside ssh 64.42.2.224 255.255.255.240 outside ssh 172.25.0.0 255.255.128.0 outside ssh timeout 5 console timeout 0 management-access inside vpdn group PPPoEx request dialout pppoe vpdn group PPPoEx localname [email protected] vpdn group PPPoEx ppp authentication pap vpdn username [email protected] password ********* dhcpd address 172.30.205.100-172.30.205.131 inside dhcpd dns 172.22.0.133 68.94.156.1 interface inside dhcpd wins 172.22.0.133 interface inside dhcpd domain errg.net interface inside dhcpd enable inside ! ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! end

    Read the article

  • NSOperationQueue bug with dependencies

    - by Daniel
    I am using NSOperation and NSOperationQueue for performing a sequence of operations, all dependent on each other (2 on 1, 3 on 2, etc...). I set the dependency after I create the operations. I am encountering problems when the queue completes: the program crashes in the _release part of the code, apparently when the NSOperations are getting released. Note that they all get released at the end by the queue, because it is only after the very last one which depends on the second last one, which depends on etc... that they can be released. If I remove any dependency, the code runs fine. If I change waitUntilFinished: to NO, it crashes, if it is YES, it does not. I have isolated the problem to the following code which does not use any of my custom classes. NSOperation by default is a class that does absolutely nothing. Yet, this still crashes when all operations have completed. Therefore, it appears I am not using NSOperationQueue properly but can't see what is wrong. I am running on 10.9 and I have noticed that in general Maverick 10.9 is much more sensitive to these issues than 10.8. I call this method from the main Thread with a Menu item: - (void) testOperations:(id)object { NSOperationQueue* queue = [ [ NSOperationQueue alloc ] init ]; NSMutableArray* array = [ NSMutableArray array ]; for ( int i = 0; i < 10000; i++) [ array addObject: [[[ NSOperation alloc ] init ] autorelease ] ]; for ( int i = 1; i < [ array count ]; i++) [[ array objectAtIndex:i ] addDependency:[array objectAtIndex:i-1]]; // remove this and no crash [ queue addOperations: array waitUntilFinished:NO ]; // Change to YES, no crash [ queue autorelease ]; // or release, it does not make a difference, in fact leaking the memory makes no difference: the code crashes when the queue is removing the NSOperations } This will crash every single time with: bool objc::DenseMapBase , objc_object*, unsigned long, objc::DenseMapInfo, true: (EXC_BAD_ACCESS) The full stack is: #0 0x9104d81b in objc::DenseMapBase<objc::DenseMap<objc_object*, unsigned long, true, objc::DenseMapInfo<objc_object*> >, objc_object*, unsigned long, objc::DenseMapInfo<objc_object*>, true>::find(objc_object* const&) () #1 0x910384e3 in _objc_rootReleaseWasZero () #2 0x9104d5d9 in -[NSObject release] () #3 0x99e41224 in CFRelease () #4 0x99e56277 in -[__NSArrayM dealloc] () #5 0x9104d5ef in -[NSObject release] () #6 0x97f62b22 in -[__NSOperationInternal dealloc] () #7 0x9104d5ef in -[NSObject release] () #8 0x97f62ac8 in -[NSOperation dealloc] () #9 0x9104d5ef in -[NSObject release] () #10 0x99e41224 in CFRelease () #11 0x99e56277 in -[__NSArrayM dealloc] () #12 0x9104d5ef in -[NSObject release] () #13 0x97f62b22 in -[__NSOperationInternal dealloc] () #14 0x9104d5ef in -[NSObject release] () #15 0x97f62ac8 in -[NSOperation dealloc] () #16 0x9104d5ef in -[NSObject release] () #17 0x99e41224 in CFRelease () #18 0x99e56277 in -[__NSArrayM dealloc] () #19 0x9104d5ef in -[NSObject release] () #20 0x97f62b22 in -[__NSOperationInternal dealloc] () #21 0x9104d5ef in -[NSObject release] () #22 0x97f62ac8 in -[NSOperation dealloc] () #23 0x9104d5ef in -[NSObject release] () #24 0x99e41224 in CFRelease () #25 0x99e56277 in -[__NSArrayM dealloc] () #26 0x9104d5ef in -[NSObject release] () #27 0x97f62b22 in -[__NSOperationInternal dealloc] () #28 0x9104d5ef in -[NSObject release] () #29 0x97f62ac8 in -[NSOperation dealloc] () #30 0x9104d5ef in -[NSObject release] () #31 0x99e41224 in CFRelease () #32 0x99e56277 in -[__NSArrayM dealloc] () #33 0x9104d5ef in -[NSObject release] () #34 0x97f62b22 in -[__NSOperationInternal dealloc] () #35 0x9104d5ef in -[NSObject release] () #36 0x97f62ac8 in -[NSOperation dealloc] () #37 0x9104d5ef in -[NSObject release] () #38 0x99e41224 in CFRelease () #39 0x99e56277 in -[__NSArrayM dealloc] () #40 0x9104d5ef in -[NSObject release] () #41 0x97f62b22 in -[__NSOperationInternal dealloc] () #42 0x9104d5ef in -[NSObject release] () #43 0x97f62ac8 in -[NSOperation dealloc] () #44 0x9104d5ef in -[NSObject release] () #45 0x99e41224 in CFRelease () #46 0x99e56277 in -[__NSArrayM dealloc] () #47 0x9104d5ef in -[NSObject release] () #48 0x97f62b22 in -[__NSOperationInternal dealloc] () #49 0x9104d5ef in -[NSObject release] () #50 0x97f62ac8 in -[NSOperation dealloc] () #10722 0x9104d5ef in -[NSObject release] () #10723 0x97f62b22 in -[__NSOperationInternal dealloc] () #10724 0x9104d5ef in -[NSObject release] () #10725 0x97f62ac8 in -[NSOperation dealloc] () #10726 0x9104d5ef in -[NSObject release] () #10727 0x99e41224 in CFRelease () #10728 0x99e56277 in -[__NSArrayM dealloc] () #10729 0x9104d5ef in -[NSObject release] () #10730 0x97f62b22 in -[__NSOperationInternal dealloc] () #10731 0x9104d5ef in -[NSObject release] () #10732 0x97f62ac8 in -[NSOperation dealloc] () #10733 0x9104d5ef in -[NSObject release] () #10734 0x99e41224 in CFRelease () #10735 0x99e56277 in -[__NSArrayM dealloc] () #10736 0x9104d5ef in -[NSObject release] () #10737 0x97f62b22 in -[__NSOperationInternal dealloc] () #10738 0x9104d5ef in -[NSObject release] () #10739 0x97f62ac8 in -[NSOperation dealloc] () #10740 0x9104d5ef in -[NSObject release] () #10741 0x99e41224 in CFRelease () #10742 0x99e56277 in -[__NSArrayM dealloc] () #10743 0x9104d5ef in -[NSObject release] () #10744 0x97f62b22 in -[__NSOperationInternal dealloc] () #10745 0x9104d5ef in -[NSObject release] () #10746 0x97f62ac8 in -[NSOperation dealloc] () #10747 0x9104d5ef in -[NSObject release] () #10748 0x99e41224 in CFRelease () #10749 0x99e56277 in -[__NSArrayM dealloc] () #10750 0x9104d5ef in -[NSObject release] () #10751 0x97f62b22 in -[__NSOperationInternal dealloc] () #10752 0x9104d5ef in -[NSObject release] () #10753 0x97f62ac8 in -[NSOperation dealloc] () #10754 0x9104d5ef in -[NSObject release] () #10755 0x99e41224 in CFRelease () #10756 0x99e56277 in -[__NSArrayM dealloc] () #10757 0x9104d5ef in -[NSObject release] () #10758 0x97f62b22 in -[__NSOperationInternal dealloc] () #10759 0x9104d5ef in -[NSObject release] () #10760 0x97f62ac8 in -[NSOperation dealloc] () #10761 0x9104d5ef in -[NSObject release] () #10762 0x99e41224 in CFRelease () #10763 0x99e56277 in -[__NSArrayM dealloc] () #10764 0x9104d5ef in -[NSObject release] () #10765 0x97f62b22 in -[__NSOperationInternal dealloc] () #10766 0x9104d5ef in -[NSObject release] () #10767 0x97f62ac8 in -[NSOperation dealloc] () #10768 0x9104d5ef in -[NSObject release] () #10769 0x99e41224 in CFRelease () #10770 0x99e56277 in -[__NSArrayM dealloc] () #10771 0x9104d5ef in -[NSObject release] () #10772 0x97f62b22 in -[__NSOperationInternal dealloc] () #10773 0x9104d5ef in -[NSObject release] () #10774 0x97f62ac8 in -[NSOperation dealloc] () #10775 0x9104d5ef in -[NSObject release] () #10776 0x99e41224 in CFRelease () #10777 0x99e56277 in -[__NSArrayM dealloc] () #10778 0x9104d5ef in -[NSObject release] () #10779 0x97f62b22 in -[__NSOperationInternal dealloc] () #10780 0x9104d5ef in -[NSObject release] () #10781 0x97f62ac8 in -[NSOperation dealloc] () #10782 0x9104d5ef in -[NSObject release] () #10783 0x99e41224 in CFRelease () #10784 0x99e56277 in -[__NSArrayM dealloc] () #10785 0x9104d5ef in -[NSObject release] () #10786 0x97f62b22 in -[__NSOperationInternal dealloc] () #10787 0x9104d5ef in -[NSObject release] () #10788 0x97f62ac8 in -[NSOperation dealloc] () #10789 0x9104d5ef in -[NSObject release] () #10790 0x99e41224 in CFRelease () #10791 0x99e56277 in -[__NSArrayM dealloc] () #10792 0x9104d5ef in -[NSObject release] () #10793 0x97f62b22 in -[__NSOperationInternal dealloc] () #10794 0x9104d5ef in -[NSObject release] () #10795 