From phil at firehol.org Sun Sep 17 14:47:37 2017 From: phil at firehol.org (Phil Whineray) Date: Sun, 17 Sep 2017 14:47:37 +0100 Subject: [Firehol-support] [ANNOUNCE] FireHOL 3.1.5 released Message-ID: <20170917134737.z4nnvsaqhuzun7b4@xps> All I have released version 3.1.5 of FireHOL. You can download it from GitHub: https://github.com/firehol/firehol/releases/tag/v3.1.5 * FireHOL - Fix some links in documentation * FireQOS - Insert a rawmark mask if none specified * Update-Ipsets - Support serving ipset files from local web server - Lower pressure on github Thanks in particular to Tom Pickering for the improvements to the rawmask code in FireQOS. Regards Phil From whit at transpect.com Thu Sep 21 19:26:39 2017 From: whit at transpect.com (Whit Blauvelt) Date: Thu, 21 Sep 2017 14:26:39 -0400 Subject: [Firehol-support] FireHOL, link-balancer and StrongSwan Message-ID: <20170921182639.GA26935@black.transpect.com> Hi, I've got FireHOL and link-balancer on a multi-WAN firewall, and need to get several StrongSwan tunnels going. I see there is an open issue with this (https://github.com/firehol/firehol/issues/130). Has anyone worked out a practical way of handling this? I suspect I have to get StrongSwan out of the connmark business, and handle setting up those up through link-balancer. The IPsec connections we need are constantly up, and between servers. StrongSWAN is at least working to set up a tunnel in this case, as compared to libreswan which for reasons I couldn't fully diagnose choked when behind this -- complained the public IP wasn't "usable." Thanks, Whit From phil at firehol.org Sun Sep 17 14:47:37 2017 From: phil at firehol.org (Phil Whineray) Date: Sun, 17 Sep 2017 14:47:37 +0100 Subject: [Firehol-support] [ANNOUNCE] FireHOL 3.1.5 released Message-ID: <20170917134737.z4nnvsaqhuzun7b4@xps> All I have released version 3.1.5 of FireHOL. You can download it from GitHub: https://github.com/firehol/firehol/releases/tag/v3.1.5 * FireHOL - Fix some links in documentation * FireQOS - Insert a rawmark mask if none specified * Update-Ipsets - Support serving ipset files from local web server - Lower pressure on github Thanks in particular to Tom Pickering for the improvements to the rawmask code in FireQOS. Regards Phil From whit at transpect.com Thu Sep 21 19:26:39 2017 From: whit at transpect.com (Whit Blauvelt) Date: Thu, 21 Sep 2017 14:26:39 -0400 Subject: [Firehol-support] FireHOL, link-balancer and StrongSwan Message-ID: <20170921182639.GA26935@black.transpect.com> Hi, I've got FireHOL and link-balancer on a multi-WAN firewall, and need to get several StrongSwan tunnels going. I see there is an open issue with this (https://github.com/firehol/firehol/issues/130). Has anyone worked out a practical way of handling this? I suspect I have to get StrongSwan out of the connmark business, and handle setting up those up through link-balancer. The IPsec connections we need are constantly up, and between servers. StrongSWAN is at least working to set up a tunnel in this case, as compared to libreswan which for reasons I couldn't fully diagnose choked when behind this -- complained the public IP wasn't "usable." Thanks, Whit From phil at firehol.org Sun Sep 17 14:47:37 2017 From: phil at firehol.org (Phil Whineray) Date: Sun, 17 Sep 2017 14:47:37 +0100 Subject: [Firehol-support] [ANNOUNCE] FireHOL 3.1.5 released Message-ID: <20170917134737.z4nnvsaqhuzun7b4@xps> All I have released version 3.1.5 of FireHOL. You can download it from GitHub: https://github.com/firehol/firehol/releases/tag/v3.1.5 * FireHOL - Fix some links in documentation * FireQOS - Insert a rawmark mask if none specified * Update-Ipsets - Support serving ipset files from local web server - Lower pressure on github Thanks in particular to Tom Pickering for the improvements to the rawmask code in FireQOS. Regards Phil From whit at transpect.com Thu Sep 21 19:26:39 2017 From: whit at transpect.com (Whit Blauvelt) Date: Thu, 21 Sep 2017 14:26:39 -0400 Subject: [Firehol-support] FireHOL, link-balancer and StrongSwan Message-ID: <20170921182639.GA26935@black.transpect.com> Hi, I've got FireHOL and link-balancer on a multi-WAN firewall, and need to get several StrongSwan tunnels going. I see there is an open issue with this (https://github.com/firehol/firehol/issues/130). Has anyone worked out a practical way of handling this? I suspect I have to get StrongSwan out of the connmark business, and handle setting up those up through link-balancer. The IPsec connections we need are constantly up, and between servers. StrongSWAN is at least working to set up a tunnel in this case, as compared to libreswan which for reasons I couldn't fully diagnose choked when behind this -- complained the public IP wasn't "usable." Thanks, Whit