Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
2 votes
1 answer
162 views

what is the proposal string for aes-gem256 deffie helman group 20, esp

As a developer tasked with connecting to a vpn without preconfigured profile scripts, i'm fumbling through setting up a strongswan ipsec.conf file. My current hurdle is an "invalid proposal ...
T3.0's user avatar
  • 121
0 votes
1 answer
2k views

UDP-Packets seem to get lost in IPsec tunnel from Strongswan to AWS cloud - connection works with Openswan

Use case: IOT-device connected through AWS cloud The IOT-device is behind a router that sends all traffic through aws cloud. The IOT-server can not be configured and thus is not part of the AWS cloud ...
DoRe's user avatar
  • 41
1 vote
0 answers
173 views

Trouble with routing on VPN with Openswan IPSec

Good morning, I'm having trouble configuring access to the servers through a VPN. The client can connect to the VPN perfectly, but access to the servers does not work. The conf of my connection is ...
Alexssandro Gottschalk's user avatar
0 votes
0 answers
194 views

Options for rebuilding OpenSwan box to LibreSwan without downtime?

This is all in an AWS VPC environment. We have an old Ubuntu 12.04 machine running OpenSwan which is managing a pile of VPN connections. This has worked well for us thus far, but 12.04 is no longer ...
Nicolas Pottier's user avatar
1 vote
0 answers
812 views

Openswan l2tp vpn ppp wrong ip address

Using Openswan with xl2tp on archlinux (4.20) to connect to a vpn, I can create the tunnel and the ppp interface is created howerver it gets the wrong ip address: enp4s0: <BROADCAST,MULTICAST,...
2A-66-42's user avatar
  • 111
0 votes
1 answer
1k views

NAT rules for VPN routing to public IP in local network

I'm trying configure a test VPN setup to route pings to an instances public IP. A corporate vendor we are connecting to has reserved all private space on their side. I'm not sure what NAT rules I need ...
Gavin's user avatar
  • 101
0 votes
1 answer
439 views

StrongSwan IPsec PING only working once after ipsec restart

Diagram VPN site to site: And a GIF showing what is happening. I create an IP route like this: sudo ip route add 192.168.1.0/24 via 10.132.146.166 eth0 eth1 And I have this iptable rules sudo ...
Makarov's user avatar
  • 11
0 votes
0 answers
1k views

AWS Ubuntu Strongswan IPSec VPN and Iptables configuration tunnel routing

I've muddled up my configuration. I've setup a site-to-site VPN between an AWS Ubuntu VM running strongswan, and another site. The VPN tunnel is working, but anytime I try to route traffic through ...
Unpossible's user avatar
2 votes
1 answer
2k views

OpenSwan IPsec tunnel to Azure Gateway is established but unable to connect

I am currently trying to set up a IPsec tunnel between my on-premise center and to the VPN in Azure. I am setting up OpenSwan 2.6.23 on an Ubuntu Lucid box, and my box is behind a NAT. ipsec.conf ...
leeeennyy's user avatar
1 vote
1 answer
11k views

IPSec tunnel fails in phase 2

We are trying to establish a tunnel between our EC2 Instance and remote Cisco 3000 series device where it is failing for Phase2. Below is the scenario: FTP Server(ec2-ubuntu) <---->VPN Server(ec2-...
Shailesh Sutar's user avatar
3 votes
1 answer
8k views

Tunnel is up but I can't ping

I need to understand and resolve my issue. I know openswan works because when I connect from home network with an internal ip address of 10.0.0.97 to work's VPN, I'm able to ping but when I use the ...
BioRod's user avatar
  • 313
0 votes
1 answer
2k views

ipsec verify indicates ERRORS "No tunnels up"

I just installed openswan on Ubuntu14. I'm trying to connect to my work's VPN (I have access to the Firewall/VPN btw). When I do a /usr/sbin/ipsec verify I get the following: Checking your system ...
BioRod's user avatar
  • 313
1 vote
1 answer
3k views

