All Questions
90
questions
2
votes
1
answer
162
views
what is the proposal string for aes-gem256 deffie helman group 20, esp
As a developer tasked with connecting to a vpn without preconfigured profile scripts, i'm fumbling through setting up a strongswan ipsec.conf file. My current hurdle is an "invalid proposal ...
0
votes
1
answer
2k
views
UDP-Packets seem to get lost in IPsec tunnel from Strongswan to AWS cloud - connection works with Openswan
Use case: IOT-device connected through AWS cloud
The IOT-device is behind a router that sends all traffic through aws cloud.
The IOT-server can not be configured and thus is not part of the AWS cloud
...
1
vote
0
answers
173
views
Trouble with routing on VPN with Openswan IPSec
Good morning, I'm having trouble configuring access to the servers through a VPN. The client can connect to the VPN perfectly, but access to the servers does not work.
The conf of my connection is ...
0
votes
0
answers
194
views
Options for rebuilding OpenSwan box to LibreSwan without downtime?
This is all in an AWS VPC environment.
We have an old Ubuntu 12.04 machine running OpenSwan which is managing a pile of VPN connections. This has worked well for us thus far, but 12.04 is no longer ...
1
vote
0
answers
812
views
Openswan l2tp vpn ppp wrong ip address
Using Openswan with xl2tp on archlinux (4.20) to connect to a vpn, I can create the tunnel and the ppp interface is created howerver it gets the wrong ip address:
enp4s0: <BROADCAST,MULTICAST,...
0
votes
1
answer
1k
views
NAT rules for VPN routing to public IP in local network
I'm trying configure a test VPN setup to route pings to an instances public IP. A corporate vendor we are connecting to has reserved all private space on their side. I'm not sure what NAT rules I need ...
0
votes
1
answer
439
views
StrongSwan IPsec PING only working once after ipsec restart
Diagram VPN site to site:
And a GIF showing what is happening.
I create an IP route like this:
sudo ip route add 192.168.1.0/24 via 10.132.146.166 eth0 eth1
And I have this iptable rules
sudo ...
0
votes
0
answers
1k
views
AWS Ubuntu Strongswan IPSec VPN and Iptables configuration tunnel routing
I've muddled up my configuration.
I've setup a site-to-site VPN between an AWS Ubuntu VM running strongswan, and another site.
The VPN tunnel is working, but anytime I try to route traffic through ...
2
votes
1
answer
2k
views
OpenSwan IPsec tunnel to Azure Gateway is established but unable to connect
I am currently trying to set up a IPsec tunnel between my on-premise center and to the VPN in Azure. I am setting up OpenSwan 2.6.23 on an Ubuntu Lucid box, and my box is behind a NAT.
ipsec.conf
...
1
vote
1
answer
11k
views
IPSec tunnel fails in phase 2
We are trying to establish a tunnel between our EC2 Instance and remote Cisco 3000 series device where it is failing for Phase2. Below is the scenario:
FTP Server(ec2-ubuntu) <---->VPN Server(ec2-...
3
votes
1
answer
8k
views
Tunnel is up but I can't ping
I need to understand and resolve my issue. I know openswan works because when I connect from home network with an internal ip address of 10.0.0.97 to work's VPN, I'm able to ping but when I use the ...
0
votes
1
answer
2k
views
ipsec verify indicates ERRORS "No tunnels up"
I just installed openswan on Ubuntu14. I'm trying to connect to my work's VPN (I have access to the Firewall/VPN btw). When I do a
/usr/sbin/ipsec verify
I get the following:
Checking your system ...
1
vote
1
answer
3k
views
OpenSwan - IPSec VPN - tunnel established but can't see a specific server there
I have to connect my server to a VPN tunnel thought Internet to see a local server that is on IP 192.168.20.100
Here are IPSec AND IKE settings from server (not mine , I do not own the VPN server)
...
2
votes
1
answer
4k
views
Routing between OpenSWAN / IPSEC tunnels
I am trying to connect multiple Amazon VPCs (across regions) together using OpenSWAN and Amazon VGW's. The router instance can ping to hosts in both VPCs, and traffic is attempting to cross the router,...
27
votes
1
answer
60k
views
IPsec for Linux - strongSwan vs Openswan vs Libreswan vs other(?) [closed]
Searching for IPSec and Linux one inevitably will be confronted with different solutions (see below) which all seem quite similar. The question is: where is the difference?
I found these projects. All ...
5
votes
2
answers
8k
views
Site to Site VPN error 'received hash payload does not match computed value'
We need to access a couple of Linux machines located at our client's end.
Our Linux machine, from which we need to access client's machine is located on cloud.
The connection to be established is ...
