Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti:> Will ask my boss :) We are hosted on memset so not so easy to update > > Thanks > > On 21 March 2016 at 17:36, Eero Volotinen <eero.volotinen at iki.fi> wrote: > > Centos 5 is still soon end of life. Using it as ipsec gateway is .. > > > > Eero > > 21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com> kirjoitti: > > > >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip257 at gmail.com> > >> wrote: > >> > >> > I second Eero's comment, use a new IPSec daemon. > >> > > >> > Openswan was forked and became Libreswan. Paul, now a RH employee, > was a > >> > main developer for the Openswan project before he and others created > the > >> > Libreswan fork. > >> > https://libreswan.org/ > >> > > >> > EL6 has Openswan > >> > EL7 has Libreswan > >> > > >> > Racoon isn't all that fun to work with. > >> > If you have the option, ditch it and EL5 and move to a newer platform > >> > (preferably EL7 with Libreswan). > >> > > >> > >> There's an RPM spec file (though I've not used it) for building Openswan > >> for EL5. > >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5 > >> > >> Additionally, here's some info but I advise against the Racoon IPSec > >> daemon. > >> > >> > https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html > >> https://wiki.debian.org/IPsec > >> > >> > >> > > >> > > >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen < > eero.volotinen at iki.fi> > >> > wrote: > >> > > >> >> Yes you can. Please use newer version of centos and strong/openswan. > >> >> > >> >> Eero > >> >> 21.3.2016 7.05 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: > >> >> > >> >> > Hi I hope someone can answer something I'm sure is quite basic. > >> >> > > >> >> > I am following the instructions at > >> >> > > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html > >> >> > On setting up a VPN > >> >> > > >> >> > The part I am having trouble with is when it show the > >> >> > /etc/racoon/racoon.conf file. > >> >> > But it doesn't say whay you have to do with this file. > >> >> > > >> >> > When I bring up my connection > >> >> > > >> >> > ifup bicester > >> >> > > >> >> > I get > >> >> > RTNETLINK answers: No such device > >> >> > > >> >> > looking at /var/messages I see > >> >> > > >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in > >> >> use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] > >> >> > used as isakmp port (fd=25) > >> >> > > >> >> > There was an existing setup done long ago. > >> >> > > >> >> > How can I setup more than one vpn connection (manually as this is a > >> >> > headless server) > >> >> > or is that not possible ? > >> >> > > >> >> > Thanks for any pointers > >> >> > _______________________________________________ > >> >> > CentOS mailing list > >> >> > CentOS at centos.org > >> >> > https://lists.centos.org/mailman/listinfo/centos > >> >> > > >> >> _______________________________________________ > >> >> CentOS mailing list > >> >> CentOS at centos.org > >> >> https://lists.centos.org/mailman/listinfo/centos > >> >> > >> > > >> > > >> > > >> > -- > >> > ---~~.~~--- > >> > Mike > >> > // SilverTip257 // > >> > > >> > >> > >> > >> -- > >> ---~~.~~--- > >> Mike > >> // SilverTip257 // > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
To be fair its not highly sensitive info we are dealing with. -----Original Message----- From: "Eero Volotinen" <eero.volotinen at iki.fi> Sent: ?21/?03/?2016 17:51 To: "CentOS mailing list" <centos at centos.org> Subject: Re: [CentOS] IPSec multiple VPN setups Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti:> Will ask my boss :) We are hosted on memset so not so easy to update > > Thanks > > On 21 March 2016 at 17:36, Eero Volotinen <eero.volotinen at iki.fi> wrote: > > Centos 5 is still soon end of life. Using it as ipsec gateway is .. > > > > Eero > > 21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com> kirjoitti: > > > >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip257 at gmail.com> > >> wrote: > >> > >> > I second Eero's comment, use a new IPSec daemon. > >> > > >> > Openswan was forked and became Libreswan. Paul, now a RH employee, > was a > >> > main developer for the Openswan project before he and others created > the > >> > Libreswan fork. > >> > https://libreswan.org/ > >> > > >> > EL6 has Openswan > >> > EL7 has Libreswan > >> > > >> > Racoon isn't all that fun to work with. > >> > If you have the option, ditch it and EL5 and move to a newer platform > >> > (preferably EL7 with Libreswan). > >> > > >> > >> There's an RPM spec file (though I've not used it) for building Openswan > >> for EL5. > >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5 > >> > >> Additionally, here's some info but I advise against the Racoon IPSec > >> daemon. > >> > >> > https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html > >> https://wiki.debian.org/IPsec > >> > >> > >> > > >> > > >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen < > eero.volotinen at iki.fi> > >> > wrote: > >> > > >> >> Yes you can. Please use newer version of centos and strong/openswan. > >> >> > >> >> Eero > >> >> 21.3.2016 7.05 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: > >> >> > >> >> > Hi I hope someone can answer something I'm sure is quite basic. > >> >> > > >> >> > I am following the instructions at > >> >> > > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html > >> >> > On setting up a VPN > >> >> > > >> >> > The part I am having trouble with is when it show the > >> >> > /etc/racoon/racoon.conf file. > >> >> > But it doesn't say whay you have to do with this file. > >> >> > > >> >> > When I bring up my connection > >> >> > > >> >> > ifup bicester > >> >> > > >> >> > I get > >> >> > RTNETLINK answers: No such device > >> >> > > >> >> > looking at /var/messages I see > >> >> > > >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in > >> >> use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] > >> >> > used as isakmp port (fd=25) > >> >> > > >> >> > There was an existing setup done long ago. > >> >> > > >> >> > How can I setup more than one vpn connection (manually as this is a > >> >> > headless server) > >> >> > or is that not possible ? > >> >> > > >> >> > Thanks for any pointers > >> >> > _______________________________________________ > >> >> > CentOS mailing list > >> >> > CentOS at centos.org > >> >> > https://lists.centos.org/mailman/listinfo/centos > >> >> > > >> >> _______________________________________________ > >> >> CentOS mailing list > >> >> CentOS at centos.org > >> >> https://lists.centos.org/mailman/listinfo/centos > >> >> > >> > > >> > > >> > > >> > -- > >> > ---~~.~~--- > >> > Mike > >> > // SilverTip257 // > >> > > >> > >> > >> > >> -- > >> ---~~.~~--- > >> Mike > >> // SilverTip257 // > >> _______________________________________________ > >> CentOS mailing list > >> CentOS at centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >_______________________________________________ CentOS mailing list CentOS at centos.org https://lists.centos.org/mailman/listinfo/centos
Glenn Pierce wrote:> To be fair its not highly sensitive info we are dealing with. >That doesn't matter. Do you drive a car that's leaking oil, and the engine check light has been on for months, and just put gas in, and not worry about adding more oil, or going to a mechanic? mark> -----Original Message----- > From: "Eero Volotinen" <eero.volotinen at iki.fi> > Sent: ?21/?03/?2016 17:51 > To: "CentOS mailing list" <centos at centos.org> > Subject: Re: [CentOS] IPSec multiple VPN setups > > Err. Sounds like security nightmare. > 21.3.2016 7.47 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti: > >> Will ask my boss :) We are hosted on memset so not so easy to update >> >> Thanks >> >> On 21 March 2016 at 17:36, Eero Volotinen <eero.volotinen at iki.fi> wrote: >> > Centos 5 is still soon end of life. Using it as ipsec gateway is .. >> > >> > Eero >> > 21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com> kirjoitti: >> > >> >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 >> <silvertip257 at gmail.com> >> >> wrote: >> >> >> >> > I second Eero's comment, use a new IPSec daemon. >> >> > >> >> > Openswan was forked and became Libreswan. Paul, now a RH employee, >> was a >> >> > main developer for the Openswan project before he and others >> created >> the >> >> > Libreswan fork. >> >> > https://libreswan.org/ >> >> > >> >> > EL6 has Openswan >> >> > EL7 has Libreswan >> >> > >> >> > Racoon isn't all that fun to work with. >> >> > If you have the option, ditch it and EL5 and move to a newer >> platform >> >> > (preferably EL7 with Libreswan). >> >> > >> >> >> >> There's an RPM spec file (though I've not used it) for building >> Openswan >> >> for EL5. >> >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5 >> >> >> >> Additionally, here's some info but I advise against the Racoon IPSec >> >> daemon. >> >> >> >> >> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html >> >> https://wiki.debian.org/IPsec >> >> >> >> >> >> > >> >> > >> >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen < >> eero.volotinen at iki.fi> >> >> > wrote: >> >> > >> >> >> Yes you can. Please use newer version of centos and >> strong/openswan. >> >> >> >> >> >> Eero >> >> >> 21.3.2016 7.05 ip. "Glenn Pierce" <glennpierce at gmail.com> >> kirjoitti: >> >> >> >> >> >> > Hi I hope someone can answer something I'm sure is quite basic. >> >> >> > >> >> >> > I am following the instructions at >> >> >> > >> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html >> >> >> > On setting up a VPN >> >> >> > >> >> >> > The part I am having trouble with is when it show the >> >> >> > /etc/racoon/racoon.conf file. >> >> >> > But it doesn't say whay you have to do with this file. >> >> >> > >> >> >> > When I bring up my connection >> >> >> > >> >> >> > ifup bicester >> >> >> > >> >> >> > I get >> >> >> > RTNETLINK answers: No such device >> >> >> > >> >> >> > looking at /var/messages I see >> >> >> > >> >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already >> in >> >> >> use). >> >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address >> *.*.*.*[500] >> >> >> > (Address already in use). >> >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address >> *.*.*.*[500] >> >> >> > (Address already in use). >> >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address >> *.*.*.*[500] >> >> >> > (Address already in use). >> >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address >> ::1[500] >> >> >> > (Address already in use). >> >> >> > Mar 21 17:01:05 racoon: INFO: >> fe80::bcef:4fff:fe66:82ec%eth0[500] >> >> >> > used as isakmp port (fd=25) >> >> >> > >> >> >> > There was an existing setup done long ago. >> >> >> > >> >> >> > How can I setup more than one vpn connection (manually as this >> is a >> >> >> > headless server) >> >> >> > or is that not possible ? >> >> >> > >> >> >> > Thanks for any pointers >> >> >> > _______________________________________________ >> >> >> > CentOS mailing list >> >> >> > CentOS at centos.org >> >> >> > https://lists.centos.org/mailman/listinfo/centos >> >> >> > >> >> >> _______________________________________________ >> >> >> CentOS mailing list >> >> >> CentOS at centos.org >> >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> >> >> > >> >> > >> >> > >> >> > -- >> >> > ---~~.~~--- >> >> > Mike >> >> > // SilverTip257 // >> >> > >> >> >> >> >> >> >> >> -- >> >> ---~~.~~--- >> >> Mike >> >> // SilverTip257 // >> >> _______________________________________________ >> >> CentOS mailing list >> >> CentOS at centos.org >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> > _______________________________________________ >> > CentOS mailing list >> > CentOS at centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >