[ previous ] [ next ] [ threads ]
 
 From:  Rolf Sommerhalder <rolf dot sommerhalder at alumni dot ethz dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ARP Proxy for Sub-Subnet Extraction
 Date:  Sat, 13 Nov 2004 22:10:02 +0100
 >Try
 >
 >/usr/local/sbin/choparp fxp0 auto 10.0.0.128/30 </dev/null >/dev/null
 >2>&1 &
 >
 >(all on one line, with the proper XML escaping of course)

Thanks, I can confirm that this works fine, if escaped as

<shellcmd>/usr/local/sbin/choparp fxp0 auto 10.0.0.128/30 &lt;/dev/null 
&gt;/dev/null 2&gt;&amp;1 &amp; </shellcmd>

and if I use the "aggressive" mode of IPSec.

But, for security reasons, as soon as I change to "normal" mode the 
IPSec tunnel does not come up anymore (agressive is known as easy to 
crack even with longer pre-shared keys). Even though the tunnel was fine 
in agressive mode, and I did not change any parameter other than the mode.
Any suggestions what I might have overlooked?

Thanks,
Rolf