Re: IPSEC on Solaris 8

From: Trevor Fiatal (trevor@seven.com)
Date: 10/02/01


Message-ID: <3BBA17FA.CC8439DE@seven.com>
Date: Tue, 02 Oct 2001 12:39:38 -0700
From: Trevor Fiatal <trevor@seven.com>
To: SUN-sec Mailinglist <focus-sun@securityfocus.com>
Subject: Re: IPSEC on Solaris 8

adam morley wrote:
>
> On Mon, Oct 01, 2001 at 10:37:59AM +0200, Conny Stefors wrote:
> >
> > The man-pages for the IPSEC feature is unfortunatly not very good :-(
>
> they are good once you know what you are doing, the key is figuring out what you are doing first! your best bets are to start with the answerbooks if you have them, or just hop onto docs.sun.com:
[deletia]

I'm surprised no-one has mentioned the biggest stumbling block to
getting IPsec working on Sol8: install the optional/downloadable
crypto packages so the IPsec stuff actually works! (The documentation
is fscking miserable in this regard, took me days to figure out
why IPsec wasn't working.)

You *must* download and install the crypto packages if you want
to do anything useful. You can find them at:

        http://www.sun.com/software/solaris/encryption/download.html

One warning: these packages include a new version of libcrypt
(libcrypt_d.*) that supercedes the export-legal libcrypt_i.* which
comes with Sol8. If you compile *anything* which references
libcrypt on a system with the optional crypto pkgs installed, it
will not work on a standard Sol8 system lacking the enhanced crypto
libs. Found this out the hard way.

In my case, I now have two build hosts used to compile software --
one with libcrypt_d.* installed, and one without. This allows us
to build certain software for 'secure' systems use only, and other
stuff for use on any system.

-Trevor

-- 
Trevor Fiatal -- trevor@seven.com -- http://www.seven.com/
Co-Founder, CSO
SEVEN
510.967.4556 (work/mobile)  
510.401.8054 (vmail/fax)



Relevant Pages

  • Re: SP1 install and win2k3 server 2003
    ... I'm not going to install SP1 again until I know what went wong, ... IpSec are not blocking the system connetivity. ... Event Source: NtServicePack ...
    (microsoft.public.windows.server.general)
  • Re: SP1 install and win2k3 server 2003
    ... server what other programs/drivers are loaded if AV was or not installed on ... I'm not going to install SP1 again until I know what went wong, ... IpSec are not blocking the system connetivity. ...
    (microsoft.public.windows.server.general)
  • Re: SP1 install and win2k3 server 2003
    ... IpSec are not blocking the system connetivity. ... I install sp1 then bang ... Event Source: NtServicePack ... I run Windows Server 2003 SP1 INSTALL then it breaks. ...
    (microsoft.public.windows.server.general)
  • Re: SP1 install and win2k3 server 2003
    ... Event Type: Information ... Event Source: NtServicePack ... The IPSec Driver is starting in Bypass mode. ... I run Windows Server 2003 SP1 INSTALL then it breaks. ...
    (microsoft.public.windows.server.general)
  • Re: Lock-Ups ERROR - IPSec Service
    ... drivers it would be worth it to try and do so again by going to ATI website ... Thank You very much as your suggestion was the solution to that IPSec ... message which always succeeded the Security ERROR message. ... Need to install Updated ...
    (microsoft.public.windowsxp.security_admin)