Skip to main content

Questions tagged [openswan]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
0 votes
1 answer
119 views

How to get 2 tunnels UP between OpenSwan and AWS?

I have a VPC and network in eu-central-1 and one in eu-west-1 in AWS. The eu-central-1 fakes my on-prem environment. There I installed and configured OpenSwan on an EC2. In in eu-west-1 I configured a ...
4 votes
2 answers
8k views

subnet-to-subnet libreswan ipsec vpn

I'm configuring a "subnet to subnet VPN" between two Centos 7 server using libreswan. Each server has two nic as showed in the following image. I would allow secure communication between the subnets ...
2 votes
3 answers
11k views

ipsec: Can't authenticate: no preshared key found for

I'm using Openswan with ipsec and ipsec keeps complaining about the shared-key not being present. I'm running Ubuntu 14.04 . I'm just experimenting on a couple of internal systems since I'm new to ...
1 vote
1 answer
8k views

IPSec VPN Fortigate Phase 2 stuck

Trying to setup a VPN connection to Office Fortigate but I can't pass phase 2. Received info from sysadmins: PSK IKE v1 Aggressive mode Phase1 3DES-SHA1 DH group 5 Key lifetime 28800 XAUTH PAP ...
3 votes
1 answer
4k views

IKE Phase 1 Aggressive Mode exchange does not complete

I've configured a 3G IP Gateway of mine to connect using IKE Phase 1 Aggressive Mode with PSK to my openswan installation running on Ubuntu server 12.04. I've configured openswan as follows: /etc/...
2 votes
1 answer
162 views

what is the proposal string for aes-gem256 deffie helman group 20, esp

As a developer tasked with connecting to a vpn without preconfigured profile scripts, i'm fumbling through setting up a strongswan ipsec.conf file. My current hurdle is an "invalid proposal ...
2 votes
1 answer
4k views

Routing between OpenSWAN / IPSEC tunnels

I am trying to connect multiple Amazon VPCs (across regions) together using OpenSWAN and Amazon VGW's. The router instance can ping to hosts in both VPCs, and traffic is attempting to cross the router,...
1 vote
1 answer
3k views

OpenSwan - IPSec VPN - tunnel established but can't see a specific server there

I have to connect my server to a VPN tunnel thought Internet to see a local server that is on IP 192.168.20.100 Here are IPSec AND IKE settings from server (not mine , I do not own the VPN server) ...
1 vote
1 answer
2k views

How to connect VPN Client Openswan

I have VPN server using Openswan with address 103.19.208.247 Then, i want connect my laptop (CENTOS) with IP 103.19.208.243 to VPN server. Here my configuration: /etc/ipsec.conf config setup ...
6 votes
2 answers
37k views

How to enable debug logs in OpenSwan?

I use OpenSwan IPSec tunnel on CentOS 6.7. I have added the following configuration in /etc/ipsec.secrets according to this link: http://linux.die.net/man/5/ipsec.conf config setup plutodebug=all ...
0 votes
1 answer
2k views

ipsec verify indicates ERRORS "No tunnels up"

I just installed openswan on Ubuntu14. I'm trying to connect to my work's VPN (I have access to the Firewall/VPN btw). When I do a /usr/sbin/ipsec verify I get the following: Checking your system ...
0 votes
1 answer
2k views

Replace a Cisco VPN IPSec concentrator with an Ubuntu-box

Is it possible to replace a Cisco VPN IPSec concentrator with Ubuntu and for instance Strongswan? 1) Do Strongswan implement the same protocolls that Cisco uses? 2) Can we retrieve keys from the ...
5 votes
1 answer
3k views

Connecting to Meraki Client VPN from Ubuntu w strongswan and xl2tpd

I have a virtual appliance running Ubuntu 14 that I would like to connect to a remote network via Meraki Client VPN. I have found instructions for installing and configuring strongswan and xl2tpd on ...
2 votes
2 answers
3k views

How do I configure a Linux VPN Client to get into a network through a Fortigate firewall?

In order to connect to my job's VPN, I have been given by the network admin: a username a password a PSK I run Ubuntu at home. I know Fortigate's VPN should be a vanilla IPSec, so OpenSwan should do ...
0 votes
1 answer
146 views

How to clear Openswan logs?

I am a Java developer. I have been a Linux user for a few years, due to this fact, I was asked to clean up and analyze the disk space of one of our servers. I came across an 81Gb file called Openswan....
7 votes
1 answer
4k views

L2TP over IPSec VPN with OpenSwan and XL2TPD can't connect, timeout on Centos 6

I'm setting up LT2p over IPSec on my Centos 6.3 fresh install. I have iptables flushed, permit all. Whenever I try to connect, i get a 'no reply from vpn' and nothi Here's my ipsec.conf file (...
-1 votes
1 answer
1k views

Openswan and OpenVPN

I have installed Openswan and have configured IPSec tunnels and they work perfect until i install OpenVPN. Now i can't find out way the ping wont work. When i execute the "service ipsec status" it ...
6 votes
1 answer
3k views

IPSec + L2TP + NAT-Traversal does not work for multiple clients behind same nat

I have recently configured a VPN server hosted in AWS EC2. Details: Centos 6.4, openswan, xl2tpd, NAT-traversal. The configuration works great for a scenario when only one user connects form a given ...
0 votes
1 answer
2k views

UDP-Packets seem to get lost in IPsec tunnel from Strongswan to AWS cloud - connection works with Openswan

Use case: IOT-device connected through AWS cloud The IOT-device is behind a router that sends all traffic through aws cloud. The IOT-server can not be configured and thus is not part of the AWS cloud ...
27 votes
1 answer
60k views

IPsec for Linux - strongSwan vs Openswan vs Libreswan vs other(?) [closed]

Searching for IPSec and Linux one inevitably will be confronted with different solutions (see below) which all seem quite similar. The question is: where is the difference? I found these projects. All ...
2 votes
2 answers
2k views

How to deny connections to xl2tp without ipsec encryption?

I try to setup l2tp+ipsec server for my mobile use and my home router use. So I made some setup and checked it works fine from android device. I see encryption on ipsec --status. My system is CentOS ...
3 votes
3 answers
15k views

openswan multiple subnets routing issue

I am trying to setup an OpenSwan(2.6.32) on CentOS 6.5 (final) to connect the remote VPC gateway on Amazon cloud. I got the tunnel up. However, only the traffic from/to the last ip range defined in ...
4 votes
3 answers
42k views

FortiGate IPsec VPN: Configuring Multiple Phase 2 Connections (Multiple Subnets)

I am trying to make an IPsec connection to a FortiGate router using OpenSwan. The FortiGate sits on two distinct subnets and I need to access both of them. In the FortiGate I have defined one Phase 1 ...
3 votes
1 answer
2k views

L2TP VPN Connection on Debian Squeeze

I need to make an L2TP VPN connection from a Debian Squeeze server. What I have is: The server IP address Shared Key My username and password Just using these 3 parameteres I can establish the VPN ...
4 votes
3 answers
17k views

Connecting to a FortiGate VPN from a remote Linux machine via OpenSwan

Here's the setup: I have a FortiGate unit on a business network, which has a FortiGate VPN set up. Machines on a remote network that can run FortiClient (Windows and Mac machines) have no problem ...
0 votes
1 answer
793 views

Connecting strongswan to badly configured openswan

I'm a bit stuck with configuring strongswan to connect to my office network as it refuses to verifiy the right side in any way, i was wondering if anyone knows of a way to just tell strongswan to ...
1 vote
0 answers
173 views

Trouble with routing on VPN with Openswan IPSec

Good morning, I'm having trouble configuring access to the servers through a VPN. The client can connect to the VPN perfectly, but access to the servers does not work. The conf of my connection is ...
0 votes
0 answers
194 views

Options for rebuilding OpenSwan box to LibreSwan without downtime?

This is all in an AWS VPC environment. We have an old Ubuntu 12.04 machine running OpenSwan which is managing a pile of VPN connections. This has worked well for us thus far, but 12.04 is no longer ...
2 votes
1 answer
2k views

OpenSwan IPsec tunnel to Azure Gateway is established but unable to connect

I am currently trying to set up a IPsec tunnel between my on-premise center and to the VPN in Azure. I am setting up OpenSwan 2.6.23 on an Ubuntu Lucid box, and my box is behind a NAT. ipsec.conf ...
1 vote
0 answers
812 views

Openswan l2tp vpn ppp wrong ip address

Using Openswan with xl2tp on archlinux (4.20) to connect to a vpn, I can create the tunnel and the ppp interface is created howerver it gets the wrong ip address: enp4s0: <BROADCAST,MULTICAST,...
0 votes
1 answer
1k views

NAT rules for VPN routing to public IP in local network

I'm trying configure a test VPN setup to route pings to an instances public IP. A corporate vendor we are connecting to has reserved all private space on their side. I'm not sure what NAT rules I need ...
5 votes
2 answers
8k views

Site to Site VPN error 'received hash payload does not match computed value'

We need to access a couple of Linux machines located at our client's end. Our Linux machine, from which we need to access client's machine is located on cloud. The connection to be established is ...
0 votes
1 answer
439 views

StrongSwan IPsec PING only working once after ipsec restart

Diagram VPN site to site: And a GIF showing what is happening. I create an IP route like this: sudo ip route add 192.168.1.0/24 via 10.132.146.166 eth0 eth1 And I have this iptable rules sudo ...
0 votes
0 answers
1k views

AWS Ubuntu Strongswan IPSec VPN and Iptables configuration tunnel routing

I've muddled up my configuration. I've setup a site-to-site VPN between an AWS Ubuntu VM running strongswan, and another site. The VPN tunnel is working, but anytime I try to route traffic through ...
2 votes
0 answers
3k views

Creating redundant IPSec connections using OpenSwan

I have a linux (netkey) instance with openswan installed, the instance has two connection to the same IPSec peer that needs to act as redundant connections. both connections' properties are the same (...
0 votes
1 answer
1k views

Policy based routing in linux based on destination address.

