CentOS - Mar 2016 - IPSec multiple VPN setups

I second Eero's comment, use a new IPSec daemon.

Openswan was forked and became Libreswan. Paul, now a RH employee, was a
main developer for the Openswan project before he and others created the
Libreswan fork.
libreswan.org

EL6 has Openswan
EL7 has Libreswan

Racoon isn't all that fun to work with.
If you have the option, ditch it and EL5 and move to a newer platform
(preferably EL7 with Libreswan).


On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <eero.volotinen at iki.fi>
wrote:
> Yes you can. Please use newer version of centos and strong/openswan.
>
> Eero
> 21.3.2016 7.05 ip. "Glenn Pierce" <glennpierce at
gmail.com> kirjoitti:
>
> > Hi I hope someone can answer something I'm sure is quite basic.
> >
> > I am following the instructions at
> > centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> > On setting up a VPN
> >
> > The part I am having trouble with is when it show the
> > /etc/racoon/racoon.conf file.
> > But it doesn't say whay you have to do with this file.
> >
> > When I bring up my connection
> >
> > ifup bicester
> >
> > I get
> > RTNETLINK answers: No such device
> >
> > looking at /var/messages I see
> >
> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
use).
> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > (Address already in use).
> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > (Address already in use).
> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > (Address already in use).
> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> > (Address already in use).
> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> > used as isakmp port (fd=25)
> >
> > There was an existing setup done long ago.
> >
> > How can I setup more than one vpn connection (manually as this is a
> > headless server)
> > or is that not possible ?
> >
> > Thanks for any pointers
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > lists.centos.org/mailman/listinfo/centos
> >
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> lists.centos.org/mailman/listinfo/centos
>


-- 
---~~.~~---
Mike
//  SilverTip257  //

And centos 5 is really soon end of life.

Eero
21.3.2016 7.18 ip. "Mike - st257" <silvertip257 at gmail.com>
kirjoitti:
> I second Eero's comment, use a new IPSec daemon.
>
> Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> main developer for the Openswan project before he and others created the
> Libreswan fork.
> libreswan.org
>
> EL6 has Openswan
> EL7 has Libreswan
>
> Racoon isn't all that fun to work with.
> If you have the option, ditch it and EL5 and move to a newer platform
> (preferably EL7 with Libreswan).
>
>
> On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <eero.volotinen at
iki.fi>
> wrote:
>
> > Yes you can. Please use newer version of centos and strong/openswan.
> >
> > Eero
> > 21.3.2016 7.05 ip. "Glenn Pierce" <glennpierce at
gmail.com> kirjoitti:
> >
> > > Hi I hope someone can answer something I'm sure is quite
basic.
> > >
> > > I am following the instructions at
> > >
centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> > > On setting up a VPN
> > >
> > > The part I am having trouble with is when it show the
> > > /etc/racoon/racoon.conf file.
> > > But it doesn't say whay you have to do with this file.
> > >
> > > When I bring up my connection
> > >
> > > ifup bicester
> > >
> > > I get
> > > RTNETLINK answers: No such device
> > >
> > > looking at /var/messages I see
> > >
> > > ERROR: failed to bind to address 127.0.0.1[500] (Address already
in
> use).
> > > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
*.*.*.*[500]
> > > (Address already in use).
> > > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
*.*.*.*[500]
> > > (Address already in use).
> > > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
*.*.*.*[500]
> > > (Address already in use).
> > > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
::1[500]
> > > (Address already in use).
> > > Mar 21 17:01:05  racoon: INFO:
fe80::bcef:4fff:fe66:82ec%eth0[500]
> > > used as isakmp port (fd=25)
> > >
> > > There was an existing setup done long ago.
> > >
> > > How can I setup more than one vpn connection (manually as this is
a
> > > headless server)
> > > or is that not possible ?
> > >
> > > Thanks for any pointers
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS at centos.org
> > > lists.centos.org/mailman/listinfo/centos
> > >
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > lists.centos.org/mailman/listinfo/centos
> >
>
>
>
> --
> ---~~.~~---
> Mike
> //  SilverTip257  //
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> lists.centos.org/mailman/listinfo/centos
>

On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip257 at gmail.com>
wrote:
> I second Eero's comment, use a new IPSec daemon.
>
> Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> main developer for the Openswan project before he and others created the
> Libreswan fork.
> libreswan.org
>
> EL6 has Openswan
> EL7 has Libreswan
>
> Racoon isn't all that fun to work with.
> If you have the option, ditch it and EL5 and move to a newer platform
> (preferably EL7 with Libreswan).
>
There's an RPM spec file (though I've not used it) for building Openswan
for EL5.
github.com/xelerance/Openswan/tree/master/packaging/centos5

Additionally, here's some info but I advise against the Racoon IPSec daemon.
centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
wiki.debian.org/IPsec

