search for: strongswan

...re than just a few bytes. I can type my login-name and my password, then get a prompt ... but if I call, let''s say, mc, or so, it stops working after a few seconds - just hangs. Is this the mss-clamp-problem ? Philipp Andreas Steffen schrieb: > Hi Philipp, > > it seems that the strongSwan box does not even answer now. > Do you see any connection attempts in the strongSwan log? > > Andreas > > BTW - is the Linksys router running a FreeS/WAN or Openswan clone? > > Philipp Rusch wrote: >> Hi Andreas, >> >> this is a harder thing than I thought .....

On 2015-04-14 11:25, Gordon Messmer wrote: > On 04/14/2015 11:07 AM, Florin Andrei wrote: >> I looked in the yum repositories for CentOS 7 and I noticed that there >> are no packages for any of the major open source IPSec VPN apps - >> Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan >> packages. > > libreswan replaced openswan, and is available in the CentOS 7 repo. I just noticed that strongSwan is in EPEL. I'm also looking at this comment on ServerFault: http://serverfault.com/a/655752/24406 If that is acc...

I looked in the yum repositories for CentOS 7 and I noticed that there are no packages for any of the major open source IPSec VPN apps - Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan packages. What is the current consensus w.r.t. building an IPSec VPN "server" (concentrator, whatever) on CentOS 7, that will do site-to-site connections with Cisco hardware at the other end? Is any of the *swan apps still considered th...

...lotinen wrote: > 2015-04-14 21:40 GMT+03:00 Florin Andrei <florin at andrei.myip.org>: >> >> http://serverfault.com/a/655752/24406 >> >> If that is accurate, the documentation, and the clustering / load >> balancing might tilt the balance in the direction of strongSwan. >> >> > Well, both packages can do ipsec to cisco asa without any problems. I have this one case where the other end of the connection wants to use some specific encryption parameters (specific versions of AES and SHA). I need to make sure that whatever software I use, is capab...

...t; On 2015-04-14 11:25, Gordon Messmer wrote: > >> On 04/14/2015 11:07 AM, Florin Andrei wrote: >> >>> I looked in the yum repositories for CentOS 7 and I noticed that there >>> are no packages for any of the major open source IPSec VPN apps - >>> Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan >>> packages. >>> >> >> libreswan replaced openswan, and is available in the CentOS 7 repo. >> > > I just noticed that strongSwan is in EPEL. > > I'm also looking at this comment on ServerFault: >...

On 04/14/2015 11:07 AM, Florin Andrei wrote: > I looked in the yum repositories for CentOS 7 and I noticed that there > are no packages for any of the major open source IPSec VPN apps - > Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan packages. libreswan replaced openswan, and is available in the CentOS 7 repo.

Hi Tom, Thanks for the feedback about my Shorewall evaluation I''ve published a blog today covering general things I''ve observed about the way to combine Shorewall with strongSwan: http://danielpocock.com/practical-linux-vpns-with-strongswan-shorewall-and-openwrt Please let me know if anything is inaccurate or if there is anything substantial that I missed and I''ll correct it. Regards, Daniel -------------------------------------------------------------------...

...n get a new firmware, because i did not have a support contract. ... WHAT.. No firmware because i dont want a support contract.. Hell no.. so bye bye cisco.. Never ever ever a Cisco for me.. If you want simple but good, look at draytek. More advanced, juniper, opensouce pfsence What you want is Strongswan + openvpn. I've a strongswan roadwarrior setup, compatible with win7-10/IOS/Android use strongswan app All the client OS are native supporting the vpn setup. And openvpn as backup, for network not supporting ipsec passthrough. Or, install pfsence, does the same as the cisco and probley more...

..."shorewall ipsec" Is there any information about setting up multiple VPN zones for different classes of road warrior? E.g. lets say there are two classes of road warrior: vpn_a: mobile devices vpn_b: laptop devices (trusted more than the mobile devices) The IPsec platform (e.g. StrongSwan) gives all the road warriors a pool IP. It uses different pools for users from vpn_a and vpn_b Looking at the ShoreWall IPsec example in the link above, it suggests that all of 0.0.0.0/0 has to be mapped to a single VPN zone in the /etc/shorewall/tunnels file, so it''s not clear that Shor...

I see support in shorewall for the KAME-tools, how about strongswan ? I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my vpn-gateway for the subnet behind it. # Shorewall version 3.4 - Zones File #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall fil ipsec mode=tunn...

...n: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: blocker Priority: P5 Component: kernel Assignee: pablo at netfilter.org Reporter: larkwang at gmail.com We are switching from openvpn to strongswan (ipsec) for our branch offices to headquarter VPN link. We use nftables for better performance and clean ruleset. The ruleset is -----snip----- #!/usr/sbin/nft -f flush ruleset table inet filter { set allowed_addr { type ipv4_addr elements = { <about 4...

...uery, but also let me access my computers inside my home. I already have this working using M$'s PPTP using my home Centos 6 gateway/router as the PoPToP server. However, I am concerned about the privacy/security of such a connection. I have seen discussions of OpenVPN, OpenSwan, LibreVPN, StrongSwan (and probably others I haven't noted). I'd be interested in hearing from anyone who wishes to comment about which to use, with the following requirements: 1) As noted, it should be secure (anti NSA?) 2) Works on Centos 6 and Centos 7 and Windows 7 (and for the future, Windows 10) 3)...

I am looking for the optimal VPN. Well it doens't have to be that elaborate. Just the best VPN. We currently have some customers using PPTP, some using openvpn, some using Cisco Any Connect and there are a few others. So my question is, if you have control of both ends (client and server) what is the best VPN to use? There are not too many requirements, but a big one is The VPN must return

...sql-adaptor] gnustep-dl2-postgresql-adaptor: unhandled symlink to directory conversion: /usr/lib/GNUstep/Frameworks/PostgreSQLEOAdaptor.framework/Resources Added indication that 771755 affects steptalk > unarchive 767561 Bug #767561 {Done: Timo Aaltonen <tjaalton at debian.org>} [pki-tools,strongswan-starter] pki-tools,strongswan-starter: error when trying to install together Unarchived Bug 767561 > reassign 767561 pki-tools 10.2.0-2 Bug #767561 {Done: Timo Aaltonen <tjaalton at debian.org>} [pki-tools,strongswan-starter] pki-tools,strongswan-starter: error when trying to install toget...

...er) to participate in a tinc mesh, in interoperation with GNU/Linux machines. Please see: https://mikrotik.com/ https://mikrotik.com/product/rb1100ahx4 (Confession: after using tinc for a few years, on a few dozen free software machines, going back to point-to-point L2TP/IPSec tunnels, even with Strongswan, would be a NIGHTMARE. This is just because someone in the organization insists in using hardware routers and proprietary software... So this is a cry for help ;-) ) Friendly regards, Răzvan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.tinc-vpn.o...

Is there a "cookbook" for setting this up? There are examples for setting up a tunnel between two fixed-address networks (e.g. a remote LAN that needs to be "integrated" with a central LAN over IPSec but I can't find anything addressing the other situation -- remote user(s) where the connecting IPs are not known in advance, such as a person with a laptop or smartphone in a

...> And check-me.txt > > yeah ... > > > I just did that on my brand new Buster proxy servers, 2 > with keepalived. > > I'm almost done with this, you should only see hostname > IP's as differences... > > Virtual ips, firewalling, added winbind, nfs, strongswan, > kerberos SSO auths. > > Squid with 4 setups.. Pfew.. But guys, when done im posting > this howto also. > > With squid 4.8 on buster, ( hint : repo buster-squid48 ssl > enabled ) > > What a dragon this was, strongswan is last what im on now. > > If someone...

...o a new folder. And runn diff -r /etc-dc1/ /etc-dc2/ > check-me.txt And check-me.txt I just did that on my brand new Buster proxy servers, 2 with keepalived. I'm almost done with this, you should only see hostname IP's as differences... Virtual ips, firewalling, added winbind, nfs, strongswan, kerberos SSO auths. Squid with 4 setups.. Pfew.. But guys, when done im posting this howto also. With squid 4.8 on buster, ( hint : repo buster-squid48 ssl enabled ) What a dragon this was, strongswan is last what im on now. If someone has a strongswan setup with user/ldap auth, pm me your con...

...ngle udp or tcp port, so it usually works on strictly firewalled places like in hotels and so on. -- Eero 2016-04-04 23:18 GMT+03:00 Gordon Messmer <gordon.messmer at gmail.com>: > On 04/04/2016 10:57 AM, david wrote: > >> I have seen discussions of OpenVPN, OpenSwan, LibreVPN, StrongSwan (and >> probably others I haven't noted). I'd be interested in hearing from anyone >> who wishes to comment about which to use, with the following requirements: >> > > I recommend l2tp/ipsec. It's supported out of the box on a wide variety > of client platfo...

...more.   So my question, how can i add all needed properties back in the Ad like the  msNPAllowDialin . Does samba have anything what can sort of restore these, samba-tool dbcheck and --cross-nc show 0 errors. Or should i import the radius schema and use that?   The results where im going at is a strongswan server with user auth from ad/ldap with or without radius. vpn is already up and tested with eap-mschapv2, with plain text username/passwords and im reading now into the ldap part.   so if anyone has some tips, that would be great.     Greetz,   Louis