I am struggling with a scenario. Suppose we have two systems in same subnet A:- 192.168.1.5 and B:-192.168.1.6 where B is further connected with C:-172.22.1.5 through Openswan. B can ping C but A cant ...
0 votes
1 answer
833 views

Openswan server not routing traffic to LAN instances

I created an openswan instance which connected with AWS VPN and tunnel is up. I can ping from Openswan server to EC2 instance in VPC and EC2 instance can also ping Openswan private interface. But ...
1 vote
1 answer
11k views

IPSec tunnel fails in phase 2

We are trying to establish a tunnel between our EC2 Instance and remote Cisco 3000 series device where it is failing for Phase2. Below is the scenario: FTP Server(ec2-ubuntu) <---->VPN Server(ec2-...
6 votes
1 answer
66k views

IPsec VPN site-to-site: How should I configure the ipsec.conf files on both sites to get the tunnel up?

What I am trying to do is to create a site-to-site IPsec VPN between my network and my friend's network. We both have a router and two computers on each router, with all computers running Linux. So I ...
0 votes
2 answers
39k views

OpenSwan IPSec phase #2 complications

Phase #1 (IKE) succeeds without any problems (verified at the target host). Phase #2 (IPSec), however, is erroneous at some point (apparently due to misconfiguration on localhost). This should be an ...
1 vote
0 answers
127 views

Ubuntu site-to-site VPN with no LAN on one side

A customer requires us to connect to their system via a site-to-site VPN tunnel. ("Client-based VPN solutions are not accepted.") Once the tunnel is established we'll be consuming data over the ...
0 votes
1 answer
403 views

Openswan/IPtables: Faking a unique IP address over VPN tunnel

Context: I'm running a set of instances within the Google Compute environment. Each host has a single interface with single ip in the 10.0.0.0 private range. I have external customers who ...
0 votes
0 answers
1k views

IPsec VPN with subnet overlapping and NAT

I'm trying to configure, through OpenSwan on a Linux Ubuntu 14.04 the following scenario. It's an interesting configuration and it would be great to understand why I'm failing configuring correctly, ...
3 votes
1 answer
8k views

Tunnel is up but I can't ping

I need to understand and resolve my issue. I know openswan works because when I connect from home network with an internal ip address of 10.0.0.97 to work's VPN, I'm able to ping but when I use the ...
1 vote
2 answers
14k views

Openswan + xl2tpd connections time out after a while

I have a non-NATed Openswan+xl2tpd server (Ubuntu 12.04), to which I connect with a Windows 8 behind NAT. The client loses its connection after a while of doing nothing (between 30 and 60 minutes, but ...
1 vote
0 answers
189 views

OpenSwan and L2TPd traversing secondary gateway

I need some help with a networking project using Linux (RHEL based) and open swan with L2TPd (xl2tpd). While the initial setup works great, I want my VPN traffic to traverse over the secondary ...
6 votes
3 answers
26k views

Simple L2TP/IPsec server not working (openswan, xl2tpd, Ubuntu, Windows)

I configured openswan and xl2tpd on an Ubuntu 12.04 server (on EC2) by following various tutorials/documentation which seem to largely say the same things, but most recently this one. However, my ...
1 vote
0 answers
356 views

Why would ping oscillate between receiving bytes and redirects over a VPN?

I have a VPN set up between an Ubuntu 14 VM under fusion on my side and a SonicWall on the other side. The Ubuntu VM is dedicated to the task. When I ping a remote address, the results are very ...
0 votes
1 answer
8k views

IPSEC Tunnel with OpenSwan on Ubuntu <-> CISCO Router

I have setup a tunnel between a UBUNTU SERVER linux box and a CISCO ROUTER. This is what's the topology looks like: host 1 ------ UBUNTU SERVER IPSEC <---> CISCO ROUTER ------ host 2 | ...
3 votes
0 answers
644 views

OpenSwan IPSec log explanation

I am trying to understand the IPSec logs. Would be really great if someone can help me to understand the main things I look for and how to troubleshoot any ipsec issue. Would be really great of ...