0x97f62ac8 in -[NSOperation dealloc] () #10796 0x9104d5ef in -[NSObject release] () #10797 0x99e41224 in CFRelease () #10798 0x99e56277 in -[__NSArrayM dealloc] () #10799 0x9104d5ef in -[NSObject release] () #10800 0x97f62b22 in -[__NSOperationInternal dealloc] () #10801 0x9104d5ef in -[NSObject release] () #10802 0x97f62ac8 in -[NSOperation dealloc] () #10803 0x9104d5ef in -[NSObject release] () #10804 0x99e41224 in CFRelease () #10805 0x99e56277 in -[__NSArrayM dealloc] () #10806 0x9104d5ef in -[NSObject release] () #10807 0x97f62b22 in -[__NSOperationInternal dealloc] () #10808 0x9104d5ef in -[NSObject release] () #10809 0x97f62ac8 in -[NSOperation dealloc] () #10810 0x9104d5ef in -[NSObject release] () #10811 0x99e41224 in CFRelease () #10812 0x99e56277 in -[__NSArrayM dealloc] () #10813 0x9104d5ef in -[NSObject release] () #10814 0x97f62b22 in -[__NSOperationInternal dealloc] () #10815 0x9104d5ef in -[NSObject release] () #10816 0x97f62ac8 in -[NSOperation dealloc] () #10817 0x9104d5ef in -[NSObject release] () #10818 0x99e41224 in CFRelease () #10819 0x99e56277 in -[__NSArrayM dealloc] () #10820 0x9104d5ef in -[NSObject release] () #10821 0x97f62b22 in -[__NSOperationInternal dealloc] () #10822 0x9104d5ef in -[NSObject release] () #10823 0x97f62ac8 in -[NSOperation dealloc] () #10824 0x9104d5ef in -[NSObject release] () #10825 0x99e41224 in CFRelease () #10826 0x99e56277 in -[__NSArrayM dealloc] () #10827 0x9104d5ef in -[NSObject release] () #10828 0x97f62b22 in -[__NSOperationInternal dealloc] () #10829 0x9104d5ef in -[NSObject release] () #10830 0x97f62ac8 in -[NSOperation dealloc] () #10831 0x9104d5ef in -[NSObject release] () #10832 0x99e41224 in CFRelease () #10833 0x99e56277 in -[__NSArrayM dealloc] () #10834 0x9104d5ef in -[NSObject release] () #10835 0x97f62b22 in -[__NSOperationInternal dealloc] () #10836 0x9104d5ef in -[NSObject release] () #10837 0x97f62ac8 in -[NSOperation dealloc] () #10838 0x9104d5ef in -[NSObject release] () #10839 0x99e41224 in CFRelease () #10840 0x99e56277 in -[__NSArrayM dealloc] () #10841 0x9104d5ef in -[NSObject release] () #10842 0x97f62b22 in -[__NSOperationInternal dealloc] () #10843 0x9104d5ef in -[NSObject release] () #10844 0x97f62ac8 in -[NSOperation dealloc] () #10845 0x9104d5ef in -[NSObject release] () #10846 0x99e41224 in CFRelease () #10847 0x99e56277 in -[__NSArrayM dealloc] () #10848 0x9104d5ef in -[NSObject release] () #10849 0x97f62b22 in -[__NSOperationInternal dealloc] () #10850 0x9104d5ef in -[NSObject release] () #10851 0x97f62ac8 in -[NSOperation dealloc] () #10852 0x9104d5ef in -[NSObject release] () #10853 0x99e41224 in CFRelease () #10854 0x99e56277 in -[__NSArrayM dealloc] () #10855 0x9104d5ef in -[NSObject release] () #10856 0x97f62b22 in -[__NSOperationInternal dealloc] () #10857 0x9104d5ef in -[NSObject release] () #10858 0x97f62ac8 in -[NSOperation dealloc] () #10859 0x9104d5ef in -[NSObject release] () #10860 0x99e41224 in CFRelease () #10861 0x99e56277 in -[__NSArrayM dealloc] () #10862 0x9104d5ef in -[NSObject release] () #10863 0x97f62b22 in -[__NSOperationInternal dealloc] () #10864 0x9104d5ef in -[NSObject release] () #10865 0x97f62ac8 in -[NSOperation dealloc] () #10866 0x9104d5ef in -[NSObject release] () #10867 0x99e41224 in CFRelease () #10868 0x99e56277 in -[__NSArrayM dealloc] () #10869 0x9104d5ef in -[NSObject release] () #10870 0x97f62b22 in -[__NSOperationInternal dealloc] () #10871 0x9104d5ef in -[NSObject release] () #10872 0x97f62ac8 in -[NSOperation dealloc] () #10873 0x9104d5ef in -[NSObject release] () #10874 0x99e41224 in CFRelease () #10875 0x99e56277 in -[__NSArrayM dealloc] () #10876 0x9104d5ef in -[NSObject release] () #10877 0x97f62b22 in -[__NSOperationInternal dealloc] () #10878 0x9104d5ef in -[NSObject release] () #10879 0x97f62ac8 in -[NSOperation dealloc] () #10880 0x9104d5ef in -[NSObject release] () #10881 0x99e41224 in CFRelease () #10882 0x99e56277 in -[__NSArrayM dealloc] () #10883 0x9104d5ef in -[NSObject release] () #10884 0x97f62b22 in -[__NSOperationInternal dealloc] () #10885 0x9104d5ef in -[NSObject release] () #10886 0x97f62ac8 in -[NSOperation dealloc] () #10887 0x9104d5ef in -[NSObject release] () #10888 0x99e41224 in CFRelease () #10889 0x99e56277 in -[__NSArrayM dealloc] () #10890 0x9104d5ef in -[NSObject release] () #10891 0x97f62b22 in -[__NSOperationInternal dealloc] () #10892 0x9104d5ef in -[NSObject release] () #10893 0x97f62ac8 in -[NSOperation dealloc] () #10894 0x9104d5ef in -[NSObject release] () #10895 0x99e41224 in CFRelease () #10896 0x99e56277 in -[__NSArrayM dealloc] () #10897 0x9104d5ef in -[NSObject release] () #10898 0x97f62b22 in -[__NSOperationInternal dealloc] () #10899 0x9104d5ef in -[NSObject release] () #10900 0x97f62ac8 in -[NSOperation dealloc] () #10901 0x9104d5ef in -[NSObject release] () #10902 0x99e41224 in CFRelease () #10903 0x99e56277 in -[__NSArrayM dealloc] () #10904 0x9104d5ef in -[NSObject release] () #10905 0x97f62b22 in -[__NSOperationInternal dealloc] () #10906 0x9104d5ef in -[NSObject release] () #10907 0x97f62ac8 in -[NSOperation dealloc] () #10908 0x9104d5ef in -[NSObject release] () #10909 0x99e41224 in CFRelease () #10910 0x99e56277 in -[__NSArrayM dealloc] () #10911 0x9104d5ef in -[NSObject release] () #10912 0x97f62b22 in -[__NSOperationInternal dealloc] () #10913 0x9104d5ef in -[NSObject release] () #10914 0x97f62ac8 in -[NSOperation dealloc] () #10915 0x9104d5ef in -[NSObject release] () #10916 0x97f49cca in __NSOQSchedule_f () #10917 0x9c1c9e21 in _dispatch_async_redirect_invoke () #10918 0x9c1c53a6 in _dispatch_client_callout () #10919 0x9c1c7467 in _dispatch_root_queue_drain () #10920 0x9c1c8732 in _dispatch_worker_thread2 () #10921 0x960c2dab in _pthread_wqthread () The full crash context is (bold for crash line): libobjc.A.dylib`objc::DenseMapBase<objc::DenseMap<objc_object*, unsigned long, true, objc::DenseMapInfo<objc_object*> >, objc_object*, unsigned long, objc::DenseMapInfo<objc_object*>, true>::find(objc_object* const&): 0x9104d800: pushl %ebp 0x9104d801: movl %esp, %ebp 0x9104d803: pushl %esi 0x9104d804: subl $20, %esp 0x9104d807: leal -8(%ebp), %eax 0x9104d80a: movl %eax, 8(%esp) 0x9104d80e: movl 16(%ebp), %eax 0x9104d811: movl %eax, 4(%esp) 0x9104d815: movl 12(%ebp), %esi 0x9104d818: movl %esi, (%esp) **0x9104d81b: calll 0x9104d9b6 ; bool objc::DenseMapBase<objc::DenseMap<objc_object*, unsigned long, true, objc::DenseMapInfo<objc_object*> >, objc_object*, unsigned long, objc::DenseMapInfo<objc_object*>, true>::LookupBucketFor<objc_object*>(objc_object* const&, std::__1::pair<objc_object*, unsigned long> const*&) const** 0x9104d820: movl 12(%esi), %ecx 0x9104d823: shll $3, %ecx 0x9104d826: addl (%esi), %ecx 0x9104d828: movl 8(%ebp), %edx 0x9104d82b: testb %al, %al 0x9104d82d: je 0x9104d836 ; objc::DenseMapBase<objc::DenseMap<objc_object*, unsigned long, true, objc::DenseMapInfo<objc_object*> >, objc_object*, unsigned long, objc::DenseMapInfo<objc_object*>, true>::find(objc_object* const&) + 54 0x9104d82f: movl -8(%ebp), %eax 0x9104d832: movl %eax, (%edx) 0x9104d834: jmp 0x9104d838 ; objc::DenseMapBase<objc::DenseMap<objc_object*, unsigned long, true, objc::DenseMapInfo<objc_object*> >, objc_object*, unsigned long, objc::DenseMapInfo<objc_object*>, true>::find(objc_object* const&) + 56 0x9104d836: movl %ecx, (%edx) 0x9104d838: movl %ecx, 4(%edx) 0x9104d83b: addl $20, %esp 0x9104d83e: popl %esi 0x9104d83f: popl %ebp 0x9104d840: ret $4 0x9104d843: nop I tried using a pre-created queue, this makes no difference. Apparently, with dependencies, this code is a problem with XCode 5.0, 32-bit. Edit: In fact, I can isolate the problem much further. An empty Cocoa Application project in XCOde 5.0 on 10.9 with ARC on and a single method will crash. If it does not on your computer, increase 4269 to anything bigger: - (void)applicationDidFinishLaunching:(NSNotification *)aNotification { NSOperationQueue* aQueue = [[ NSOperationQueue alloc ] init ]; NSMutableArray* array = [ NSMutableArray array ]; for ( int i = 0; i < 4269; i++) [ array addObject: [ [NSOperation alloc ] init ]]; for ( int i = 1; i < [ array count ]; i++) [[ array objectAtIndex:i ] addDependency:[array objectAtIndex:i-1]]; [ aQueue addOperations: array waitUntilFinished:NO ]; }

    Read the article

  • Cisco ASA 5505 - L2TP over IPsec

    - by xraminx
    I have followed this document on cisco site to set up the L2TP over IPsec connection. When I try to establish a VPN to ASA 5505 from my Windows XP, after I click on "connect" button, the "Connecting ...." dialog box appears and after a while I get this error message: Error 800: Unable to establish VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection. ASA version 7.2(4) ASDM version 5.2(4) Windows XP SP3 Windows XP and ASA 5505 are on the same LAN for test purposes. Edit 1: There are two VLANs defined on the cisco device (the standard setup on cisco ASA5505). - port 0 is on VLAN2, outside; - and ports 1 to 7 on VLAN1, inside. I run a cable from my linksys home router (10.50.10.1) to the cisco ASA5505 router on port 0 (outside). Port 0 have IP 192.168.1.1 used internally by cisco and I have also assigned the external IP 10.50.10.206 to port 0 (outside). I run a cable from Windows XP to Cisco router on port 1 (inside). Port 1 is assigned an IP from Cisco router 192.168.1.2. The Windows XP is also connected to my linksys home router via wireless (10.50.10.141). Edit 2: When I try to establish vpn, the Cisco device real time Log viewer shows 7 entries like this: Severity:5 Date:Sep 15 2009 Time: 14:51:29 SyslogID: 713904 Destination IP = 10.50.10.141, Decription: No crypto map bound to interface... dropping pkt Edit 3: This is the setup on the router right now. Result of the command: "show run" : Saved : ASA Version 7.2(4) ! hostname ciscoasa domain-name default.domain.invalid enable password HGFHGFGHFHGHGFHGF encrypted passwd NMMNMNMNMNMNMN encrypted names name 192.168.1.200 WebServer1 name 10.50.10.206 external-ip-address ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address external-ip-address 255.0.0.0 ! interface Vlan3 no nameif security-level 50 no ip address ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive dns server-group DefaultDNS domain-name default.domain.invalid object-group service l2tp udp port-object eq 1701 access-list outside_access_in remark Allow incoming tcp/http access-list outside_access_in extended permit tcp any host WebServer1 eq www access-list outside_access_in extended permit udp any any eq 1701 access-list inside_nat0_outbound extended permit ip any 192.168.1.208 255.255.255.240 access-list inside_cryptomap_1 extended permit ip interface outside interface inside pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 ip local pool PPTP-VPN 192.168.1.210-192.168.1.220 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-524.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface www WebServer1 www netmask 255.255.255.255 access-group outside_access_in in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport crypto map outside_map 1 match address inside_cryptomap_1 crypto map outside_map 1 set transform-set TRANS_ESP_3DES_MD5 crypto map outside_map interface inside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.2-192.168.1.33 inside dhcpd enable inside ! group-policy DefaultRAGroup internal group-policy DefaultRAGroup attributes dns-server value 192.168.1.1 vpn-tunnel-protocol IPSec l2tp-ipsec username myusername password FGHFGHFHGFHGFGFHF nt-encrypted tunnel-group DefaultRAGroup general-attributes address-pool PPTP-VPN default-group-policy DefaultRAGroup tunnel-group DefaultRAGroup ipsec-attributes pre-shared-key * tunnel-group DefaultRAGroup ppp-attributes no authentication chap authentication ms-chap-v2 ! ! prompt hostname context Cryptochecksum:a9331e84064f27e6220a8667bf5076c1 : end

    Read the article

  • Setting up a VPN connection to Amazon VPC - routing

    - by Keeno
    I am having some real issues setting up a VPN between out office and AWS VPC. The "tunnels" appear to be up, however I don't know if they are configured correctly. The device I am using is a Netgear VPN Firewall - FVS336GV2 If you see in the attached config downloaded from VPC (#3 Tunnel Interface Configuration), it gives me some "inside" addresses for the tunnel. When setting up the IPsec tunnels do I use the inside tunnel IP's (e.g. 169.254.254.2/30) or do I use my internal network subnet (10.1.1.0/24) I have tried both, when I tried the local network (10.1.1.x) the tracert stops at the router. When I tried with the "inside" ips, the tracert to the amazon VPC (10.0.0.x) goes out over the internet. this all leads me to the next question, for this router, how do I set up stage #4, the static next hop? What are these seemingly random "inside" addresses and where did amazon generate them from? 169.254.254.x seems odd? With a device like this, is the VPN behind the firewall? I have tweaked any IP addresses below so that they are not "real". I am fully aware, this is probably badly worded. Please if there is any further info/screenshots that will help, let me know. Amazon Web Services Virtual Private Cloud IPSec Tunnel #1 ================================================================================ #1: Internet Key Exchange Configuration Configure the IKE SA as follows - Authentication Method : Pre-Shared Key - Pre-Shared Key : --- - Authentication Algorithm : sha1 - Encryption Algorithm : aes-128-cbc - Lifetime : 28800 seconds - Phase 1 Negotiation Mode : main - Perfect Forward Secrecy : Diffie-Hellman Group 2 #2: IPSec Configuration Configure the IPSec SA as follows: - Protocol : esp - Authentication Algorithm : hmac-sha1-96 - Encryption Algorithm : aes-128-cbc - Lifetime : 3600 seconds - Mode : tunnel - Perfect Forward Secrecy : Diffie-Hellman Group 2 IPSec Dead Peer Detection (DPD) will be enabled on the AWS Endpoint. We recommend configuring DPD on your endpoint as follows: - DPD Interval : 10 - DPD Retries : 3 IPSec ESP (Encapsulating Security Payload) inserts additional headers to transmit packets. These headers require additional space, which reduces the amount of space available to transmit application data. To limit the impact of this behavior, we recommend the following configuration on your Customer Gateway: - TCP MSS Adjustment : 1387 bytes - Clear Don't Fragment Bit : enabled - Fragmentation : Before encryption #3: Tunnel Interface Configuration Your Customer Gateway must be configured with a tunnel interface that is associated with the IPSec tunnel. All traffic transmitted to the tunnel interface is encrypted and transmitted to the Virtual Private Gateway. The Customer Gateway and Virtual Private Gateway each have two addresses that relate to this IPSec tunnel. Each contains an outside address, upon which encrypted traffic is exchanged. Each also contain an inside address associated with the tunnel interface. The Customer Gateway outside IP address was provided when the Customer Gateway was created. Changing the IP address requires the creation of a new Customer Gateway. The Customer Gateway inside IP address should be configured on your tunnel interface. Outside IP Addresses: - Customer Gateway : 217.33.22.33 - Virtual Private Gateway : 87.222.33.42 Inside IP Addresses - Customer Gateway : 169.254.254.2/30 - Virtual Private Gateway : 169.254.254.1/30 Configure your tunnel to fragment at the optimal size: - Tunnel interface MTU : 1436 bytes #4: Static Routing Configuration: To route traffic between your internal network and your VPC, you will need a static route added to your router. Static Route Configuration Options: - Next hop : 169.254.254.1 You should add static routes towards your internal network on the VGW. The VGW will then send traffic towards your internal network over the tunnels. IPSec Tunnel #2 ================================================================================ #1: Internet Key Exchange Configuration Configure the IKE SA as follows - Authentication Method : Pre-Shared Key - Pre-Shared Key : --- - Authentication Algorithm : sha1 - Encryption Algorithm : aes-128-cbc - Lifetime : 28800 seconds - Phase 1 Negotiation Mode : main - Perfect Forward Secrecy : Diffie-Hellman Group 2 #2: IPSec Configuration Configure the IPSec SA as follows: - Protocol : esp - Authentication Algorithm : hmac-sha1-96 - Encryption Algorithm : aes-128-cbc - Lifetime : 3600 seconds - Mode : tunnel - Perfect Forward Secrecy : Diffie-Hellman Group 2 IPSec Dead Peer Detection (DPD) will be enabled on the AWS Endpoint. We recommend configuring DPD on your endpoint as follows: - DPD Interval : 10 - DPD Retries : 3 IPSec ESP (Encapsulating Security Payload) inserts additional headers to transmit packets. These headers require additional space, which reduces the amount of space available to transmit application data. To limit the impact of this behavior, we recommend the following configuration on your Customer Gateway: - TCP MSS Adjustment : 1387 bytes - Clear Don't Fragment Bit : enabled - Fragmentation : Before encryption #3: Tunnel Interface Configuration Outside IP Addresses: - Customer Gateway : 217.33.22.33 - Virtual Private Gateway : 87.222.33.46 Inside IP Addresses - Customer Gateway : 169.254.254.6/30 - Virtual Private Gateway : 169.254.254.5/30 Configure your tunnel to fragment at the optimal size: - Tunnel interface MTU : 1436 bytes #4: Static Routing Configuration: Static Route Configuration Options: - Next hop : 169.254.254.5 You should add static routes towards your internal network on the VGW. The VGW will then send traffic towards your internal network over the tunnels. EDIT #1 After writing this post, I continued to fiddle and something started to work, just not very reliably. The local IPs to use when setting up the tunnels where indeed my network subnets. Which further confuses me over what these "inside" IP addresses are for. The problem is, results are not consistent what so ever. I can "sometimes" ping, I can "sometimes" RDP using the VPN. Sometimes, Tunnel 1 or Tunnel 2 can be up or down. When I came back into work today, Tunnel 1 was down, so I deleted it and re-created it from scratch. Now I cant ping anything, but Amazon AND the router are telling me tunnel 1/2 are fine. I guess the router/vpn hardware I have just isnt up to the job..... EDIT #2 Now Tunnel 1 is up, Tunnel 2 is down (I didn't change any settings) and I can ping/rdp again. EDIT #3 Screenshot of route table that the router has built up. Current state (tunnel 1 still up and going string, 2 is still down and wont re-connect)

    Read the article

  • How do I send traffic from my Mac's wifi to my VPN client?

    - by Heath Borders
    I need to connect my Android to a Juniper VPN. Unfortunately, Juniper doesn't support Android on our VPN version. We've already put in a feature request for it, but we have no idea how long it will take to be complete. Right now, I connect to the Juniper VPN with a Juniper Mac OSX VPN client that uses Java to install kernel extensions to start and stop the VPN. Thus, I can't use the Network panel in System Preferences to create a VPN device, which means it won't show up in the 'Sharing' panel's Internet Sharing Share your connection from: menu, as suggested here. I used newproc.d to see what /usr/libexec/InternetSharing did when it ran, and it runs the following processes: 2013 Nov 1 00:26:54 5565 <1> 64b /usr/libexec/launchdadd 2013 Nov 1 00:26:55 5566 <1> 64b /usr/libexec/InternetSharing 2013 Nov 1 00:26:56 5568 <5566> 64b natpmpd -d -y bridge100 en0 2013 Nov 1 00:26:56 5569 <1> 64b /usr/libexec/pfd -d 2013 Nov 1 00:26:56 5567 <5566> 64b bootpd -d -P My Juniper VPN client creates the following devices (output of ifconfig): jnc0: flags=841<UP,RUNNING,SIMPLEX> mtu 1400 inet 10.61.9.61 netmask 0xffffffff open (pid 920) jnc1: flags=841<UP,RUNNING,SIMPLEX> mtu 1450 closed So, it seems like I should just be able to do this and have everything work: sudo killall -9 natpmpd sudo /usr/libexec/natpmpd -y bridge100 jnc0 My android connected fine and could hit public internet sites, but it couldn't hit private VPN sites. I assume this is because I need to change the routes that /usr/libexec/InternetSharing sets up. This is the output from sudo pfctl -s all before starting Internet Sharing: No ALTQ support in kernel ALTQ related functions disabled TRANSLATION RULES: nat-anchor "com.apple/*" all rdr-anchor "com.apple/*" all FILTER RULES: scrub-anchor "com.apple/*" all fragment reassemble anchor "com.apple/*" all DUMMYNET RULES: dummynet-anchor "com.apple/*" all INFO: Status: Disabled for 0 days 00:11:02 Debug: Urgent State Table Total Rate current entries 0 searches 22875 34.6/s inserts 1558 2.4/s removals 1558 2.4/s Counters match 2005 3.0/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 12 0.0/s proto-cksum 0 0.0/s state-mismatch 1 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s dummynet 0 0.0/s TIMEOUTS: tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 60s udp.first 60s udp.single 30s udp.multiple 120s icmp.first 20s icmp.error 10s grev1.first 120s grev1.initiating 30s grev1.estblished 1800s esp.first 120s esp.estblished 900s other.first 60s other.single 30s other.multiple 120s frag 30s interval 10s adaptive.start 6000 states adaptive.end 12000 states src.track 0s LIMITS: states hard limit 10000 app-states hard limit 10000 src-nodes hard limit 10000 frags hard limit 5000 tables hard limit 1000 table-entries hard limit 200000 OS FINGERPRINTS: 696 fingerprints loaded This is the output from sudo pfctl -s all after starting Internet Sharing: No ALTQ support in kernel ALTQ related functions disabled TRANSLATION RULES: nat-anchor "com.apple/*" all nat-anchor "com.apple.internet-sharing" all rdr-anchor "com.apple/*" all rdr-anchor "com.apple.internet-sharing" all FILTER RULES: scrub-anchor "com.apple/*" all fragment reassemble scrub-anchor "com.apple.internet-sharing" all fragment reassemble anchor "com.apple/*" all anchor "com.apple.internet-sharing" all DUMMYNET RULES: dummynet-anchor "com.apple/*" all STATES: ALL tcp 10.0.1.32:50593 -> 74.125.225.113:443 SYN_SENT:CLOSED ALL udp 10.0.1.32:61534 -> 10.0.1.1:53 SINGLE:NO_TRAFFIC ALL udp 10.0.1.32:55433 -> 10.0.1.1:53 SINGLE:NO_TRAFFIC ALL udp 10.0.1.32:64041 -> 10.0.1.1:53 SINGLE:NO_TRAFFIC ALL tcp 10.0.1.32:50619 -> 74.125.225.131:443 SYN_SENT:CLOSED INFO: Status: Enabled for 0 days 00:00:01 Debug: Urgent State Table Total Rate current entries 5 searches 22886 22886.0/s inserts 1563 1563.0/s removals 1558 1558.0/s Counters match 2010 2010.0/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 12 12.0/s proto-cksum 0 0.0/s state-mismatch 1 1.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s dummynet 0 0.0/s TIMEOUTS: tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 60s udp.first 60s udp.single 30s udp.multiple 120s icmp.first 20s icmp.error 10s grev1.first 120s grev1.initiating 30s grev1.estblished 1800s esp.first 120s esp.estblished 900s other.first 60s other.single 30s other.multiple 120s frag 30s interval 10s adaptive.start 6000 states adaptive.end 12000 states src.track 0s LIMITS: states hard limit 10000 app-states hard limit 10000 src-nodes hard limit 10000 frags hard limit 5000 tables hard limit 1000 table-entries hard limit 200000 TABLES: OS FINGERPRINTS: 696 fingerprints loaded It looks like I need to change the pf settings that /usr/libexec/InternetSharing set up, but I have no idea how to do that.

    Read the article

  • IPSEC site-to-site Openswan to Cisco ASA

    - by Jim
    I recieved a list of commands that were run on the right side of the VPN tunnel which is where the Cisco ASA resides. On my side, I have a linux based firewall running debian with openswan installed. I am having an issue with getting to Phase 2 of the VPN negotiation. Here is the Cisco Information I was sent: {my_public_ip} = left side of connection tunnel-group {my_public_ip} type ipsec-l2l tunnel-group {my_public_ip} ipsec-attributes pre-shared-key fakefake crypto map vpn1 1 match add customer-ipsec crypto map vpn1 1 set peer {my_public_ip} crypto map vpn1 1 set transform-set aes-256-sha crypto map vpn1 interface outside static (outside,inside) 10.2.1.200 {my_public_ip} netmask 255.255.255.255 crypto ipsec transform-set aes-256-sha esp-aes-256 esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map vpn1 1 match address customer-ipsec crypto map vpn1 1 set peer {my_public_ip} crypto map vpn1 1 set transform-set aes-256-sha crypto map vpn1 interface outside crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption aes-256 hash sha group 2 lifetime 86400 Myside ipsec.conf config setup klipsdebug=none plutodebug=none protostack=netkey #nat_traversal=yes conn cisco #name of VPN connection type=tunnel authby=secret #left side (myside) left={myPublicIP} leftsubnet=172.16.250.0/24 #net subnet on left sdie to assign to right side leftnexthop=%defaultroute #right security gateway (ASA side) right={CiscoASA_publicIP} #cisco ASA rightsubnet=10.2.1.0/24 rightnexthop=%defaultroute #crypo stuff keyexchange=ike ikelifetime=86400s auth=esp pfs=no compress=no auto=start ipsec.secrets file {CiscoASA_publicIP} {myPublicIP}: PSK "fakefake" When I start ipsec from the left side/my side I don't recieve any errors, however when I run the ipsec auto --status command: 000 "cisco": 172.16.250.0/24==={left_public_ip}<{left_public_ip}>[+S=C]---{left_public_ip_gateway}...{left_public_ip_gateway}--{right_public_ip}<{right_public_ip}>[+S=C]===10.2.1.0/24; prospective erouted; eroute owner: #0 000 "cisco": myip=unset; hisip=unset; 000 "cisco": ike_life: 86400s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "cisco": policy: PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 24,24; interface: eth0; 000 "cisco": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 000 #2: "cisco":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 10s; nodpd; idle; import:admin initiate 000 #2: pending Phase 2 for "cisco" replacing #0 Now I'm new to setting up an site-to-site IPSEC tunnel so the status informatino I am unsure what it means. All I know is it sits at this "pending Phase 2" and I can't ping the other side, Another question I have is, if I do a route -n, should I see anything relating to this connection? Also, I read a few artilcle where configs contained the interface="ipsec0=eth0", is this an interface that I have to create on the linux debian firewall on my side? Appreciate your time to look at this.

