search for: racoon

Displaying 20 results from an estimated 121 matches for "racoon".

2016 Mar 21
5
IPSec multiple VPN setups
I second Eero's comment, use a new IPSec daemon. Openswan was forked and became Libreswan. Paul, now a RH employee, was a main developer for the Openswan project before he and others created the Libreswan fork. https://libreswan.org/ EL6 has Openswan EL7 has Libreswan Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform (preferably EL7 with Libreswan). On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <eero.volotinen at iki.fi> wrote: > Yes you can. Please use newer version of centos and strong/open...
2016 Mar 21
2
IPSec multiple VPN setups
Hi I hope someone can answer something I'm sure is quite basic. I am following the instructions at https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html On setting up a VPN The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file. When I bring up my connection ifup bicester I get RTNETLINK answers: No such device looking at /var/messages I see ERROR: failed to bind to address 127.0.0.1[500] (Address already in use). Mar 21 17:01:05 racoon: ERR...
2005 Dec 07
1
racoon with freebsd-4.11 crashes
Hi Running racoon on a Freebsd-4.11 machine gives a kernel panic. I am using the racoon from ports directory which comes with the freebsd installation. Steps followed are as shown below: racoon -f /usr/local/etc/racoon/raccon.conf setkey -f ipsec.conf ping -c 1 <ip_of_the_other_gw>...
2016 Mar 21
3
IPSec multiple VPN setups
...Openswan was forked and became Libreswan. Paul, now a RH employee, was a > > main developer for the Openswan project before he and others created the > > Libreswan fork. > > https://libreswan.org/ > > > > EL6 has Openswan > > EL7 has Libreswan > > > > Racoon isn't all that fun to work with. > > If you have the option, ditch it and EL5 and move to a newer platform > > (preferably EL7 with Libreswan). > > > > There's an RPM spec file (though I've not used it) for building Openswan > for EL5. > https://github.com/...
2003 Aug 07
1
IPSec delays
I've been using IPSec and racoon alot lately creating tunnels between FreeBSD machines. Everything works as it should once I've got it running. I do however seem to get delays when one, or both ends of the tunnel drop or are rebooted. On reboot, once the machine starts racoon, it takes two or three minutes for the tunnel to...
2016 Mar 21
2
IPSec multiple VPN setups
...>> > main developer for the Openswan project before he and others created > the > >> > Libreswan fork. > >> > https://libreswan.org/ > >> > > >> > EL6 has Openswan > >> > EL7 has Libreswan > >> > > >> > Racoon isn't all that fun to work with. > >> > If you have the option, ditch it and EL5 and move to a newer platform > >> > (preferably EL7 with Libreswan). > >> > > >> > >> There's an RPM spec file (though I've not used it) for building Op...
2004 Apr 07
1
Possible security hole in racoon verified on FreeBSD using racoon-20030711
Hi, while testing racoon on Linux (based on the ported ipsec-tools) the following issue appeared: Racoon did not verify the RSA Signatures during Phase 1 in either main or aggressive mode. Authentication was possible using a correct certificate and a wrong private key. I have verified the below problem using racoon-200307...
2005 May 12
1
Has anybody managed to get native IPSec working?
...pinpoint down what's wrong. It looks like new pair of keys is generate each time host-b is supposed to send packet to host-a. The /etc/sysconfig/network-scripts/ifcfg-IPSecToHostB on host-a looks something like this: DST=192.168.1.100 TYPE=IPSEC ONBOOT=no IKE_METHOD=X509 IKE_CERTFILE=/etc/racoon/certs/host-a IKE_PEER_CERTFILE=/etc/racoon/certs/host-b The /etc/sysconfig/network-scripts/ifcfg-IPSecToHostA on host-b looks similar (DST and IKE_*CERTFILE pointing the other way). Keys and certificates for host-a are stored in host-a.private (no passphrase, so that racoon can read the key) a...
2004 Apr 07
0
Note to Racoon users (IKE/ISAKMP daemon)
As was accidently posted here earlier by Ralf :-), you should be aware of this issue: http://vuxml.freebsd.org/d8769838-8814-11d8-90d1-0020ed76ef5a.html racoon fails to verify signature during Phase 1 Affected packages racoon < 20040407b Details VuXML ID d8769838-8814-11d8-90d1-0020ed76ef5a Discovery 2004-04-05 Entry 2004-04-07 Ralf Spenneberg discovered a serious flaw in racoon. When using Phase 1 main or aggressive mode, ra...
2016 Mar 21
0
IPSec multiple VPN setups
...ment, use a new IPSec daemon. > > Openswan was forked and became Libreswan. Paul, now a RH employee, was a > main developer for the Openswan project before he and others created the > Libreswan fork. > https://libreswan.org/ > > EL6 has Openswan > EL7 has Libreswan > > Racoon isn't all that fun to work with. > If you have the option, ditch it and EL5 and move to a newer platform > (preferably EL7 with Libreswan). > There's an RPM spec file (though I've not used it) for building Openswan for EL5. https://github.com/xelerance/Openswan/tree/master/pac...
2016 Mar 21
0
IPSec multiple VPN setups
...ibreswan. Paul, now a RH employee, was a >> > main developer for the Openswan project before he and others created the >> > Libreswan fork. >> > https://libreswan.org/ >> > >> > EL6 has Openswan >> > EL7 has Libreswan >> > >> > Racoon isn't all that fun to work with. >> > If you have the option, ditch it and EL5 and move to a newer platform >> > (preferably EL7 with Libreswan). >> > >> >> There's an RPM spec file (though I've not used it) for building Openswan >> for EL5....
2004 Jan 08
1
Windows 2000 <-> FreeBSD IPsec problem
.... Both systems are on live public IP's and packets are not filtered by any intermediate systems or firewalls/routers in between. I have the following setup: Windows 2000 box: 1.1.1.2 FreeBSD Server: 2.2.2.3 (The actual IP's have been changed to above to protect the innocent..) I have racoon setup on the FreeBSD server with following configuration[1] And I have Windows configured correctly (verified many times after Googling and looking at various howto docs...) as well. I will provide more info about how its setup on Windows if anyone wants specific detail. But basically its set usin...
2007 May 04
1
Multiple SA in the same IPSec tunnel
Hi, When a IPSec tunnel is established between two peers, I understand that the "normal" situation is to have in a given moment two SAs, one for each direction of the tunnel. However, in one of my tunnels (peer P1 running GNU/Linux with setkey and racoon; peer P2 is a Cisco router) there is a large number (around 19) of SAs established (this has been observed in P1 with ''setkey -D''). I''ve glooged around and the "multiplicy of SAs" seems to be a pathological situation (as a matter of fact, connectivity trough th...
2016 Mar 21
0
IPSec multiple VPN setups
...>> > main developer for the Openswan project before he and others created > the > >> > Libreswan fork. > >> > https://libreswan.org/ > >> > > >> > EL6 has Openswan > >> > EL7 has Libreswan > >> > > >> > Racoon isn't all that fun to work with. > >> > If you have the option, ditch it and EL5 and move to a newer platform > >> > (preferably EL7 with Libreswan). > >> > > >> > >> There's an RPM spec file (though I've not used it) for building Op...
2004 Oct 14
2
ipsec - report of success
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > I am using kernel 2.6.6 native ipsec with racoon and shorewall 2.1.9 > in production for one week now. I just want to tell you that it seems > to run stable here. > > I am going to extend my setup to a 3 gateway setup soon. > Afterwards I will try to also get roadwarriors in. > I will report on that later. > Thanks for the u...
2007 Oct 12
1
OT: a very big problem with ipsec-tools on CentOS5 (SOLVED)
Buf ... Solved. Problem was that /etc/pam.d/racoon doesn't exists (I found this tip on NetBSD ipsec pages). Simply I have copied /etc/pam.d/passwd to /etc/pam.d/racoon and now all works as expected. Many thanks for your help Ross. Ross S. W. Walker wrote: > > I think it might just use another one like /etc/pam.d/remote > cause...
2004 Sep 22
3
2.6 kernel ipsec and shorewall
I set up an ipsec/racoon vpn tunnel test environment. The gateway machines are 192.168.0.30 and 192.168.0.31 on the external adaptor and 10.0.1.1 and 10.0.2.1 internally. The test workstations are 10.0.1.10 and 10.0.2.10. The tunnel seems to be working as in 10.0.1.10 can talk to 10.0.2.10 an vice versa and they can bot...
2016 Mar 21
0
IPSec multiple VPN setups
...oitti: > Hi I hope someone can answer something I'm sure is quite basic. > > I am following the instructions at > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html > On setting up a VPN > > The part I am having trouble with is when it show the > /etc/racoon/racoon.conf file. > But it doesn't say whay you have to do with this file. > > When I bring up my connection > > ifup bicester > > I get > RTNETLINK answers: No such device > > looking at /var/messages I see > > ERROR: failed to bind to address 127.0.0.1[500]...
2007 Feb 03
0
ipsec and x509 certificate
hi I''m trying to get ipsec working with x509 certificates however I just can''t seem to. I''ve hit a road block and was wondering if someone could help me figure it out. my racoon.conf (I have it mirrored on the connecting machine. path pre_shared_key "/etc/racoon/psk.txt"; path certificate "/etc/certs"; remote anonymous { exchange_mode aggressive,main; my_identifier asn1dn; peers_identifier asn1dn; lifetime time 2 min; # sec,...
2004 Jan 13
3
IPSEC btwn stable and Linksys BEFVP41 stopped working.
...article.html (which I am planning to submit to the handbook when it's done). I'm no longer able to make an ipsec connection, and I can't put my finger on anything that's changed. The most obvious candidate is the move from 4.8 to 4.9. It could also be that something involving the racoon port needs to move forward to match 4.9? I have recompiled the version of the port that I'm using, distinfo says: MD5 (racoon-20030711a.tar.gz) = 0546688efd5bb3725c8243045500a48a I'm loath to start blindly updating everything in sight, and since none of the comments in the racoon CVS dir...