Skip to main content

Questions tagged [openswan]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
27 votes
1 answer
60k views

IPsec for Linux - strongSwan vs Openswan vs Libreswan vs other(?) [closed]

Searching for IPSec and Linux one inevitably will be confronted with different solutions (see below) which all seem quite similar. The question is: where is the difference? I found these projects. All ...
masgo's user avatar
  • 433
8 votes
1 answer
10k views

Can OpenSWAN replace OpenVPN?

Background I have a working OpenVPN setup right now, where users can connect the the private network at home with their computers. However most phones only support IPSec, so I would like to offer ...
Sandra's user avatar
  • 10.6k
7 votes
1 answer
22k views

Can't get past "pending Phase 2" on OpenSWAN <-> ISA Server IPSec VPN

The issue I´m having quite a hard time configuring OpenSWAN on my Linux server (Ubuntu 12.04) to connect to an ISA Server 2004 IPSec VPN. There is apparently something wrong in the configuration that ...
GomoX's user avatar
  • 826
7 votes
1 answer
4k views

L2TP over IPSec VPN with OpenSwan and XL2TPD can't connect, timeout on Centos 6

I'm setting up LT2p over IPSec on my Centos 6.3 fresh install. I have iptables flushed, permit all. Whenever I try to connect, i get a 'no reply from vpn' and nothi Here's my ipsec.conf file (...
Disco's user avatar
  • 1,451
6 votes
1 answer
66k views

IPsec VPN site-to-site: How should I configure the ipsec.conf files on both sites to get the tunnel up?

What I am trying to do is to create a site-to-site IPsec VPN between my network and my friend's network. We both have a router and two computers on each router, with all computers running Linux. So I ...
Deneb's user avatar
  • 107
6 votes
3 answers
26k views

Simple L2TP/IPsec server not working (openswan, xl2tpd, Ubuntu, Windows)

I configured openswan and xl2tpd on an Ubuntu 12.04 server (on EC2) by following various tutorials/documentation which seem to largely say the same things, but most recently this one. However, my ...
xyzzyrz's user avatar
  • 1,665
6 votes
2 answers
37k views

How to enable debug logs in OpenSwan?

I use OpenSwan IPSec tunnel on CentOS 6.7. I have added the following configuration in /etc/ipsec.secrets according to this link: http://linux.die.net/man/5/ipsec.conf config setup plutodebug=all ...
Michael's user avatar
  • 597
6 votes
1 answer
3k views

IPSec + L2TP + NAT-Traversal does not work for multiple clients behind same nat

I have recently configured a VPN server hosted in AWS EC2. Details: Centos 6.4, openswan, xl2tpd, NAT-traversal. The configuration works great for a scenario when only one user connects form a given ...
Fentik's user avatar
  • 61
6 votes
2 answers
7k views

Issue routing openswan vpn traffic beyond the server

Trying to set up a openswan based server sitting in an Amazon VPC cluster. The goal is to make it so we can VPN into VPC and have our workstations be as if they were on the network, more of a ...
Ken Robertson's user avatar
5 votes
1 answer
12k views

Site-to-Site IPsec vpn not sending ping across a tunnel

This is my first attempt at a site-to-site VPN. I chose to use IPec because it appeared to be the best solution for what I needed to accomplish. I've followed several different tutorials over the last ...
autisticgeek's user avatar
5 votes
1 answer
3k views

Connecting to Meraki Client VPN from Ubuntu w strongswan and xl2tpd

I have a virtual appliance running Ubuntu 14 that I would like to connect to a remote network via Meraki Client VPN. I have found instructions for installing and configuring strongswan and xl2tpd on ...
user3794652's user avatar
5 votes
2 answers
8k views

Site to Site VPN error 'received hash payload does not match computed value'

We need to access a couple of Linux machines located at our client's end. Our Linux machine, from which we need to access client's machine is located on cloud. The connection to be established is ...
Tapo's user avatar
  • 63
4 votes
3 answers
42k views

FortiGate IPsec VPN: Configuring Multiple Phase 2 Connections (Multiple Subnets)