    Read the article

  • Create manual IPSec policy on Window (like spdadd and add on Linux)

    - by hapalibashi
    Hello On Linux it is possible to create an a manual IPSec (no IKE etc) tunnel thus: spdadd 192.168.0.10/32[5066] 192.168.0.11/32[5064] udp -P in ipsec esp/transport//require; add 192.168.0.10 192.168.0.11 esp 2222 -m transport -E des-ede3-cbc "123456789012123456789012" -A hmac-md5 "1234567890123456"; I need to do the same on Windows. I am aware of netsh but I don't think its equivalent, I need to specific the SPI (thats the 2222 above) and this seems impossible. Any ideas or alternatives?! Thanks, Stuart.

    Read the article

  • Creating GPT partitions on EFI raw disk using diskpart

    - by kafka
    I've got a raw, blank GPT disk for use in a UEFI system. I need to create the partitions on it using diskpart. The only tutorial I've found so far is for diskpart.efi, which I believe is slightly different from the command-line diskpart. MS guide to GPT partitions with diskpart.efi Also the guide says to create a MSR of 32MB, but for a disk= 16GB I know it needs to be 128MB. I'm happy doing it with diskpart, just want to be sure I understand the fundamentals. I'm planning on installing, in this order: ESP partition, size 102 MB (create partition esp size=102) MSR partition, size 128 MB (create partition msr size=128) data partition, the remaining space (approx 460GB) Is this the correct thing to do, or is there anything I'm missing?

    Read the article

  • Cisco ASA 5505 - L2TP over IPsec

    - by xraminx
    I have followed this document on cisco site to set up the L2TP over IPsec connection. When I try to establish a VPN to ASA 5505 from my Windows XP, after I click on "connect" button, the "Connecting ...." dialog box appears and after a while I get this error message: Error 800: Unable to establish VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection. ASA version 7.2(4) ASDM version 5.2(4) Windows XP SP3 Windows XP and ASA 5505 are on the same LAN for test purposes. Edit 1: There are two VLANs defined on the cisco device (the standard setup on cisco ASA5505). - port 0 is on VLAN2, outside; - and ports 1 to 7 on VLAN1, inside. I run a cable from my linksys home router (10.50.10.1) to the cisco ASA5505 router on port 0 (outside). Port 0 have IP 192.168.1.1 used internally by cisco and I have also assigned the external IP 10.50.10.206 to port 0 (outside). I run a cable from Windows XP to Cisco router on port 1 (inside). Port 1 is assigned an IP from Cisco router 192.168.1.2. The Windows XP is also connected to my linksys home router via wireless (10.50.10.141). Edit 2: When I try to establish vpn, the Cisco device real time Log viewer shows 7 entries like this: Severity:5 Date:Sep 15 2009 Time: 14:51:29 SyslogID: 713904 Destination IP = 10.50.10.141, Decription: No crypto map bound to interface... dropping pkt Edit 3: This is the setup on the router right now. Result of the command: "show run" : Saved : ASA Version 7.2(4) ! hostname ciscoasa domain-name default.domain.invalid enable password HGFHGFGHFHGHGFHGF encrypted passwd NMMNMNMNMNMNMN encrypted names name 192.168.1.200 WebServer1 name 10.50.10.206 external-ip-address ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address external-ip-address 255.0.0.0 ! interface Vlan3 no nameif security-level 50 no ip address ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive dns server-group DefaultDNS domain-name default.domain.invalid object-group service l2tp udp port-object eq 1701 access-list outside_access_in remark Allow incoming tcp/http access-list outside_access_in extended permit tcp any host WebServer1 eq www access-list outside_access_in extended permit udp any any eq 1701 access-list inside_nat0_outbound extended permit ip any 192.168.1.208 255.255.255.240 access-list inside_cryptomap_1 extended permit ip interface outside interface inside pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 ip local pool PPTP-VPN 192.168.1.210-192.168.1.220 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-524.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) tcp interface www WebServer1 www netmask 255.255.255.255 access-group outside_access_in in interface outside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport crypto map outside_map 1 match address inside_cryptomap_1 crypto map outside_map 1 set transform-set TRANS_ESP_3DES_MD5 crypto map outside_map interface inside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.2-192.168.1.33 inside dhcpd enable inside ! group-policy DefaultRAGroup internal group-policy DefaultRAGroup attributes dns-server value 192.168.1.1 vpn-tunnel-protocol IPSec l2tp-ipsec username myusername password FGHFGHFHGFHGFGFHF nt-encrypted tunnel-group DefaultRAGroup general-attributes address-pool PPTP-VPN default-group-policy DefaultRAGroup tunnel-group DefaultRAGroup ipsec-attributes pre-shared-key * tunnel-group DefaultRAGroup ppp-attributes no authentication chap authentication ms-chap-v2 ! ! prompt hostname context Cryptochecksum:a9331e84064f27e6220a8667bf5076c1 : end

    Read the article

  • What do I do when I get a Linux kernel bug?

