say hello little sweet juniper 5gt for testing purposes; got her on 6.2.0r8 – not recommend by juniper but by now she runs stable 🙂
finally got it working: building a bidirectional ipsec tunnel between a juniper ssg5 and openswan@debian, both sites got static ip adresses
openswan config:
conn juniper_ssg5_01
type=tunnel
authby=secret
auth=esp
pfs=yes
rekey=yes
auto=start
keylife=8h
keyingtries=0
keyexchange=ike
ike=aes256-sha1-modp2048
esp=aes256-sha1
# Linux openswan
leftid=1.1.1.1
left=1.1.1.1 # expernal ip
leftsubnet=10.1.10.0/24
leftsourceip=10.1.10.1
# SSG 5
rightid=2.2.2.2
right=2.2.2.2 # untrust interface
rightsubnet=192.168.10.0/24
juniper screenos config / route based config
set interface "tunnel.2" zone "Untrust"
set ike p1-proposal "g14-esp-aes256-sha" preshare group14 esp aes256 sha-1 second 28800
set ike p2-proposal "g14-esp-aes256-sha" group14 esp aes256 sha-1 second 3600
set ike gateway "Gateway for 10.1.10.0/24" address 1.1.1.1 Main local-id "2.2.2.2" outgoing-interface "ethernet0/0" preshare "mysecretpsk" proposal "g14-esp-aes256-sha"
set ike gateway "Gateway for 10.1.10.0/24" nat-traversal
set ike gateway "Gateway for 10.1.10.0/24" nat-traversal udp-checksum
set ike gateway "Gateway for 10.1.10.0/24" nat-traversal keepalive-frequency 0
set ike accept-all-proposal
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set vpn "VPN for 10.1.10.0/24" gateway "Gateway for 10.1.10.0/24" replay tunnel idletime 0 proposal "g14-esp-aes256-sha"
set vpn "VPN for 10.1.10.0/24" id 0x3 bind interface tunnel.2
set vpn "VPN for 10.1.10.0/24" proxy-id local-ip 192.168.10.0/24 remote-ip 10.1.10.0/24 "ANY"
set policy id 34 from "Trust" to "Untrust" "Any" "10.1.10.0/24" "ANY" permit log count
topinambur – give it a try !
pure not really tasty – but with salad … ok 🙂
received new sauce
try to grow chili this year; 10 plants each:
rocoto peru puno marki / c.pubescens
numex twilight / c.annuum
habanero hot lemon / c.chinense
masquerade / c.annuum
for breeding phase i use normal “anzuchterde” from obi, think about bringing the plants to my office because of the low temperature in my flat.
the plants from marcel; he startet also today, also 10 of each breed – the chilli battle has begun !
bih jolokia / c.chinense (bhut jolokia)
red savina / c.chinense
arlecchino / c.annuum
5 color / c.annuum
chupetinho / c.chinense
cird-charapita yellow / c.chinense
http://tim.geekheim.de/not-safe-for-work/
tim! thx for that awesome iphone ringtone (my new one) *rotfl :
http://meta.metaebene.me/media/misc/halsband.m4r
playing with ruby on rails (ror) – web application development framework; all the structure behind it, looks very nice (mvc). it`s possible to build really fast and easy something like “website with database backend and some functions” what “traditional” is made by php,css,html,*sql and/or…. maybe ror is a topic for our next summer training in bodman – OH ! we got to plan this …
learn:
http://rubyonrails.org/screencasts/rails3
funny merchandise statement (ror – website):
“Ruby on Rails is astounding. Using it is like watching a kung-fu movie, where a dozen bad-ass frameworks prepare to beat up the little newcomer only to be handed their asses in a variety of imaginative ways.”
-Nathan Torkington, O’Reilly Program Chair for OSCON
gp_mac_rc5_b4 untethered jb released on 03/02/2011 @ http://greenpois0n.com/
as usual i waited a few days before upgrading …
first i did the normal upgrade to 4.2.1 with itunes. after booting 4.2.1 the cydia stuff was gone, but the installed apps from installous were still there (the apps did not start). now the greenpois0n jb – needed a lot of tries; it works after starting the tool via console *confused. after reboot i could install cydia and the rest of needed software, the apps from installous are working now, itune sync works, openvpn works – all good ! thx to the jb guys
thinking about the differences between ssg and srx juniper firewall devices. my main focus is on stability and usual features like VPN stuff. srx devices might deliver some more and better features (on the other hand i.e. lack of ipv6 support (but announced)); for me it seems like the ssg devices are more stable and i know that they can do what i need to do. ssg5 i.e. has been started last year, the end of life of ssg series is far away (hope so). the administration stuff (console, web) has changed completely in junOS – another reason to stay on ssg devices. anyway: i`m pretty sure in a few years junOS will be the choice …
right now i`m using a SSG550M / planning to replace several linux VPN gateways with SSG5 boxes