I am trying to make an IPsec connection to a FortiGate router using OpenSwan. The FortiGate sits on two distinct subnets and I need to access both of them. In the FortiGate I have defined one Phase 1 ...
FixMaker's user avatar
  • 235
4 votes
2 answers
20k views

Openswan tunnel up, but works only in one direction

I've successfully established an IPsec connection, but it works only partially. One side does not send out packets through the tunnel. It seems as if the network topology is unclear to this side. ...
grasbueschel's user avatar
4 votes
2 answers
4k views

Connecting to IPSec/L2tp with OpenSwan/xl2tpd from Windows7 to Amazon EC2

I am trying to connect from my Windows7 at home to my OpenSwan/xl2tpd setup on an Ubuntu EC2 instance at Amazon. It is a connection being NATed from both the client and server ends. I was following ...
Noam Singer's user avatar
4 votes
3 answers
17k views

Connecting to a FortiGate VPN from a remote Linux machine via OpenSwan

Here's the setup: I have a FortiGate unit on a business network, which has a FortiGate VPN set up. Machines on a remote network that can run FortiClient (Windows and Mac machines) have no problem ...
user2892724's user avatar
4 votes
1 answer
7k views

VPN ERROR 500 STATE_MAIN_I1, unable to start phase2

i'm trying to set up a site to site vpn to a fortigate 60c from a CentOS 7 with openswan, the error i get everytime is the following 000 #1: "office":500 STATE_MAIN_I1 (sent MI1, expecting MR1); ...
Julio Villalba's user avatar
4 votes
2 answers
8k views

subnet-to-subnet libreswan ipsec vpn

I'm configuring a "subnet to subnet VPN" between two Centos 7 server using libreswan. Each server has two nic as showed in the following image. I would allow secure communication between the subnets ...
NoNoNo's user avatar
  • 1,983
4 votes
0 answers
1k views

How do I configure OpenSwan to allow pure IPsec (not L2TP) connections from an iPhone?

Similar to this question, I want to configure an IPsec server on Linux which will accept connections from the iPhone. However, unlike the other question, I want to be able to test with pre-shared keys ...
mpontillo's user avatar
  • 924
3 votes
3 answers
15k views

openswan multiple subnets routing issue

I am trying to setup an OpenSwan(2.6.32) on CentOS 6.5 (final) to connect the remote VPC gateway on Amazon cloud. I got the tunnel up. However, only the traffic from/to the last ip range defined in ...
user2413287's user avatar
3 votes
1 answer
8k views

Tunnel is up but I can't ping

I need to understand and resolve my issue. I know openswan works because when I connect from home network with an internal ip address of 10.0.0.97 to work's VPN, I'm able to ping but when I use the ...
BioRod's user avatar
  • 313
3 votes
1 answer
6k views

Openswan Cisco ASA 9.1 -- cannot resopnd to IPsec SA request because no connection is known for

Ok, so I have a simple VPN IPSEC setup with a single Linux host that has a public IP address and a loopback interface of 172.16.255.1. On the right side I have a Cisco ASA 5505 9.1. the issue is the ...
Jim's user avatar
  • 988
3 votes
1 answer
2k views

L2TP VPN Connection on Debian Squeeze

I need to make an L2TP VPN connection from a Debian Squeeze server. What I have is: The server IP address Shared Key My username and password Just using these 3 parameteres I can establish the VPN ...
Lashae's user avatar
  • 183
3 votes
0 answers
644 views

OpenSwan IPSec log explanation

I am trying to understand the IPSec logs. Would be really great if someone can help me to understand the main things I look for and how to troubleshoot any ipsec issue. Would be really great of ...
rrene's user avatar
  • 131
3 votes
0 answers
657 views

Is there an extension of host to host ipsec to a many-many configuration?