    - by raldi
    I just bought a tiny computer called a fit-pc2 which came with a somewhat customized Ubuntu 9.10 installation. uname -a reports: Linux 2.6.31-34-fitpc2 #7 SMP Thu Apr 22 17:43:26 IDT 2010 i686 GNU/Linux It seems that after several hours of running with heavy network load, all networking ceases and I get the following in kern.log: BUG: unable to handle kernel paging request at ff09dfc0 IP: [<c0150300>] kthread_should_stop+0x10/0x20 *pde = 00000000 Oops: 0000 [#1] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb1/idVendor Modules linked in: binfmt_misc ppdev sbc_fitpc2_wdt snd_usb_audio snd_usb_lib i2c_isch sch_gpio snd_seq_dummy snd_hda_intel snd_pcm_oss snd_seq_oss snd_seq_midi snd_rawmidi snd_mixer_oss snd_seq_midi_event snd_seq snd_pcm snd_timer snd_page_alloc snd_seq_device iptable_filter ip_tables x_tables snd_hwdep lpc_sch snd psmouse rt2860sta(C) uvcvideo video pl2303 soundcore mfd_core output videodev v4l1_compat lirc_igorplugusb lirc_dev serio_raw lp parport usbhid r8169 mii iegd_mod drm agpgart Pid: 16, comm: kblockd/1 Tainted: G C (2.6.31-34-fitpc2 #7) SBC-FITPC2 EIP: 0060:[<c0150300>] EFLAGS: 00010246 CPU: 1 EIP is at kthread_should_stop+0x10/0x20 EAX: ff09dfc4 EBX: c180cbac ECX: 0109d000 EDX: f709df98 ESI: f709df98 EDI: c180cba0 EBP: f709dfb8 ESP: f709df90 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 Process kblockd/1 (pid: 16, ti=f709c000 task=f7084b60 task.ti=f709c000) Stack: c014c14d c180cba4 00000000 f7084b60 c0150770 f709dfa4 f709dfa4 f7023ef4 <0> c180cba0 c014c0d0 f709dfe0 c015047c 00000000 00000000 00000000 f709dfcc <0> f709dfcc c0150400 00000000 00000000 00000000 c0103ce7 f7023ef4 00000000 Call Trace: [<c014c14d>] ? worker_thread+0x7d/0xe0 [<c0150770>] ? autoremove_wake_function+0x0/0x40 [<c014c0d0>] ? worker_thread+0x0/0xe0 [<c015047c>] ? kthread+0x7c/0x90 [<c0150400>] ? kthread+0x0/0x90 [<c0103ce7>] ? kernel_thread_helper+0x7/0x10 Code: a6 8b 55 0c 8d 4d e0 89 f8 89 34 24 e8 7a fd ff ff 89 c3 eb 92 90 90 90 90 90 90 55 64 a1 00 80 76 c0 8b 80 70 02 00 00 89 e5 5d <8b> 40 fc c3 8d b6 00 00 00 00 8d bf 00 00 00 00 55 ba d7 86 62 EIP: [<c0150300>] kthread_should_stop+0x10/0x20 SS:ESP 0068:f709df90 CR2: 00000000ff09dfc0 ---[ end trace 06004df70b9cf435 ]--- BUG: unable to handle kernel paging request at ff09dfc8 IP: [<c0521bc8>] _spin_lock_irqsave+0x18/0x30 *pde = 00000000 Oops: 0002 [#2] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb1/idVendor Modules linked in: binfmt_misc ppdev sbc_fitpc2_wdt snd_usb_audio snd_usb_lib i2c_isch sch_gpio snd_seq_dummy snd_hda_intel snd_pcm_oss snd_seq_oss snd_seq_midi snd_rawmidi snd_mixer_oss snd_seq_midi_event snd_seq snd_pcm snd_timer snd_page_alloc snd_seq_device iptable_filter ip_tables x_tables snd_hwdep lpc_sch snd psmouse rt2860sta(C) uvcvideo video pl2303 soundcore mfd_core output videodev v4l1_compat lirc_igorplugusb lirc_dev serio_raw lp parport usbhid r8169 mii iegd_mod drm agpgart Pid: 16, comm: kblockd/1 Tainted: G D C (2.6.31-34-fitpc2 #7) SBC-FITPC2 EIP: 0060:[<c0521bc8>] EFLAGS: 00010086 CPU: 1 EIP is at _spin_lock_irqsave+0x18/0x30 EAX: 00000100 EBX: ff09dfc8 ECX: 00000286 EDX: ff09dfc8 ESI: f7084b60 EDI: ff09dfc4 EBP: f709dd88 ESP: f709dd88 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 Process kblockd/1 (pid: 16, ti=f709c000 task=f7084b60 task.ti=f709c000) Stack: f709dda4 c0127c0b 00000082 00000001 ff09dfc4 f7084b60 00000000 f709ddd0 <0> c0137fd2 00000086 f70954c4 00000000 f7098480 f709ddf0 f7094fc0 f7084b60 <0> 00000000 00000009 f709ddf0 c013c3f8 00000001 c1807c60 f709ddf0 f7084b60 Call Trace: [<c0127c0b>] ? complete+0x1b/0x60 [<c0137fd2>] ? mm_release+0x52/0xf0 [<c013c3f8>] ? exit_mm+0x18/0x110 [<c013c6db>] ? do_exit+0xfb/0x2e0 [<c013998a>] ? print_oops_end_marker+0x2a/0x30 [<c0522aab>] ? oops_end+0x8b/0xd0 [<c011eac4>] ? no_context+0xb4/0xd0 [<c011eb1d>] ? __bad_area_nosemaphore+0x3d/0x1a0 [<c0133a56>] ? load_balance_newidle+0x96/0x320 [<c011ec92>] ? bad_area_nosemaphore+0x12/0x20 [<c0524106>] ? do_page_fault+0x2f6/0x380 [<c012cc30>] ? finish_task_switch+0x50/0xe0 [<c0523e10>] ? do_page_fault+0x0/0x380 [<c0522006>] ? error_code+0x66/0x70 [<c0523e10>] ? do_page_fault+0x0/0x380 [<c0150300>] ? kthread_should_stop+0x10/0x20 [<c014c14d>] ? worker_thread+0x7d/0xe0 [<c0150770>] ? autoremove_wake_function+0x0/0x40 [<c014c0d0>] ? worker_thread+0x0/0xe0 [<c015047c>] ? kthread+0x7c/0x90 [<c0150400>] ? kthread+0x0/0x90 [<c0103ce7>] ? kernel_thread_helper+0x7/0x10 Code: 00 00 00 55 89 e5 f0 83 28 01 79 05 e8 02 ff ff ff 5d c3 55 89 c2 89 e5 9c 58 8d 74 26 00 89 c1 fa 90 8d 74 26 00 b8 00 01 00 00 <f0> 66 0f c1 02 38 e0 74 06 f3 90 8a 02 eb f6 89 c8 5d c3 90 8d EIP: [<c0521bc8>] _spin_lock_irqsave+0x18/0x30 SS:ESP 0068:f709dd88 CR2: 00000000ff09dfc8 ---[ end trace 06004df70b9cf436 ]--- Fixing recursive fault but reboot is needed! This seems to happen at least once a day. How do I even begin to debug this?

    Read the article

  • What do I do when I get a Linux kernel bug?

