Provide banner: how to disable?



  • Hey guys and girls,

    I use IPsec and want to dissable the banner. I unticked the option to provide a banner, but all clients get an empty banner shown.

    pfSense:
    ALIX-board
    2.1.2 x86 embedded (nanoBSD)

    What I found out:
    Custom banner is saved racoon.motd in the same directory as racoon.conf.
    When banner is disabled, racoon uses /etc/motd as input file. This file exists and is empty, so the clients get an empty banner.
    Deleting /etc/motd resolves the problem.

    Question:
    How to disable the banner?
    Are there any side effects if I delete /etc/motd? (regarding the embedded system)

    Thanks in advance
    Chris



  • nobody facing the same problem?  :o



  • I've deleted /etc/motd and haven't experienced any problems. However it would be nice if you could have a /etc/motd without a banner on IPSec.

    I'd file a bug report on it. The default (unchecked "Banner" box) should cause the configuration:

    banner "";

    in order to override the default:

    banner "/etc/motd";



  • ipsec-tools is gone from 2.2, so I would recommend testing the situation there (now using strongswan), and if there is any similar issue, bring it up on the 2.2 board here. I don't believe that's an issue there, but confirmation would be good.


  • Moderator

    @cmb:

    ipsec-tools is gone from 2.2, so I would recommend testing the situation there (now using strongswan), and if there is any similar issue, bring it up on the 2.2 board here. I don't believe that's an issue there, but confirmation would be good.

    Hi Chris, is this to say that VPN:Ipsec will not be available in 2.2 at all? I use the Site-Site on several boxes.



  • @BBcan17:

    Hi Chris, is this to say that VPN:Ipsec will not be available in 2.2 at all? I use the Site-Site on several boxes.

    No not at all, the GUI-side is effectively the same, the back-end daemon that's responsible for keying has been switched out. From the average user's perspective, nothing has changed. The back end is now strongswan rather than ipsec-tools, which brings us new features, and keeps everything that already existed.



  • @cmb:

    ipsec-tools is gone from 2.2, so I would recommend testing the situation there (now using strongswan), and if there is any similar issue, bring it up on the 2.2 board here. I don't believe that's an issue there, but confirmation would be good.

    I already read about the new backend, but had no time to test 2.2. I will try as soon as possible and report back if there is a similar issue.
    I also have some special things to test for the new backend e.g. certificates with whitelist.



  • @cmb:

    ipsec-tools is gone from 2.2, so I would recommend testing the situation there (now using strongswan), and if there is any similar issue, bring it up on the 2.2 board here. I don't believe that's an issue there, but confirmation would be good.

    I see no banner in 2.2, whether 'login banner' is ticked or not (shrewsoft client, banner did appear under 2.1).  Haven't looked into details yet.


Log in to reply