Having a typical host to host transport mode ipsec configuration, conn appserver01-to-swift01 [email protected] left=10.133.176.246 leftrsasigkey=xxxxxxxxxxxxxxxxxxxxxxxx ...
user22866's user avatar
  • 151
3 votes
0 answers
573 views

Openswan and sonicwall and encryption parameters

This error leads me to investigate my encryption parameters: 003 "sonicwall" #2: ignoring unknown Vendor ID payload [...] Can some expert please have a look at tell me what is wrong? Sonic wall (...
jcalfee314's user avatar
3 votes
1 answer
4k views

IKE Phase 1 Aggressive Mode exchange does not complete

I've configured a 3G IP Gateway of mine to connect using IKE Phase 1 Aggressive Mode with PSK to my openswan installation running on Ubuntu server 12.04. I've configured openswan as follows: /etc/...
Isaac Sutherland's user avatar
2 votes
1 answer
8k views

How do I configure routing for an IPSEC tunnel between Openswan and RouterOS

I am trying to create a site-to-site VPN between a Linux router that runs openswan and shorewall (host A, serving subnet 10.10.0.0/16) and a MikroTek RouterBoard running RouterOS 6.3 (host B, serving ...
dorian's user avatar
  • 437
2 votes
1 answer
5k views

Two tunnels with same rightsubnet for StrongSWAN/OpenSWAN

I'm trying to set up the "Option 3" configuration for Google Cloud VPN, with two Google Cloud VPN gateways on the left and StrongSWAN or OpenSWAN on the right: If you have two Peer VPN gateways and ...
lambshaanxy's user avatar
2 votes
1 answer
13k views

openswan and xl2tpd tunnel not working?

Since weeks i want to setup l2tp tunnel with xl2tpd and openswan in debian wheezy, the external interface is ppp0 with dynamic ip and the internal interface is eth0 with ip address 192.168.1.1. l2tp ...
shams's user avatar
  • 21
2 votes
1 answer
14k views

Openswan ipsec transport tunnel not going up

On ClusterA and B I have installed the "openswan" package on Debian Squeeze. ClusterA ip is 172.16.0.107, B is 172.16.0.108 When they ping one another, it does not reach the destination. /etc/ipsec....
gparent's user avatar
  • 3,632
2 votes
1 answer
2k views

OpenSwan IPsec tunnel to Azure Gateway is established but unable to connect

I am currently trying to set up a IPsec tunnel between my on-premise center and to the VPN in Azure. I am setting up OpenSwan 2.6.23 on an Ubuntu Lucid box, and my box is behind a NAT. ipsec.conf ...
leeeennyy's user avatar
2 votes
2 answers
2k views

How to deny connections to xl2tp without ipsec encryption?

I try to setup l2tp+ipsec server for my mobile use and my home router use. So I made some setup and checked it works fine from android device. I see encryption on ipsec --status. My system is CentOS ...
Insspb's user avatar
  • 33
2 votes
1 answer
9k views

Configure ipsec vpn tunnel (network to network with IKE with preshared key) on Centos 6 with openswan

I have Cisco Linksys router configured as VPN gateway (network to network) : Now I wanna configure ipsec VPN similarly on Centos 6 with openswan. I was looking in internet but have no luck (there are ...
B14D3's user avatar
  • 5,278
2 votes
1 answer
3k views

VPN iptables Forwarding: Net-to-net

I've tried to look elsewhere on this site but I couldn't find anything matching this problem. Right now I have an ipsec tunnel open between our local network and a remote network. Currently, the ...
Mike Holler's user avatar
2 votes
2 answers
3k views

How do I configure a Linux VPN Client to get into a network through a Fortigate firewall?

In order to connect to my job's VPN, I have been given by the network admin: a username a password a PSK I run Ubuntu at home. I know Fortigate's VPN should be a vanilla IPSec, so OpenSwan should do ...
GomoX's user avatar
  • 826
2 votes
1 answer
162 views

what is the proposal string for aes-gem256 deffie helman group 20, esp

As a developer tasked with connecting to a vpn without preconfigured profile scripts, i'm fumbling through setting up a strongswan ipsec.conf file. My current hurdle is an "invalid proposal ...
T3.0's user avatar
  • 121
2 votes
1 answer
4k views