4
votes
3
answers
17k
views
Connecting to a FortiGate VPN from a remote Linux machine via OpenSwan
Here's the setup:
I have a FortiGate unit on a business network, which has a FortiGate VPN set up. Machines on a remote network that can run FortiClient (Windows and Mac machines) have no problem ...
0
votes
1
answer
451
views
IPSEC VPN site-to-"alias"
I am trying to connect my CentOS (CentOS release 6.7) server to a 3rd party VPN so traffic can be routed between my Apache instance listening on an aliased private IP (192.168.253.1), through the ...
6
votes
2
answers
37k
views
How to enable debug logs in OpenSwan?
I use OpenSwan IPSec tunnel on CentOS 6.7.
I have added the following configuration in /etc/ipsec.secrets according to this link: http://linux.die.net/man/5/ipsec.conf
config setup
plutodebug=all
...
2
votes
3
answers
11k
views
ipsec: Can't authenticate: no preshared key found for
I'm using Openswan with ipsec and ipsec keeps complaining about the shared-key not being present. I'm running Ubuntu 14.04 .
I'm just experimenting on a couple of internal systems since I'm new to ...
1
vote
0
answers
420
views
Openswan to Cisco ASA IPSec tunnel - specific IP address range required. Netmap?
I'm attempting to set up a VPN tunnel between a Cisco ASA 5520 and an Openswan server running on Ubuntu 14.04 on a Amazon VPC instance. I do not have access to the ASA, and have been given the ...
1
vote
0
answers
121
views
IPsec and pinging rightsubnets
I have been racking my brain about this. I have openswan running and I have been able to get tunnels up. Unfortunately, when I try to ping computers on my right subnet, I am not able to get any ...
0
votes
0
answers
2k
views
OpenSwan VPN IPSEC Tunnel Connection
I was hoping this website would be able to help with solving this issue since I've been running in circles on my end!
I am using OpenSwan to setup an IPSec tunnel between a VPN server on Rackspace ...
0
votes
1
answer
2k
views
Malformed Payload recieved from juniper firewall to libreswan while setting up an IPSec Tunnel
I have a CentOS system with libreswan behind a router with static IP, and I have been trying to setup an IPSec tunnel with a server at remote location having juniper firewall. The IPSec VPN settings ...
0
votes
1
answer
1k
views
openSwan VPN is up can't ping remote subnet
When I run the command ipsec auto status i get the following output:
......
172.16.255.1/32===104.131.13.155<104.131.13.155>:17/1701...41.203.65.124<41.203. 65.124>===10.100....
1
vote
1
answer
903
views
IPSec Tunnel goes down during long periods of inactivity
I have 2 AWS regions I have connected using an OpenSWAN IPSec tunnel. This works great in our production environment but in our test environment where 1 of the regions has long periods of inactivity, ...
1
vote
1
answer
6k
views
How to start and stop a libreswan connection
I have a connection configured on my libreswan instance on two machines.
The connection start automatically when I start the pluto daemon, I have try other settings, but the connection also starts if ...
0
votes
1
answer
715
views
Can't ping public endpoints when IPSec tunnel is up
I'm using openswan to link two machines via IPSec. The tunnel comes online fine and I have connectivity to each endpoint via the VPN.
However, when the tunnel is up, I lose connectivity to the ...
2
votes
0
answers
1k
views
Openswan IPSec VPN on AWS tunnel established but no traffic
I am setting up a tunnel with a telco using AWS/VPC/EC2/Centos7/Libreswan and have been stuck for weeks. Appreciate any help!
I have 192.168.16.73 (VPN GW, EIP 52.76.x.x) and 192.168.16.116 (...
2
votes
1
answer
5k
views
Two tunnels with same rightsubnet for StrongSWAN/OpenSWAN
I'm trying to set up the "Option 3" configuration for Google Cloud VPN, with two Google Cloud VPN gateways on the left and StrongSWAN or OpenSWAN on the right:
If you have two Peer VPN gateways and ...
3
votes
0
answers
657
views
Is there an extension of host to host ipsec to a many-many configuration?
Having a typical host to host transport mode ipsec configuration,
conn appserver01-to-swift01
[email protected]
left=10.133.176.246
leftrsasigkey=xxxxxxxxxxxxxxxxxxxxxxxx
...
0
votes
1
answer
1k
views
IPsec VPN between Fortigate 60C and openswan up, but no traffic
I get visual confirmation that the tunnel is working from the fortigate GUI but, it also says i don't have 1 byte of traffic, the linux server also confirms the tunnel is open but i can't ping nowhere,...
4
votes
1
answer
7k
views
VPN ERROR 500 STATE_MAIN_I1, unable to start phase2
i'm trying to set up a site to site vpn to a fortigate 60c from a CentOS 7 with openswan, the error i get everytime is the following
000 #1: "office":500 STATE_MAIN_I1 (sent MI1, expecting MR1);
...
0
votes
1
answer
2k
views
CentOS 7 ipsec hardware rngd erorr
ipsec verify
Hardware RNG detected, testing if used properly
[FAILED]
Hardware RNG is present but 'rngd' is not running. No harware
random used!
Someone suggest to edit /etc/sysconfig/...
1
vote
0
answers
625
views
openswan IPSEC site to site randomly disconnects on debian server
goodmorning my friends,
this is my situation:
I have two debian servers with static IP connected through a site to site VPN OPENSWAN, everything works like a charm, I can ping the entire lan from any ...
0
votes
1
answer
728
views
OpenSwan Dead Peer Detection for Mac WIFI clients
I am running an OpenSwan server to facilitate client-server connections into a secure data centre.
I have a problem with the standard L2TP over IPSEC client in MacOS, specifically when using WIFI.
...
1
vote
1
answer
8k
views
IPSec VPN Fortigate Phase 2 stuck
Trying to setup a VPN connection to Office Fortigate but I can't pass phase
2.
Received info from sysadmins:
PSK
IKE v1
Aggressive mode
Phase1 3DES-SHA1
DH group 5
Key lifetime 28800
XAUTH PAP ...
0
votes
0
answers
3k
views
Site-to site Configuration between OpenSwan and Cisco ASA
I am making site-to-site vpn connection using amazon ec2 linux and cisco asa router ( please note i donot have access to router only configuration is provided.)
CISCO ASA CONFIGURATION :
...
4
votes
2
answers
8k
views
subnet-to-subnet libreswan ipsec vpn
I'm configuring a "subnet to subnet VPN" between two Centos 7 server using libreswan.
Each server has two nic as showed in the following image.
I would allow secure communication between the subnets ...
0
votes
0
answers
1k
views
iptables DNAT packets into an openswan IPSEC tunnel
I have the following network setup:
+-----------------------------------+
| |
+-------...
2
votes
2
answers
2k
views
How to deny connections to xl2tp without ipsec encryption?
I try to setup l2tp+ipsec server for my mobile use and my home router use.
So I made some setup and checked it works fine from android device. I see encryption on ipsec --status.
My system is CentOS ...
1
vote
0
answers
541
views
Openswan and Cisco ASA
i have post this same question on "Unix & Linux" but iv got no answer and will delete from there but ill try here too. I need this as soon as possible to solve it or at least to find out what is ...
0
votes
1
answer
104
views
IP Addresses over IPSec
I've got four hosts setup as follows:
I've got an IPSec tunnel via OpenSwan over the internet between Servers B and C. Servers A and D are configured to route traffic to the other via B and C ...
2
votes
0
answers
3k
views
Creating redundant IPSec connections using OpenSwan
I have a linux (netkey) instance with openswan installed, the instance has two connection to the same IPSec peer that needs to act as redundant connections. both connections' properties are the same (...
0
votes
0
answers
2k
views
OpenSwan IPsec connection drops after 30 seconds
I'm trying to connect from my Linux Mint 16 box to a CloudStack server through IPsec L2TP. Building up the connection works (pings work across the tunnel). However 30 seconds later the IPsec tunnel ...
5
votes
1
answer
12k
views
Site-to-Site IPsec vpn not sending ping across a tunnel
This is my first attempt at a site-to-site VPN. I chose to use IPec because it appeared to be the best solution for what I needed to accomplish. I've followed several different tutorials over the last ...
1
vote
0
answers
3k
views
Cannot connect to IPSEC/L2TP VPN Arch Linux/Windows 8
I have check a lot of other L2TP/IPsec VPN post and none of them seem to quite match the issues I am having so here is what going on.
I am trying to set up a VPN on my Arch Linux server that I can ...
-1
votes
1
answer
1k
views
Openswan and OpenVPN
I have installed Openswan and have configured IPSec tunnels and they work perfect until i install OpenVPN. Now i can't find out way the ping wont work.
When i execute the "service ipsec status" it ...
2
votes
0
answers
2k
views
Is it possible to do IPSec Site to Site VPN without static & public IP on one end?
I am working on a project for my engineering degree that requires me to interface with some pre-existing equipment, so I am rather limited on my options. I'm rather new to VPN and ipsec for that ...
3
votes
1
answer
6k
views
Openswan Cisco ASA 9.1 -- cannot resopnd to IPsec SA request because no connection is known for
Ok, so I have a simple VPN IPSEC setup with a single Linux host that has a public IP address and a loopback interface of 172.16.255.1. On the right side I have a Cisco ASA 5505 9.1. the issue is the ...