Questions tagged [openswan]
The openswan tag has no usage guidance.
130
questions
27
votes
1
answer
60k
views
IPsec for Linux - strongSwan vs Openswan vs Libreswan vs other(?) [closed]
Searching for IPSec and Linux one inevitably will be confronted with different solutions (see below) which all seem quite similar. The question is: where is the difference?
I found these projects. All ...
8
votes
1
answer
10k
views
Can OpenSWAN replace OpenVPN?
Background
I have a working OpenVPN setup right now, where users can connect the the private network at home with their computers.
However most phones only support IPSec, so I would like to offer ...
7
votes
1
answer
22k
views
Can't get past "pending Phase 2" on OpenSWAN <-> ISA Server IPSec VPN
The issue
I´m having quite a hard time configuring OpenSWAN on my Linux server (Ubuntu 12.04) to connect to an ISA Server 2004 IPSec VPN. There is apparently something wrong in the configuration that ...
7
votes
1
answer
4k
views
L2TP over IPSec VPN with OpenSwan and XL2TPD can't connect, timeout on Centos 6
I'm setting up LT2p over IPSec on my Centos 6.3 fresh install.
I have iptables flushed, permit all.
Whenever I try to connect, i get a 'no reply from vpn' and nothi
Here's my ipsec.conf file (...
6
votes
1
answer
66k
views
IPsec VPN site-to-site: How should I configure the ipsec.conf files on both sites to get the tunnel up?
What I am trying to do is to create a site-to-site IPsec VPN between my network and my friend's network. We both have a router and two computers on each router, with all computers running Linux. So I ...
6
votes
3
answers
26k
views
Simple L2TP/IPsec server not working (openswan, xl2tpd, Ubuntu, Windows)
I configured openswan and xl2tpd on an Ubuntu 12.04 server (on EC2) by following various tutorials/documentation which seem to largely say the same things, but most recently this one.
However, my ...
6
votes
2
answers
37k
views
How to enable debug logs in OpenSwan?
I use OpenSwan IPSec tunnel on CentOS 6.7.
I have added the following configuration in /etc/ipsec.secrets according to this link: http://linux.die.net/man/5/ipsec.conf
config setup
plutodebug=all
...
6
votes
1
answer
3k
views
IPSec + L2TP + NAT-Traversal does not work for multiple clients behind same nat
I have recently configured a VPN server hosted in AWS EC2.
Details: Centos 6.4, openswan, xl2tpd, NAT-traversal.
The configuration works great for a scenario when only one user connects form a given ...
6
votes
2
answers
7k
views
Issue routing openswan vpn traffic beyond the server
Trying to set up a openswan based server sitting in an Amazon VPC cluster. The goal is to make it so we can VPN into VPC and have our workstations be as if they were on the network, more of a ...
5
votes
1
answer
12k
views
Site-to-Site IPsec vpn not sending ping across a tunnel
This is my first attempt at a site-to-site VPN. I chose to use IPec because it appeared to be the best solution for what I needed to accomplish. I've followed several different tutorials over the last ...
5
votes
1
answer
3k
views
Connecting to Meraki Client VPN from Ubuntu w strongswan and xl2tpd
I have a virtual appliance running Ubuntu 14 that I would like to connect to a remote network via Meraki Client VPN.
I have found instructions for installing and configuring strongswan and xl2tpd on ...
5
votes
2
answers
8k
views
Site to Site VPN error 'received hash payload does not match computed value'
We need to access a couple of Linux machines located at our client's end.
Our Linux machine, from which we need to access client's machine is located on cloud.
The connection to be established is ...
4
votes
3
answers
42k
views
FortiGate IPsec VPN: Configuring Multiple Phase 2 Connections (Multiple Subnets)
I am trying to make an IPsec connection to a FortiGate router using OpenSwan. The FortiGate sits on two distinct subnets and I need to access both of them. In the FortiGate I have defined one Phase 1 ...
4
votes
2
answers
20k
views
Openswan tunnel up, but works only in one direction
I've successfully established an IPsec connection, but it works only partially. One side does not send out packets through the tunnel. It seems as if the network topology is unclear to this side.
...
4
votes
2
answers
4k
views
Connecting to IPSec/L2tp with OpenSwan/xl2tpd from Windows7 to Amazon EC2
I am trying to connect from my Windows7 at home to my OpenSwan/xl2tpd setup on an Ubuntu EC2 instance at Amazon.
It is a connection being NATed from both the client and server ends.
I was following ...
4
votes
3
answers
17k
views
Connecting to a FortiGate VPN from a remote Linux machine via OpenSwan
Here's the setup:
I have a FortiGate unit on a business network, which has a FortiGate VPN set up. Machines on a remote network that can run FortiClient (Windows and Mac machines) have no problem ...