OpenSwan - IPSec VPN - tunnel established but can't see a specific server there

I have to connect my server to a VPN tunnel thought Internet to see a local server that is on IP 192.168.20.100 Here are IPSec AND IKE settings from server (not mine , I do not own the VPN server) ...
user3781074's user avatar
2 votes
1 answer
4k views

Routing between OpenSWAN / IPSEC tunnels

I am trying to connect multiple Amazon VPCs (across regions) together using OpenSWAN and Amazon VGW's. The router instance can ping to hosts in both VPCs, and traffic is attempting to cross the router,...
Jason Martin's user avatar
  • 5,113
27 votes
1 answer
60k views

IPsec for Linux - strongSwan vs Openswan vs Libreswan vs other(?) [closed]

Searching for IPSec and Linux one inevitably will be confronted with different solutions (see below) which all seem quite similar. The question is: where is the difference? I found these projects. All ...
masgo's user avatar
  • 433
5 votes
2 answers
8k views

Site to Site VPN error 'received hash payload does not match computed value'

We need to access a couple of Linux machines located at our client's end. Our Linux machine, from which we need to access client's machine is located on cloud. The connection to be established is ...
Tapo's user avatar
  • 63
4 votes
3 answers
17k views

Connecting to a FortiGate VPN from a remote Linux machine via OpenSwan

Here's the setup: I have a FortiGate unit on a business network, which has a FortiGate VPN set up. Machines on a remote network that can run FortiClient (Windows and Mac machines) have no problem ...
user2892724's user avatar
0 votes
1 answer
451 views

IPSEC VPN site-to-"alias"

I am trying to connect my CentOS (CentOS release 6.7) server to a 3rd party VPN so traffic can be routed between my Apache instance listening on an aliased private IP (192.168.253.1), through the ...
user5917373's user avatar
6 votes
2 answers
37k views

How to enable debug logs in OpenSwan?

I use OpenSwan IPSec tunnel on CentOS 6.7. I have added the following configuration in /etc/ipsec.secrets according to this link: http://linux.die.net/man/5/ipsec.conf config setup plutodebug=all ...
Michael's user avatar
  • 597
2 votes
3 answers
11k views

ipsec: Can't authenticate: no preshared key found for

I'm using Openswan with ipsec and ipsec keeps complaining about the shared-key not being present. I'm running Ubuntu 14.04 . I'm just experimenting on a couple of internal systems since I'm new to ...
Dustin Oprea's user avatar
1 vote
0 answers
420 views

Openswan to Cisco ASA IPSec tunnel - specific IP address range required. Netmap?

I'm attempting to set up a VPN tunnel between a Cisco ASA 5520 and an Openswan server running on Ubuntu 14.04 on a Amazon VPC instance. I do not have access to the ASA, and have been given the ...
Adam's user avatar
  • 11
1 vote
0 answers
121 views

IPsec and pinging rightsubnets

I have been racking my brain about this. I have openswan running and I have been able to get tunnels up. Unfortunately, when I try to ping computers on my right subnet, I am not able to get any ...
confused's user avatar
0 votes
0 answers
2k views

OpenSwan VPN IPSEC Tunnel Connection

I was hoping this website would be able to help with solving this issue since I've been running in circles on my end! I am using OpenSwan to setup an IPSec tunnel between a VPN server on Rackspace ...
Nare's user avatar
  • 55
0 votes
1 answer
2k views

Malformed Payload recieved from juniper firewall to libreswan while setting up an IPSec Tunnel

I have a CentOS system with libreswan behind a router with static IP, and I have been trying to setup an IPSec tunnel with a server at remote location having juniper firewall. The IPSec VPN settings ...
packet's user avatar
  • 3
0 votes
1 answer
1k views

openSwan VPN is up can't ping remote subnet

When I run the command ipsec auto status i get the following output: ...... 172.16.255.1/32===104.131.13.155<104.131.13.155>:17/1701...41.203.65.124<41.203. 65.124>===10.100....
Oladipo Olasemo's user avatar
1 vote
1 answer
903 views

IPSec Tunnel goes down during long periods of inactivity

I have 2 AWS regions I have connected using an OpenSWAN IPSec tunnel. This works great in our production environment but in our test environment where 1 of the regions has long periods of inactivity, ...
Uberzen1's user avatar
  • 189
1 vote
1 answer
6k views

How to start and stop a libreswan connection

I have a connection configured on my libreswan instance on two machines. The connection start automatically when I start the pluto daemon, I have try other settings, but the connection also starts if ...
Colanta's user avatar
  • 11
0 votes
1 answer
715 views

Can't ping public endpoints when IPSec tunnel is up

I'm using openswan to link two machines via IPSec. The tunnel comes online fine and I have connectivity to each endpoint via the VPN. However, when the tunnel is up, I lose connectivity to the ...
user98651's user avatar
2 votes
0 answers
1k views

Openswan IPSec VPN on AWS tunnel established but no traffic

I am setting up a tunnel with a telco using AWS/VPC/EC2/Centos7/Libreswan and have been stuck for weeks. Appreciate any help! I have 192.168.16.73 (VPN GW, EIP 52.76.x.x) and 192.168.16.116 (...
Tai Shih Chau's user avatar
2 votes
1 answer
5k views

Two tunnels with same rightsubnet for StrongSWAN/OpenSWAN

I'm trying to set up the "Option 3" configuration for Google Cloud VPN, with two Google Cloud VPN gateways on the left and StrongSWAN or OpenSWAN on the right: If you have two Peer VPN gateways and ...
lambshaanxy's user avatar
3 votes
0 answers
657 views

Is there an extension of host to host ipsec to a many-many configuration?

Having a typical host to host transport mode ipsec configuration, conn appserver01-to-swift01 [email protected] left=10.133.176.246 leftrsasigkey=xxxxxxxxxxxxxxxxxxxxxxxx ...
user22866's user avatar
  • 151
0 votes
1 answer
1k views

IPsec VPN between Fortigate 60C and openswan up, but no traffic

I get visual confirmation that the tunnel is working from the fortigate GUI but, it also says i don't have 1 byte of traffic, the linux server also confirms the tunnel is open but i can't ping nowhere,...
Julio Villalba's user avatar
4 votes
1 answer
7k views

VPN ERROR 500 STATE_MAIN_I1, unable to start phase2

i'm trying to set up a site to site vpn to a fortigate 60c from a CentOS 7 with openswan, the error i get everytime is the following 000 #1: "office":500 STATE_MAIN_I1 (sent MI1, expecting MR1); ...
Julio Villalba's user avatar
0 votes
1 answer
2k views

CentOS 7 ipsec hardware rngd erorr

ipsec verify Hardware RNG detected, testing if used properly [FAILED] Hardware RNG is present but 'rngd' is not running. No harware random used! Someone suggest to edit /etc/sysconfig/...
Jichao's user avatar
  • 3,067
1 vote
0 answers
625 views

openswan IPSEC site to site randomly disconnects on debian server

goodmorning my friends, this is my situation: I have two debian servers with static IP connected through a site to site VPN OPENSWAN, everything works like a charm, I can ping the entire lan from any ...
silvered.dragon's user avatar
0 votes
1 answer
728 views

OpenSwan Dead Peer Detection for Mac WIFI clients

I am running an OpenSwan server to facilitate client-server connections into a secure data centre. I have a problem with the standard L2TP over IPSEC client in MacOS, specifically when using WIFI. ...
Garreth McDaid's user avatar
1 vote
1 answer
8k views

IPSec VPN Fortigate Phase 2 stuck

Trying to setup a VPN connection to Office Fortigate but I can't pass phase 2. Received info from sysadmins: PSK IKE v1 Aggressive mode Phase1 3DES-SHA1 DH group 5 Key lifetime 28800 XAUTH PAP ...
H.Rabiee's user avatar
  • 111
0 votes
0 answers
3k views

Site-to site Configuration between OpenSwan and Cisco ASA

I am making site-to-site vpn connection using amazon ec2 linux and cisco asa router ( please note i donot have access to router only configuration is provided.) CISCO ASA CONFIGURATION : ...
Himanshu Singhal's user avatar
4 votes
2 answers
8k views

subnet-to-subnet libreswan ipsec vpn

I'm configuring a "subnet to subnet VPN" between two Centos 7 server using libreswan. Each server has two nic as showed in the following image. I would allow secure communication between the subnets ...
NoNoNo's user avatar
  • 1,983
0 votes
0 answers
1k views

iptables DNAT packets into an openswan IPSEC tunnel

I have the following network setup: +-----------------------------------+ | | +-------...
Christian Anton's user avatar
2 votes
2 answers
2k views

How to deny connections to xl2tp without ipsec encryption?

I try to setup l2tp+ipsec server for my mobile use and my home router use. So I made some setup and checked it works fine from android device. I see encryption on ipsec --status. My system is CentOS ...
Insspb's user avatar
  • 33
1 vote
0 answers
541 views

Openswan and Cisco ASA

i have post this same question on "Unix & Linux" but iv got no answer and will delete from there but ill try here too. I need this as soon as possible to solve it or at least to find out what is ...
IvanCD's user avatar
  • 27
0 votes
1 answer
104 views

IP Addresses over IPSec

I've got four hosts setup as follows: I've got an IPSec tunnel via OpenSwan over the internet between Servers B and C. Servers A and D are configured to route traffic to the other via B and C ...
Alex's user avatar
  • 29
2 votes
0 answers
3k views

Creating redundant IPSec connections using OpenSwan

I have a linux (netkey) instance with openswan installed, the instance has two connection to the same IPSec peer that needs to act as redundant connections. both connections' properties are the same (...
Amir's user avatar
  • 21
0 votes
0 answers
2k views

OpenSwan IPsec connection drops after 30 seconds

I'm trying to connect from my Linux Mint 16 box to a CloudStack server through IPsec L2TP. Building up the connection works (pings work across the tunnel). However 30 seconds later the IPsec tunnel ...
drcore's user avatar
  • 1
5 votes
1 answer
12k views

Site-to-Site IPsec vpn not sending ping across a tunnel

This is my first attempt at a site-to-site VPN. I chose to use IPec because it appeared to be the best solution for what I needed to accomplish. I've followed several different tutorials over the last ...
autisticgeek's user avatar
1 vote
0 answers
3k views

Cannot connect to IPSEC/L2TP VPN Arch Linux/Windows 8

I have check a lot of other L2TP/IPsec VPN post and none of them seem to quite match the issues I am having so here is what going on. I am trying to set up a VPN on my Arch Linux server that I can ...
angellusmortis's user avatar
-1 votes
1 answer
1k views

Openswan and OpenVPN

I have installed Openswan and have configured IPSec tunnels and they work perfect until i install OpenVPN. Now i can't find out way the ping wont work. When i execute the "service ipsec status" it ...
IvanCD's user avatar
  • 27
2 votes
0 answers
2k views

Is it possible to do IPSec Site to Site VPN without static & public IP on one end?

I am working on a project for my engineering degree that requires me to interface with some pre-existing equipment, so I am rather limited on my options. I'm rather new to VPN and ipsec for that ...
BobTuckerman's user avatar
3 votes
1 answer
6k views

Openswan Cisco ASA 9.1 -- cannot resopnd to IPsec SA request because no connection is known for

Ok, so I have a simple VPN IPSEC setup with a single Linux host that has a public IP address and a loopback interface of 172.16.255.1. On the right side I have a Cisco ASA 5505 9.1. the issue is the ...
Jim's user avatar
  • 988