Problem with ASL 5

Hi All

Posted the following - not very constructive post...Sorry
My last post

Will try to be more constructive this time - just had to let out some steam.

I am using ASL 5.001 on 2 different testsystems.

Sys1
No Name PC
PII 300 Mzh
128 MB RAM
2 x RealTek RTL8139 NIC's

Sys2
Dell PowerEdge 400 SC
256MB RAM
Onboard Dell 10/100/1000 Gigabit NIC
Compaq Netelligent 10/100 NIC

Both systems have been running ASL 4.021 flawless.

Here is the problem - it seems to be the same on both systems.

I do the install which works great.
Have solved licenseproblems from my former post - so that part is also super.
Once the install is over I start configuring.
Do a masq rule.
Enable DNS proxy
Have tried both doing a Internal Network/Any/Any service and also tried using HTTP proxy both in transparent mode and in standard mode - all is OK so far.

Up until this point I am still able to restart the ASL from webadmin.But when I then try to set up VPN tunnels to my office, it gets troublesome.

I set up a PSK, define the remote LAN and remote Endpoint in the Definitions part of ASL, enable the status in the IPSEC VPN section, setup my connection and enables it.

After this I am no longer able to restart from the webadmin interface. And if I log into the console and issue a "reboot" command, the firewall restarts, but then my interface configuration is gone - hence I am now unable to communicate with the system.
Furthermore - If, before I reboot, tries to show my current VPN routes, I get the following message: ":: IPSec Kernel Modules not loaded ::" - Why??

Hope above description is a bit more fullfilling then my last, and that there is someone that are able to give me some hint on this.

Have done further testing.

Without rebooting the system, I tried to remove all configuraiton that was setup in the system, meaning:

Diabling IPSEC, removing my PSK, removing my external interface, diabling my DNS Proxy, removing my MASQ rule,
disabling HTTP proxy and as the last thing - dropping any traffic from the internal network to any server/any service.
To my best knowledge - it should now no longer be possible to be on the internet. But nevertheless, I am currently writing this post from behind the above configuration.

It is as if something makes the old configuration persistent in the system.

0 Marcel_01 over 21 years ago

also this should be fixed, please check if you use some special characters in your configuration (e.g. network->definitions).. try removing them if possible.

next, check /etc/wfe/conf/itf.conf and /etc/wfe/conf/ipsec* files... they should contain the values you entered in webadmin... is this correct?

cheers
~marcel
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel