Provide banner: how to disable?
-
Hey guys and girls,
I use IPsec and want to dissable the banner. I unticked the option to provide a banner, but all clients get an empty banner shown.
pfSense:
ALIX-board
2.1.2 x86 embedded (nanoBSD)What I found out:
Custom banner is saved racoon.motd in the same directory as racoon.conf.
When banner is disabled, racoon uses /etc/motd as input file. This file exists and is empty, so the clients get an empty banner.
Deleting /etc/motd resolves the problem.Question:
How to disable the banner?
Are there any side effects if I delete /etc/motd? (regarding the embedded system)Thanks in advance
Chris -
nobody facing the same problem? :o
-
I've deleted /etc/motd and haven't experienced any problems. However it would be nice if you could have a /etc/motd without a banner on IPSec.
I'd file a bug report on it. The default (unchecked "Banner" box) should cause the configuration:
banner "";
in order to override the default:
banner "/etc/motd";
-
ipsec-tools is gone from 2.2, so I would recommend testing the situation there (now using strongswan), and if there is any similar issue, bring it up on the 2.2 board here. I don't believe that's an issue there, but confirmation would be good.
-
@cmb:
ipsec-tools is gone from 2.2, so I would recommend testing the situation there (now using strongswan), and if there is any similar issue, bring it up on the 2.2 board here. I don't believe that's an issue there, but confirmation would be good.
Hi Chris, is this to say that VPN:Ipsec will not be available in 2.2 at all? I use the Site-Site on several boxes.
-
@BBcan17:
Hi Chris, is this to say that VPN:Ipsec will not be available in 2.2 at all? I use the Site-Site on several boxes.
No not at all, the GUI-side is effectively the same, the back-end daemon that's responsible for keying has been switched out. From the average user's perspective, nothing has changed. The back end is now strongswan rather than ipsec-tools, which brings us new features, and keeps everything that already existed.
-
@cmb:
ipsec-tools is gone from 2.2, so I would recommend testing the situation there (now using strongswan), and if there is any similar issue, bring it up on the 2.2 board here. I don't believe that's an issue there, but confirmation would be good.
I already read about the new backend, but had no time to test 2.2. I will try as soon as possible and report back if there is a similar issue.
I also have some special things to test for the new backend e.g. certificates with whitelist. -
@cmb:
ipsec-tools is gone from 2.2, so I would recommend testing the situation there (now using strongswan), and if there is any similar issue, bring it up on the 2.2 board here. I don't believe that's an issue there, but confirmation would be good.
I see no banner in 2.2, whether 'login banner' is ticked or not (shrewsoft client, banner did appear under 2.1). Haven't looked into details yet.
