Questions tagged [openswan]
The openswan tag has no usage guidance.
130
questions
0
votes
1
answer
119
views
How to get 2 tunnels UP between OpenSwan and AWS?
I have a VPC and network in eu-central-1 and one in eu-west-1 in AWS.
The eu-central-1 fakes my on-prem environment. There I installed and configured OpenSwan on an EC2. In in eu-west-1 I configured a ...
4
votes
2
answers
8k
views
subnet-to-subnet libreswan ipsec vpn
I'm configuring a "subnet to subnet VPN" between two Centos 7 server using libreswan.
Each server has two nic as showed in the following image.
I would allow secure communication between the subnets ...
2
votes
3
answers
11k
views
ipsec: Can't authenticate: no preshared key found for
I'm using Openswan with ipsec and ipsec keeps complaining about the shared-key not being present. I'm running Ubuntu 14.04 .
I'm just experimenting on a couple of internal systems since I'm new to ...
1
vote
1
answer
8k
views
IPSec VPN Fortigate Phase 2 stuck
Trying to setup a VPN connection to Office Fortigate but I can't pass phase
2.
Received info from sysadmins:
PSK
IKE v1
Aggressive mode
Phase1 3DES-SHA1
DH group 5
Key lifetime 28800
XAUTH PAP ...
3
votes
1
answer
4k
views
IKE Phase 1 Aggressive Mode exchange does not complete
I've configured a 3G IP Gateway of mine to connect using IKE Phase 1 Aggressive Mode with PSK to my openswan installation running on Ubuntu server 12.04. I've configured openswan as follows:
/etc/...
2
votes
1
answer
162
views
what is the proposal string for aes-gem256 deffie helman group 20, esp
As a developer tasked with connecting to a vpn without preconfigured profile scripts, i'm fumbling through setting up a strongswan ipsec.conf file. My current hurdle is an "invalid proposal ...
2
votes
1
answer
4k
views
Routing between OpenSWAN / IPSEC tunnels
I am trying to connect multiple Amazon VPCs (across regions) together using OpenSWAN and Amazon VGW's. The router instance can ping to hosts in both VPCs, and traffic is attempting to cross the router,...
1
vote
1
answer
3k
views
OpenSwan - IPSec VPN - tunnel established but can't see a specific server there
I have to connect my server to a VPN tunnel thought Internet to see a local server that is on IP 192.168.20.100
Here are IPSec AND IKE settings from server (not mine , I do not own the VPN server)
...
1
vote
1
answer
2k
views
How to connect VPN Client Openswan
I have VPN server using Openswan with address 103.19.208.247
Then, i want connect my laptop (CENTOS) with IP 103.19.208.243 to VPN server. Here my configuration:
/etc/ipsec.conf
config setup
...
6
votes
2
answers
37k
views
How to enable debug logs in OpenSwan?
I use OpenSwan IPSec tunnel on CentOS 6.7.
I have added the following configuration in /etc/ipsec.secrets according to this link: http://linux.die.net/man/5/ipsec.conf
config setup
plutodebug=all
...
0
votes
1
answer
2k
views
ipsec verify indicates ERRORS "No tunnels up"
I just installed openswan on Ubuntu14. I'm trying to connect to my work's VPN (I have access to the Firewall/VPN btw). When I do a
/usr/sbin/ipsec verify
I get the following:
Checking your system ...
0
votes
1
answer
2k
views
Replace a Cisco VPN IPSec concentrator with an Ubuntu-box
Is it possible to replace a Cisco VPN IPSec concentrator with Ubuntu and for instance Strongswan?
1) Do Strongswan implement the same protocolls that Cisco uses?
2) Can we retrieve keys from the ...
5
votes
1
answer
3k
views
Connecting to Meraki Client VPN from Ubuntu w strongswan and xl2tpd
I have a virtual appliance running Ubuntu 14 that I would like to connect to a remote network via Meraki Client VPN.
I have found instructions for installing and configuring strongswan and xl2tpd on ...
2
votes
2
answers
3k
views
How do I configure a Linux VPN Client to get into a network through a Fortigate firewall?
In order to connect to my job's VPN, I have been given by the network admin:
a username
a password
a PSK
I run Ubuntu at home. I know Fortigate's VPN should be a vanilla IPSec, so OpenSwan should do ...
0
votes
1
answer
146
views
How to clear Openswan logs?
I am a Java developer.
I have been a Linux user for a few years, due to this fact, I was asked to clean up and analyze the disk space of one of our servers.
I came across an 81Gb file called Openswan....
7
votes
1
answer
4k
views
L2TP over IPSec VPN with OpenSwan and XL2TPD can't connect, timeout on Centos 6
I'm setting up LT2p over IPSec on my Centos 6.3 fresh install.
I have iptables flushed, permit all.
Whenever I try to connect, i get a 'no reply from vpn' and nothi
Here's my ipsec.conf file (...
-1
votes
1
answer
1k
views
Openswan and OpenVPN
I have installed Openswan and have configured IPSec tunnels and they work perfect until i install OpenVPN. Now i can't find out way the ping wont work.
When i execute the "service ipsec status" it ...
6
votes
1
answer
3k
views
IPSec + L2TP + NAT-Traversal does not work for multiple clients behind same nat
I have recently configured a VPN server hosted in AWS EC2.
Details: Centos 6.4, openswan, xl2tpd, NAT-traversal.
The configuration works great for a scenario when only one user connects form a given ...
0
votes
1
answer
2k
views
UDP-Packets seem to get lost in IPsec tunnel from Strongswan to AWS cloud - connection works with Openswan
Use case: IOT-device connected through AWS cloud
The IOT-device is behind a router that sends all traffic through aws cloud.
The IOT-server can not be configured and thus is not part of the AWS cloud
...
27
votes
1
answer
60k
views
IPsec for Linux - strongSwan vs Openswan vs Libreswan vs other(?) [closed]
Searching for IPSec and Linux one inevitably will be confronted with different solutions (see below) which all seem quite similar. The question is: where is the difference?
I found these projects. All ...
2
votes
2
answers
2k
views
How to deny connections to xl2tp without ipsec encryption?
I try to setup l2tp+ipsec server for my mobile use and my home router use.
So I made some setup and checked it works fine from android device. I see encryption on ipsec --status.
My system is CentOS ...
3
votes
3
answers
15k
views
openswan multiple subnets routing issue
I am trying to setup an OpenSwan(2.6.32) on CentOS 6.5 (final) to connect the remote VPC gateway on Amazon cloud. I got the tunnel up. However, only the traffic from/to the last ip range defined in ...
4
votes
3
answers
42k
views
FortiGate IPsec VPN: Configuring Multiple Phase 2 Connections (Multiple Subnets)
I am trying to make an IPsec connection to a FortiGate router using OpenSwan. The FortiGate sits on two distinct subnets and I need to access both of them. In the FortiGate I have defined one Phase 1 ...
3
votes
1
answer
2k
views
L2TP VPN Connection on Debian Squeeze
I need to make an L2TP VPN connection from a Debian Squeeze server.
What I have is:
The server IP address
Shared Key
My username and password
Just using these 3 parameteres I can establish the VPN ...
4
votes
3
answers
17k
views
Connecting to a FortiGate VPN from a remote Linux machine via OpenSwan
Here's the setup:
I have a FortiGate unit on a business network, which has a FortiGate VPN set up. Machines on a remote network that can run FortiClient (Windows and Mac machines) have no problem ...
0
votes
1
answer
793
views
Connecting strongswan to badly configured openswan
I'm a bit stuck with configuring strongswan to connect to my office network as it refuses to verifiy the right side in any way, i was wondering if anyone knows of a way to just tell strongswan to ...
1
vote
0
answers
173
views
Trouble with routing on VPN with Openswan IPSec
Good morning, I'm having trouble configuring access to the servers through a VPN. The client can connect to the VPN perfectly, but access to the servers does not work.
The conf of my connection is ...
0
votes
0
answers
194
views
Options for rebuilding OpenSwan box to LibreSwan without downtime?
This is all in an AWS VPC environment.
We have an old Ubuntu 12.04 machine running OpenSwan which is managing a pile of VPN connections. This has worked well for us thus far, but 12.04 is no longer ...
2
votes
1
answer
2k
views
OpenSwan IPsec tunnel to Azure Gateway is established but unable to connect
I am currently trying to set up a IPsec tunnel between my on-premise center and to the VPN in Azure. I am setting up OpenSwan 2.6.23 on an Ubuntu Lucid box, and my box is behind a NAT.
ipsec.conf
...
1
vote
0
answers
812
views
Openswan l2tp vpn ppp wrong ip address
Using Openswan with xl2tp on archlinux (4.20) to connect to a vpn, I can create the tunnel and the ppp interface is created howerver it gets the wrong ip address:
enp4s0: <BROADCAST,MULTICAST,...
0
votes
1
answer
1k
views
NAT rules for VPN routing to public IP in local network
I'm trying configure a test VPN setup to route pings to an instances public IP. A corporate vendor we are connecting to has reserved all private space on their side. I'm not sure what NAT rules I need ...
5
votes
2
answers
8k
views
Site to Site VPN error 'received hash payload does not match computed value'
We need to access a couple of Linux machines located at our client's end.
Our Linux machine, from which we need to access client's machine is located on cloud.
The connection to be established is ...
0
votes
1
answer
439
views
StrongSwan IPsec PING only working once after ipsec restart
Diagram VPN site to site:
And a GIF showing what is happening.