Routing between OpenSWAN / IPSEC tunnels

I am trying to connect multiple Amazon VPCs (across regions) together using OpenSWAN and Amazon VGW's. The router instance can ping to hosts in both VPCs, and traffic is attempting to cross the router,...
Jason Martin's user avatar
  • 5,113
2 votes
3 answers
11k views

ipsec: Can't authenticate: no preshared key found for

I'm using Openswan with ipsec and ipsec keeps complaining about the shared-key not being present. I'm running Ubuntu 14.04 . I'm just experimenting on a couple of internal systems since I'm new to ...
Dustin Oprea's user avatar
2 votes
0 answers
1k views

Openswan IPSec VPN on AWS tunnel established but no traffic

I am setting up a tunnel with a telco using AWS/VPC/EC2/Centos7/Libreswan and have been stuck for weeks. Appreciate any help! I have 192.168.16.73 (VPN GW, EIP 52.76.x.x) and 192.168.16.116 (...
Tai Shih Chau's user avatar
2 votes
0 answers
3k views

Creating redundant IPSec connections using OpenSwan

I have a linux (netkey) instance with openswan installed, the instance has two connection to the same IPSec peer that needs to act as redundant connections. both connections' properties are the same (...
Amir's user avatar
  • 21
2 votes
0 answers
305 views

Openswan bad routing record after connect

I have a problem in openswan configuration. In the routing table create following lines on the client, after connect to server: Dest mask Gateway Conn Metric 0.0.0.0 ...
user218547's user avatar
2 votes
0 answers
754 views

OpenSwan + AWS + Ubuntu 14.04 - Cannot reach server

i'm currently trying to set up a VPN in order to login into a private subnet hosted on AWS. The target host has Ubuntu 14.04 and installed OpenSwan. I've setup ipsec.conf, ipsec.secrets, xl2tpd.conf, ...
nbriozzo's user avatar
2 votes
0 answers
2k views

Is it possible to do IPSec Site to Site VPN without static & public IP on one end?

I am working on a project for my engineering degree that requires me to interface with some pre-existing equipment, so I am rather limited on my options. I'm rather new to VPN and ipsec for that ...
BobTuckerman's user avatar
2 votes
0 answers
579 views

IPsec connection established but xl2tpd times out

This may or may not be related to my problem with passing ipsec verify. I have configured L2TP/IPsec VPN on Ubuntu 13.04 following Ubuntu's community documentation and while IPsec connection seems ...
Damn Terminal's user avatar
2 votes
0 answers
13k views

ipsec IKE phase 1 failure

I have a wireless gateway that supports site-to-site IPSec. I have configured openswan on Ubuntu Server 12.04 (left side of the tunnel) with the following /etc/ipsec.conf: version 2.0 config setup ...
Isaac Sutherland's user avatar
2 votes
0 answers
278 views

Sending L2tp/IPsec PSK client packets to OpenSwan server

I'm trying (kind of) to create VPN client, I set my server on Ubuntu using OpenSwan (L2tp/IPsec PSK). What I'm doing right now is sending packets to my server and trying to exchange my keys with the ...
Stigi's user avatar
  • 121
1 vote
1 answer
852 views

iPhone VPN with OpenSwan fails to reconnect

I have managed to configure VPN with iPhone and OpenSWAN on Linux 2.6. Though, when disconnecting the iphone and reconnecting, it times out. I have found that: 1) no packets are being sent when you ...
gilm's user avatar
  • 143
1 vote
2 answers
4k views

Openswan tunnel to remote public NAT'd host

Need help on this VPN set-up to work. Left-hand. EC2: eth0:10.0.0.100/EIP=1.1.1.1 (ie. NAT'd IP) eth1:10.0.0.200/EIP=2.2.2.2 Peer ip/leftid: 1.1.1.1 Right-hand. Cisco: Peer ip: 3.3.3.3 Peer ...
dcvpn's user avatar
  • 31
1 vote
1 answer
5k views

Centos 6.3 OpenSWAN doesn't find my connection

I've been tearing my hair off in frustration for too long and decided Serverfault might be able to help. Could anyone somehow explain this? I've reinstalled openswan/ipsec with purge multiple times, ...
Lars's user avatar
  • 578