>
>
> On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <eero.volotinen at
iki.fi>
> wrote:
>
>> Yes you can. Please use newer version of centos and strong/openswan.
>>
>> Eero
>> 21.3.2016 7.05 ip. "Glenn Pierce" <glennpierce at
gmail.com> kirjoitti:
>>
>> > Hi I hope someone can answer something I'm sure is quite
basic.
>> >
>> > I am following the instructions at
>> >
centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
>> > On setting up a VPN
>> >
>> > The part I am having trouble with is when it show the
>> > /etc/racoon/racoon.conf file.
>> > But it doesn't say whay you have to do with this file.
>> >
>> > When I bring up my connection
>> >
>> > ifup bicester
>> >
>> > I get
>> > RTNETLINK answers: No such device
>> >
>> > looking at /var/messages I see
>> >
>> > ERROR: failed to bind to address 127.0.0.1[500] (Address already
in
>> use).
>> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
*.*.*.*[500]
>> > (Address already in use).
>> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
*.*.*.*[500]
>> > (Address already in use).
>> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
*.*.*.*[500]
>> > (Address already in use).
>> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
>> > (Address already in use).
>> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
>> > used as isakmp port (fd=25)
>> >
>> > There was an existing setup done long ago.
>> >
>> > How can I setup more than one vpn connection (manually as this is
a
>> > headless server)
>> > or is that not possible ?
>> >
>> > Thanks for any pointers
>> > _______________________________________________
>> > CentOS mailing list
>> > CentOS at centos.org
>> > lists.centos.org/mailman/listinfo/centos
>> >
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> lists.centos.org/mailman/listinfo/centos
>>
>
>
>
> --
> ---~~.~~---
> Mike
> //  SilverTip257  //
>


-- 
---~~.~~---
Mike
//  SilverTip257  //

Centos 5 is still soon end of life. Using it as ipsec gateway is ..

Eero
21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com>
kirjoitti:
> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip257 at
gmail.com>
> wrote:
>
> > I second Eero's comment, use a new IPSec daemon.
> >
> > Openswan was forked and became Libreswan. Paul, now a RH employee, was
a
> > main developer for the Openswan project before he and others created
the
> > Libreswan fork.
> > libreswan.org
> >
> > EL6 has Openswan
> > EL7 has Libreswan
> >
> > Racoon isn't all that fun to work with.
> > If you have the option, ditch it and EL5 and move to a newer platform
> > (preferably EL7 with Libreswan).
> >
>
> There's an RPM spec file (though I've not used it) for building
Openswan
> for EL5.
> github.com/xelerance/Openswan/tree/master/packaging/centos5
>
> Additionally, here's some info but I advise against the Racoon IPSec
> daemon.
>
>
centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
> wiki.debian.org/IPsec
>
>
> >
> >
> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <eero.volotinen at
iki.fi>
> > wrote:
> >
> >> Yes you can. Please use newer version of centos and
strong/openswan.
> >>
> >> Eero
> >> 21.3.2016 7.05 ip. "Glenn Pierce" <glennpierce at
gmail.com> kirjoitti:
> >>
> >> > Hi I hope someone can answer something I'm sure is quite
basic.
> >> >
> >> > I am following the instructions at
> >> >
centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> >> > On setting up a VPN
> >> >
> >> > The part I am having trouble with is when it show the
> >> > /etc/racoon/racoon.conf file.
> >> > But it doesn't say whay you have to do with this file.
> >> >
> >> > When I bring up my connection
> >> >
> >> > ifup bicester
> >> >
> >> > I get
> >> > RTNETLINK answers: No such device
> >> >
> >> > looking at /var/messages I see
> >> >
> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address
already in
> >> use).
> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
*.*.*.*[500]
> >> > (Address already in use).
> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
*.*.*.*[500]
> >> > (Address already in use).
> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
*.*.*.*[500]
> >> > (Address already in use).
> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
::1[500]
> >> > (Address already in use).
> >> > Mar 21 17:01:05  racoon: INFO:
fe80::bcef:4fff:fe66:82ec%eth0[500]
> >> > used as isakmp port (fd=25)
> >> >
> >> > There was an existing setup done long ago.
> >> >
> >> > How can I setup more than one vpn connection (manually as
this is a
> >> > headless server)
> >> > or is that not possible ?
> >> >
> >> > Thanks for any pointers
> >> > _______________________________________________
> >> > CentOS mailing list
> >> > CentOS at centos.org
> >> > lists.centos.org/mailman/listinfo/centos
> >> >
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS at centos.org
> >> lists.centos.org/mailman/listinfo/centos
> >>
> >
> >
> >
> > --
> > ---~~.~~---
> > Mike
> > //  SilverTip257  //
> >
>
>
>
> --
> ---~~.~~---
> Mike
> //  SilverTip257  //
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> lists.centos.org/mailman/listinfo/centos
>

Am 21.03.2016 um 18:17 schrieb Mike - st257 <silvertip257 at
gmail.com>:
> I second Eero's comment, use a new IPSec daemon.
> 
> Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> main developer for the Openswan project before he and others created the
> Libreswan fork.
> libreswan.org
> 
> EL6 has Openswan
> EL7 has Libreswan
> 
> Racoon isn't all that fun to work with.
> If you have the option, ditch it and EL5 and move to a newer platform
> (preferably EL7 with Libreswan)

Libreswan will be in the next EL6 release ...

--
LF

Anyway, they both use compatible config files?

Eero
22.3.2016 12.23 ap. "Leon Fauster" <leonfauster at
googlemail.com> kirjoitti:
> Am 21.03.2016 um 18:17 schrieb Mike - st257 <silvertip257 at
gmail.com>:
> > I second Eero's comment, use a new IPSec daemon.
> >
> > Openswan was forked and became Libreswan. Paul, now a RH employee, was
a
> > main developer for the Openswan project before he and others created
the
> > Libreswan fork.
> > libreswan.org
> >
> > EL6 has Openswan
> > EL7 has Libreswan
> >
> > Racoon isn't all that fun to work with.
> > If you have the option, ditch it and EL5 and move to a newer platform
> > (preferably EL7 with Libreswan)
>
>
> Libreswan will be in the next EL6 release ...
>
> --
> LF
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> lists.centos.org/mailman/listinfo/centos
>