7 Sep 2002 wardv   » (Journeyer)


So now the IPSec tunnel I've been working on finally works. In the end we ditched the Symantec Firewall/VPN appliance 200, got a Cisco 1710, and it worked at once.

Frustrating. I am not happy with these Symantec things. They are really OEMs of a company called Nexland, and I suspect they are built on FreeSWAN - the log entries are identical, so...

But try to connect them to a Checkpoint FW/1 NG on the other side, and you can't even get the IKE to work properly. Connect them to a Cisco on the other side, and all seems to work (pinging through the tunnel works fine, etc), until you send some larger http packets, at which point the Symantec doesn't encrypt them properly anymore, the Cisco logs lots of errors when trying to decrypt them, and you get serious packet loss. Tunnel unuseable. Symantec posted a firmware update for the thing on August 26th, which has lots of bugfixes for things that sound rather serious. Even one to do with large packets. But it didn't fix this problem.

If this had been a GNU/Linux box with FreeSWAN, I wouldn't have lost as much time, I think. Hmmmm. I'll think twice before considering using these yellow boxes ever again.


I must say I've refreshed my knowledge about Cisco a bit with all this IPSec stuff. One of the more curious things I found out is that Ciscos work with standard PC RAM. Or at least the (old-ish) 3620 that I was using works just fine with old 'Compaq' 72 pin RAM. Interesting.


I'm leaving coming Monday, to spend some days in Oxford/London, and then move to Brighton with my alter ega. Can't wait! That same day I have an interview at the university - still looking at that MSc in Science and Technology Policy (STP). I hope I'll be accepted - if not I'll have to find something else to do!

1 million dollars

Someone donated 1 million dollars to Duke University to fight abusive copyrights. Now that's good news. The person is 'anonymous' - but if you add 1 and 1... Where is Duke University? Durham, North Carolina. Where is RedHat? Right, Raleigh, North Carolina. That's really close. Well maybe it is a coincidence...


Our good friends in Redmont are mystified about a mysterious wave of successful breakin attempts to Windows machines of all kinds that do not appear to be the result of a worm or virus. Backdoor, anyone?

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!