I create an IP route like this:
sudo ip route add 192.168.1.0/24 via 10.132.146.166 eth0 eth1
And I have this iptable rules
sudo ...
0
votes
0
answers
1k
views
AWS Ubuntu Strongswan IPSec VPN and Iptables configuration tunnel routing
I've muddled up my configuration.
I've setup a site-to-site VPN between an AWS Ubuntu VM running strongswan, and another site.
The VPN tunnel is working, but anytime I try to route traffic through ...
2
votes
0
answers
3k
views
Creating redundant IPSec connections using OpenSwan
I have a linux (netkey) instance with openswan installed, the instance has two connection to the same IPSec peer that needs to act as redundant connections. both connections' properties are the same (...
0
votes
1
answer
1k
views
Policy based routing in linux based on destination address.
I am struggling with a scenario. Suppose we have two systems in same subnet A:- 192.168.1.5 and B:-192.168.1.6 where B is further connected with C:-172.22.1.5 through Openswan. B can ping C but A cant ...
0
votes
1
answer
833
views
Openswan server not routing traffic to LAN instances
I created an openswan instance which connected with AWS VPN and tunnel is up. I can ping from Openswan server to EC2 instance in VPC and EC2 instance can also ping Openswan private interface.
But ...
1
vote
1
answer
11k
views
IPSec tunnel fails in phase 2
We are trying to establish a tunnel between our EC2 Instance and remote Cisco 3000 series device where it is failing for Phase2. Below is the scenario:
FTP Server(ec2-ubuntu) <---->VPN Server(ec2-...
6
votes
1
answer
66k
views
IPsec VPN site-to-site: How should I configure the ipsec.conf files on both sites to get the tunnel up?
What I am trying to do is to create a site-to-site IPsec VPN between my network and my friend's network. We both have a router and two computers on each router, with all computers running Linux. So I ...
0
votes
2
answers
39k
views
OpenSwan IPSec phase #2 complications
Phase #1 (IKE) succeeds without any problems (verified at the target host).
Phase #2 (IPSec), however, is erroneous at some point (apparently due to misconfiguration on localhost).
This should be an ...
1
vote
0
answers
127
views
Ubuntu site-to-site VPN with no LAN on one side
A customer requires us to connect to their system via a site-to-site VPN tunnel. ("Client-based VPN solutions are not accepted.") Once the tunnel is established we'll be consuming data over the ...
0
votes
1
answer
403
views
Openswan/IPtables: Faking a unique IP address over VPN tunnel
Context:
I'm running a set of instances within the Google Compute environment. Each host has a single interface with single ip in the 10.0.0.0 private range.
I have external customers who ...
0
votes
0
answers
1k
views
IPsec VPN with subnet overlapping and NAT
I'm trying to configure, through OpenSwan on a Linux Ubuntu 14.04 the following scenario.
It's an interesting configuration and it would be great to understand why I'm failing configuring correctly, ...
3
votes
1
answer
8k
views
Tunnel is up but I can't ping
I need to understand and resolve my issue. I know openswan works because when I connect from home network with an internal ip address of 10.0.0.97 to work's VPN, I'm able to ping but when I use the ...
1
vote
2
answers
14k
views
Openswan + xl2tpd connections time out after a while
I have a non-NATed Openswan+xl2tpd server (Ubuntu 12.04), to which I connect with a Windows 8 behind NAT. The client loses its connection after a while of doing nothing (between 30 and 60 minutes, but ...
1
vote
0
answers
189
views
OpenSwan and L2TPd traversing secondary gateway
I need some help with a networking project using Linux (RHEL based) and open swan with L2TPd (xl2tpd). While the initial setup works great, I want my VPN traffic to traverse over the secondary ...
6
votes
3
answers
26k
views
Simple L2TP/IPsec server not working (openswan, xl2tpd, Ubuntu, Windows)
I configured openswan and xl2tpd on an Ubuntu 12.04 server (on EC2) by following various tutorials/documentation which seem to largely say the same things, but most recently this one.
However, my ...
1
vote
0
answers
356
views
Why would ping oscillate between receiving bytes and redirects over a VPN?
I have a VPN set up between an Ubuntu 14 VM under fusion on my side and a SonicWall on the other side. The Ubuntu VM is dedicated to the task.
When I ping a remote address, the results are very ...
0
votes
1
answer
8k
views
IPSEC Tunnel with OpenSwan on Ubuntu <-> CISCO Router
I have setup a tunnel between a UBUNTU SERVER linux box and a CISCO ROUTER.
This is what's the topology looks like:
host 1 ------ UBUNTU SERVER IPSEC <---> CISCO ROUTER ------ host 2
| ...
3
votes
0
answers
644
views
OpenSwan IPSec log explanation
I am trying to understand the IPSec logs. Would be really great if someone can help me to understand the main things I look for and how to troubleshoot any ipsec issue. Would be really great of ...