4
votes
1
answer
7k
views
VPN ERROR 500 STATE_MAIN_I1, unable to start phase2
i'm trying to set up a site to site vpn to a fortigate 60c from a CentOS 7 with openswan, the error i get everytime is the following
000 #1: "office":500 STATE_MAIN_I1 (sent MI1, expecting MR1);
...
4
votes
2
answers
8k
views
subnet-to-subnet libreswan ipsec vpn
I'm configuring a "subnet to subnet VPN" between two Centos 7 server using libreswan.
Each server has two nic as showed in the following image.
I would allow secure communication between the subnets ...
4
votes
0
answers
1k
views
How do I configure OpenSwan to allow pure IPsec (not L2TP) connections from an iPhone?
Similar to this question, I want to configure an IPsec server on Linux which will accept connections from the iPhone. However, unlike the other question, I want to be able to test with pre-shared keys ...
3
votes
3
answers
15k
views
openswan multiple subnets routing issue
I am trying to setup an OpenSwan(2.6.32) on CentOS 6.5 (final) to connect the remote VPC gateway on Amazon cloud. I got the tunnel up. However, only the traffic from/to the last ip range defined in ...
3
votes
1
answer
8k
views
Tunnel is up but I can't ping
I need to understand and resolve my issue. I know openswan works because when I connect from home network with an internal ip address of 10.0.0.97 to work's VPN, I'm able to ping but when I use the ...
3
votes
1
answer
6k
views
Openswan Cisco ASA 9.1 -- cannot resopnd to IPsec SA request because no connection is known for
Ok, so I have a simple VPN IPSEC setup with a single Linux host that has a public IP address and a loopback interface of 172.16.255.1. On the right side I have a Cisco ASA 5505 9.1. the issue is the ...
3
votes
1
answer
2k
views
L2TP VPN Connection on Debian Squeeze
I need to make an L2TP VPN connection from a Debian Squeeze server.
What I have is:
The server IP address
Shared Key
My username and password
Just using these 3 parameteres I can establish the VPN ...
3
votes
0
answers
644
views
OpenSwan IPSec log explanation
I am trying to understand the IPSec logs. Would be really great if someone can help me to understand the main things I look for and how to troubleshoot any ipsec issue. Would be really great of ...
3
votes
0
answers
657
views
Is there an extension of host to host ipsec to a many-many configuration?
Having a typical host to host transport mode ipsec configuration,
conn appserver01-to-swift01
[email protected]
left=10.133.176.246
leftrsasigkey=xxxxxxxxxxxxxxxxxxxxxxxx
...
3
votes
0
answers
573
views
Openswan and sonicwall and encryption parameters
This error leads me to investigate my encryption parameters:
003 "sonicwall" #2: ignoring unknown Vendor ID payload [...]
Can some expert please have a look at tell me what is wrong?
Sonic wall (...
3
votes
1
answer
4k
views
IKE Phase 1 Aggressive Mode exchange does not complete
I've configured a 3G IP Gateway of mine to connect using IKE Phase 1 Aggressive Mode with PSK to my openswan installation running on Ubuntu server 12.04. I've configured openswan as follows:
/etc/...
2
votes
1
answer
8k
views
How do I configure routing for an IPSEC tunnel between Openswan and RouterOS
I am trying to create a site-to-site VPN between a Linux router that runs openswan and shorewall (host A, serving subnet 10.10.0.0/16) and a MikroTek RouterBoard running RouterOS 6.3 (host B, serving ...
2
votes
1
answer
5k
views
Two tunnels with same rightsubnet for StrongSWAN/OpenSWAN
I'm trying to set up the "Option 3" configuration for Google Cloud VPN, with two Google Cloud VPN gateways on the left and StrongSWAN or OpenSWAN on the right:
If you have two Peer VPN gateways and ...
2
votes
1
answer
13k
views
openswan and xl2tpd tunnel not working?
Since weeks i want to setup l2tp tunnel with xl2tpd and openswan in debian wheezy, the external interface is ppp0 with dynamic ip and the internal interface is eth0 with ip address 192.168.1.1.
l2tp ...
2
votes
1
answer
14k
views
Openswan ipsec transport tunnel not going up
On ClusterA and B I have installed the "openswan" package on Debian Squeeze.
ClusterA ip is 172.16.0.107, B is 172.16.0.108
When they ping one another, it does not reach the destination.
/etc/ipsec....
2
votes
1
answer
2k
views
OpenSwan IPsec tunnel to Azure Gateway is established but unable to connect
I am currently trying to set up a IPsec tunnel between my on-premise center and to the VPN in Azure. I am setting up OpenSwan 2.6.23 on an Ubuntu Lucid box, and my box is behind a NAT.
ipsec.conf
...
2
votes
2
answers
2k
views
How to deny connections to xl2tp without ipsec encryption?
I try to setup l2tp+ipsec server for my mobile use and my home router use.
So I made some setup and checked it works fine from android device. I see encryption on ipsec --status.
My system is CentOS ...
2
votes
1
answer
9k
views
Configure ipsec vpn tunnel (network to network with IKE with preshared key) on Centos 6 with openswan
I have Cisco Linksys router configured as VPN gateway (network to network) :
Now I wanna configure ipsec VPN similarly on Centos 6 with openswan. I was looking in internet but have no luck (there are ...
2
votes
1
answer
3k
views
VPN iptables Forwarding: Net-to-net
I've tried to look elsewhere on this site but I couldn't find anything matching this problem. Right now I have an ipsec tunnel open between our local network and a remote network.
Currently, the ...
2
votes
2
answers
3k
views
How do I configure a Linux VPN Client to get into a network through a Fortigate firewall?
In order to connect to my job's VPN, I have been given by the network admin:
a username
a password
a PSK
I run Ubuntu at home. I know Fortigate's VPN should be a vanilla IPSec, so OpenSwan should do ...
2
votes
1
answer
162
views
what is the proposal string for aes-gem256 deffie helman group 20, esp
As a developer tasked with connecting to a vpn without preconfigured profile scripts, i'm fumbling through setting up a strongswan ipsec.conf file. My current hurdle is an "invalid proposal ...
2
votes
1
answer
4k
views
Routing between OpenSWAN / IPSEC tunnels
I am trying to connect multiple Amazon VPCs (across regions) together using OpenSWAN and Amazon VGW's. The router instance can ping to hosts in both VPCs, and traffic is attempting to cross the router,...
2
votes
3
answers
11k
views
ipsec: Can't authenticate: no preshared key found for
I'm using Openswan with ipsec and ipsec keeps complaining about the shared-key not being present. I'm running Ubuntu 14.04 .
I'm just experimenting on a couple of internal systems since I'm new to ...
2
votes
0
answers
1k
views
Openswan IPSec VPN on AWS tunnel established but no traffic
I am setting up a tunnel with a telco using AWS/VPC/EC2/Centos7/Libreswan and have been stuck for weeks. Appreciate any help!
I have 192.168.16.73 (VPN GW, EIP 52.76.x.x) and 192.168.16.116 (...
2
votes
0
answers
3k
views
Creating redundant IPSec connections using OpenSwan
I have a linux (netkey) instance with openswan installed, the instance has two connection to the same IPSec peer that needs to act as redundant connections. both connections' properties are the same (...
2
votes
0
answers
305
views
Openswan bad routing record after connect
I have a problem in openswan configuration. In the routing table create following lines on the client, after connect to server:
Dest mask Gateway Conn Metric
0.0.0.0 ...
2
votes
0
answers
754
views
OpenSwan + AWS + Ubuntu 14.04 - Cannot reach server
i'm currently trying to set up a VPN in order to login into a private subnet hosted on AWS.
The target host has Ubuntu 14.04 and installed OpenSwan.
I've setup ipsec.conf, ipsec.secrets, xl2tpd.conf, ...
2
votes
0
answers
2k
views
Is it possible to do IPSec Site to Site VPN without static & public IP on one end?
I am working on a project for my engineering degree that requires me to interface with some pre-existing equipment, so I am rather limited on my options. I'm rather new to VPN and ipsec for that ...
2
votes
0
answers
579
views
IPsec connection established but xl2tpd times out
This may or may not be related to my problem with passing ipsec verify.
I have configured L2TP/IPsec VPN on Ubuntu 13.04 following Ubuntu's community documentation and while IPsec connection seems ...
2
votes
0
answers
13k
views
ipsec IKE phase 1 failure
I have a wireless gateway that supports site-to-site IPSec. I have configured openswan on Ubuntu Server 12.04 (left side of the tunnel) with the following /etc/ipsec.conf:
version 2.0
config setup
...
2
votes
0
answers
278
views
Sending L2tp/IPsec PSK client packets to OpenSwan server
I'm trying (kind of) to create VPN client, I set my server on Ubuntu using OpenSwan (L2tp/IPsec PSK). What I'm doing right now is sending packets to my server and trying to exchange my keys with the ...
1
vote
1
answer
852
views
iPhone VPN with OpenSwan fails to reconnect
I have managed to configure VPN with iPhone and OpenSWAN on Linux 2.6. Though, when disconnecting the iphone and reconnecting, it times out.
I have found that:
1) no packets are being sent when you ...
1
vote
2
answers
4k
views
Openswan tunnel to remote public NAT'd host
Need help on this VPN set-up to work.
Left-hand. EC2:
eth0:10.0.0.100/EIP=1.1.1.1 (ie. NAT'd IP)
eth1:10.0.0.200/EIP=2.2.2.2
Peer ip/leftid: 1.1.1.1
Right-hand. Cisco:
Peer ip: 3.3.3.3
Peer ...
1
vote
1
answer
5k
views
Centos 6.3 OpenSWAN doesn't find my connection
I've been tearing my hair off in frustration for too long and decided Serverfault might be able to help. Could anyone somehow explain this?
I've reinstalled openswan/ipsec with purge multiple times, ...