    - by raldi
    I just bought a tiny computer called a fit-pc2 which came with a somewhat customized Ubuntu 9.10 installation. uname -a reports: Linux 2.6.31-34-fitpc2 #7 SMP Thu Apr 22 17:43:26 IDT 2010 i686 GNU/Linux It seems that after several hours of running with heavy network load, all networking ceases and I get the following in kern.log: BUG: unable to handle kernel paging request at ff09dfc0 IP: [<c0150300>] kthread_should_stop+0x10/0x20 *pde = 00000000 Oops: 0000 [#1] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb1/idVendor Modules linked in: binfmt_misc ppdev sbc_fitpc2_wdt snd_usb_audio snd_usb_lib i2c_isch sch_gpio snd_seq_dummy snd_hda_intel snd_pcm_oss snd_seq_oss snd_seq_midi snd_rawmidi snd_mixer_oss snd_seq_midi_event snd_seq snd_pcm snd_timer snd_page_alloc snd_seq_device iptable_filter ip_tables x_tables snd_hwdep lpc_sch snd psmouse rt2860sta(C) uvcvideo video pl2303 soundcore mfd_core output videodev v4l1_compat lirc_igorplugusb lirc_dev serio_raw lp parport usbhid r8169 mii iegd_mod drm agpgart Pid: 16, comm: kblockd/1 Tainted: G C (2.6.31-34-fitpc2 #7) SBC-FITPC2 EIP: 0060:[<c0150300>] EFLAGS: 00010246 CPU: 1 EIP is at kthread_should_stop+0x10/0x20 EAX: ff09dfc4 EBX: c180cbac ECX: 0109d000 EDX: f709df98 ESI: f709df98 EDI: c180cba0 EBP: f709dfb8 ESP: f709df90 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 Process kblockd/1 (pid: 16, ti=f709c000 task=f7084b60 task.ti=f709c000) Stack: c014c14d c180cba4 00000000 f7084b60 c0150770 f709dfa4 f709dfa4 f7023ef4 <0> c180cba0 c014c0d0 f709dfe0 c015047c 00000000 00000000 00000000 f709dfcc <0> f709dfcc c0150400 00000000 00000000 00000000 c0103ce7 f7023ef4 00000000 Call Trace: [<c014c14d>] ? worker_thread+0x7d/0xe0 [<c0150770>] ? autoremove_wake_function+0x0/0x40 [<c014c0d0>] ? worker_thread+0x0/0xe0 [<c015047c>] ? kthread+0x7c/0x90 [<c0150400>] ? kthread+0x0/0x90 [<c0103ce7>] ? kernel_thread_helper+0x7/0x10 Code: a6 8b 55 0c 8d 4d e0 89 f8 89 34 24 e8 7a fd ff ff 89 c3 eb 92 90 90 90 90 90 90 55 64 a1 00 80 76 c0 8b 80 70 02 00 00 89 e5 5d <8b> 40 fc c3 8d b6 00 00 00 00 8d bf 00 00 00 00 55 ba d7 86 62 EIP: [<c0150300>] kthread_should_stop+0x10/0x20 SS:ESP 0068:f709df90 CR2: 00000000ff09dfc0 ---[ end trace 06004df70b9cf435 ]--- BUG: unable to handle kernel paging request at ff09dfc8 IP: [<c0521bc8>] _spin_lock_irqsave+0x18/0x30 *pde = 00000000 Oops: 0002 [#2] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1d.7/usb1/idVendor Modules linked in: binfmt_misc ppdev sbc_fitpc2_wdt snd_usb_audio snd_usb_lib i2c_isch sch_gpio snd_seq_dummy snd_hda_intel snd_pcm_oss snd_seq_oss snd_seq_midi snd_rawmidi snd_mixer_oss snd_seq_midi_event snd_seq snd_pcm snd_timer snd_page_alloc snd_seq_device iptable_filter ip_tables x_tables snd_hwdep lpc_sch snd psmouse rt2860sta(C) uvcvideo video pl2303 soundcore mfd_core output videodev v4l1_compat lirc_igorplugusb lirc_dev serio_raw lp parport usbhid r8169 mii iegd_mod drm agpgart Pid: 16, comm: kblockd/1 Tainted: G D C (2.6.31-34-fitpc2 #7) SBC-FITPC2 EIP: 0060:[<c0521bc8>] EFLAGS: 00010086 CPU: 1 EIP is at _spin_lock_irqsave+0x18/0x30 EAX: 00000100 EBX: ff09dfc8 ECX: 00000286 EDX: ff09dfc8 ESI: f7084b60 EDI: ff09dfc4 EBP: f709dd88 ESP: f709dd88 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 Process kblockd/1 (pid: 16, ti=f709c000 task=f7084b60 task.ti=f709c000) Stack: f709dda4 c0127c0b 00000082 00000001 ff09dfc4 f7084b60 00000000 f709ddd0 <0> c0137fd2 00000086 f70954c4 00000000 f7098480 f709ddf0 f7094fc0 f7084b60 <0> 00000000 00000009 f709ddf0 c013c3f8 00000001 c1807c60 f709ddf0 f7084b60 Call Trace: [<c0127c0b>] ? complete+0x1b/0x60 [<c0137fd2>] ? mm_release+0x52/0xf0 [<c013c3f8>] ? exit_mm+0x18/0x110 [<c013c6db>] ? do_exit+0xfb/0x2e0 [<c013998a>] ? print_oops_end_marker+0x2a/0x30 [<c0522aab>] ? oops_end+0x8b/0xd0 [<c011eac4>] ? no_context+0xb4/0xd0 [<c011eb1d>] ? __bad_area_nosemaphore+0x3d/0x1a0 [<c0133a56>] ? load_balance_newidle+0x96/0x320 [<c011ec92>] ? bad_area_nosemaphore+0x12/0x20 [<c0524106>] ? do_page_fault+0x2f6/0x380 [<c012cc30>] ? finish_task_switch+0x50/0xe0 [<c0523e10>] ? do_page_fault+0x0/0x380 [<c0522006>] ? error_code+0x66/0x70 [<c0523e10>] ? do_page_fault+0x0/0x380 [<c0150300>] ? kthread_should_stop+0x10/0x20 [<c014c14d>] ? worker_thread+0x7d/0xe0 [<c0150770>] ? autoremove_wake_function+0x0/0x40 [<c014c0d0>] ? worker_thread+0x0/0xe0 [<c015047c>] ? kthread+0x7c/0x90 [<c0150400>] ? kthread+0x0/0x90 [<c0103ce7>] ? kernel_thread_helper+0x7/0x10 Code: 00 00 00 55 89 e5 f0 83 28 01 79 05 e8 02 ff ff ff 5d c3 55 89 c2 89 e5 9c 58 8d 74 26 00 89 c1 fa 90 8d 74 26 00 b8 00 01 00 00 <f0> 66 0f c1 02 38 e0 74 06 f3 90 8a 02 eb f6 89 c8 5d c3 90 8d EIP: [<c0521bc8>] _spin_lock_irqsave+0x18/0x30 SS:ESP 0068:f709dd88 CR2: 00000000ff09dfc8 ---[ end trace 06004df70b9cf436 ]--- Fixing recursive fault but reboot is needed! This seems to happen at least once a day. How do I even begin to debug this?

    Read the article

  • Event on SQL Server 2008 Disk IO and the new Complex Event Processing (StreamInsight) feature in R2

    - by tonyrogerson
    Allan Mitchell and myself are doing a double act, Allan is becoming one of the leading guys in the UK on StreamInsight and will give an introduction to this new exciting technology; on top of that I'll being talking about SQL Server Disk IO - well, "Disk" might not be relevant anymore because I'll be talking about SSD and IOFusion - basically I'll be talking about the underpinnings - making sure you understand and get it right, how to monitor etc... If you've any specific problems or questions just ping me an email [email protected]. To register for the event see: http://sqlserverfaq.com/events/217/SQL-Server-and-Disk-IO-File-GroupsFiles-SSDs-FusionIO-InRAM-DBs-Fragmentation-Tony-Rogerson-Complex-Event-Processing-Allan-Mitchell.aspx 18:15 SQL Server and Disk IOTony Rogerson, SQL Server MVPTony's Blog; Tony on TwitterIn this session Tony will talk about RAID levels, how SQL server writes to and reads from disk, the effect SSD has and will talk about other options for throughput enhancement like Fusion IO. He will look at the effect fragmentation has and how to minimise the impact, he will look at the File structure of a database and talk about what benefits multiple files and file groups bring. We will also touch on Database Mirroring and the effect that has on throughput, how to get a feeling for the throughput you should expect.19:15 Break19:45 Complex Event Processing (CEP)Allan Mitchell, SQL Server MVPhttp://sqlis.com/sqlisStreamInsight is Microsoft’s first foray into the world of Complex Event Processing (CEP) and Event Stream Processing (ESP).  In this session I want to show an introduction to this technology.  I will show how and why it is useful.  I will get us used to some new terminology but best of all I will show just how easy it is to start building your first CEP/ESP application.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >