Displaying 20 results from an estimated 45 matches for "strongswan".
2007 Jul 05
2
Re: [strongSwan] Interop problem Linksys WRV200 with Strongswan 4.1.3 / PSK
...re than just a few bytes.
I can type my login-name and my password, then get a prompt ...
but if I call, let''s say, mc, or so, it stops working after a few
seconds - just hangs.
Is this the mss-clamp-problem ?
Philipp
Andreas Steffen schrieb:
> Hi Philipp,
>
> it seems that the strongSwan box does not even answer now.
> Do you see any connection attempts in the strongSwan log?
>
> Andreas
>
> BTW - is the Linksys router running a FreeS/WAN or Openswan clone?
>
> Philipp Rusch wrote:
>> Hi Andreas,
>>
>> this is a harder thing than I thought .....
2015 Apr 14
2
state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
On 2015-04-14 11:25, Gordon Messmer wrote:
> On 04/14/2015 11:07 AM, Florin Andrei wrote:
>> I looked in the yum repositories for CentOS 7 and I noticed that there
>> are no packages for any of the major open source IPSec VPN apps -
>> Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan
>> packages.
>
> libreswan replaced openswan, and is available in the CentOS 7 repo.
I just noticed that strongSwan is in EPEL.
I'm also looking at this comment on ServerFault:
http://serverfault.com/a/655752/24406
If that is acc...
2015 Apr 14
3
state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
I looked in the yum repositories for CentOS 7 and I noticed that there
are no packages for any of the major open source IPSec VPN apps -
Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan
packages.
What is the current consensus w.r.t. building an IPSec VPN "server"
(concentrator, whatever) on CentOS 7, that will do site-to-site
connections with Cisco hardware at the other end? Is any of the *swan
apps still considered th...
2015 Apr 14
1
state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
...lotinen wrote:
> 2015-04-14 21:40 GMT+03:00 Florin Andrei <florin at andrei.myip.org>:
>>
>> http://serverfault.com/a/655752/24406
>>
>> If that is accurate, the documentation, and the clustering / load
>> balancing might tilt the balance in the direction of strongSwan.
>>
>>
> Well, both packages can do ipsec to cisco asa without any problems.
I have this one case where the other end of the connection wants to use
some specific encryption parameters (specific versions of AES and SHA).
I need to make sure that whatever software I use, is capab...
2015 Apr 14
0
state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
...t; On 2015-04-14 11:25, Gordon Messmer wrote:
>
>> On 04/14/2015 11:07 AM, Florin Andrei wrote:
>>
>>> I looked in the yum repositories for CentOS 7 and I noticed that there
>>> are no packages for any of the major open source IPSec VPN apps -
>>> Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan
>>> packages.
>>>
>>
>> libreswan replaced openswan, and is available in the CentOS 7 repo.
>>
>
> I just noticed that strongSwan is in EPEL.
>
> I'm also looking at this comment on ServerFault:
>...
2015 Apr 14
0
state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
On 04/14/2015 11:07 AM, Florin Andrei wrote:
> I looked in the yum repositories for CentOS 7 and I noticed that there
> are no packages for any of the major open source IPSec VPN apps -
> Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan packages.
libreswan replaced openswan, and is available in the CentOS 7 repo.
2013 Jul 12
3
new Shorewall + strongSwan blog
Hi Tom,
Thanks for the feedback about my Shorewall evaluation
I''ve published a blog today covering general things I''ve observed about
the way to combine Shorewall with strongSwan:
http://danielpocock.com/practical-linux-vpns-with-strongswan-shorewall-and-openwrt
Please let me know if anything is inaccurate or if there is anything
substantial that I missed and I''ll correct it.
Regards,
Daniel
-------------------------------------------------------------------...
2019 Mar 05
1
getent not working after installing firewall
...n get a new firmware, because i did not have a support contract.
... WHAT.. No firmware because i dont want a support contract.. Hell no.. so bye bye cisco..
Never ever ever a Cisco for me..
If you want simple but good, look at draytek. More advanced, juniper, opensouce pfsence
What you want is Strongswan + openvpn.
I've a strongswan roadwarrior setup, compatible with win7-10/IOS/Android use strongswan app
All the client OS are native supporting the vpn setup.
And openvpn as backup, for network not supporting ipsec passthrough.
Or, install pfsence, does the same as the cisco and probley more...
2013 Jul 02
2
multiple VPN zones
..."shorewall ipsec"
Is there any information about setting up multiple VPN zones for
different classes of road warrior? E.g. lets say there are two classes
of road warrior:
vpn_a: mobile devices
vpn_b: laptop devices (trusted more than the mobile devices)
The IPsec platform (e.g. StrongSwan) gives all the road warriors a pool
IP. It uses different pools for users from vpn_a and vpn_b
Looking at the ShoreWall IPsec example in the link above, it suggests
that all of 0.0.0.0/0 has to be mapped to a single VPN zone in the
/etc/shorewall/tunnels file, so it''s not clear that Shor...
2007 Jul 06
8
interop with strongswan / ipsec
I see support in shorewall for the KAME-tools, how about strongswan ?
I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my
vpn-gateway for the subnet behind it.
# Shorewall version 3.4 - Zones File
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
fil ipsec mode=tunn...
2016 Aug 17
6
[Bug 1082] New: Hard lockup when inserting nft rules (esp. ct rule)
...n: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: blocker
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
Reporter: larkwang at gmail.com
We are switching from openvpn to strongswan (ipsec) for our branch offices to
headquarter VPN link.
We use nftables for better performance and clean ruleset. The ruleset is
-----snip-----
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
set allowed_addr {
type ipv4_addr
elements = { <about 4...
2016 Apr 04
10
VPN suggestions centos 6, 7
...uery, but also let me access my computers inside my home.
I already have this working using M$'s PPTP using my home Centos 6
gateway/router as the PoPToP server. However, I am concerned about
the privacy/security of such a connection.
I have seen discussions of OpenVPN, OpenSwan, LibreVPN, StrongSwan
(and probably others I haven't noted). I'd be interested in hearing
from anyone who wishes to comment about which to use, with the
following requirements:
1) As noted, it should be secure (anti NSA?)
2) Works on Centos 6 and Centos 7 and Windows 7 (and for the future,
Windows 10)
3)...
2010 Nov 24
5
Optimal VPN
I am looking for the optimal VPN. Well it doens't have to be that elaborate.
Just the best VPN. We currently have some customers using PPTP, some using
openvpn, some using Cisco Any Connect and there are a few others.
So my question is, if you have control of both ends (client and server)
what is the best VPN to use? There are not too many requirements, but a
big one is
The VPN must return
2015 Jan 09
0
Processed (with 2 errors): user debian-qa@lists.debian.org, affects 774889, affects 771755, unarchiving 767561 ...
...sql-adaptor] gnustep-dl2-postgresql-adaptor: unhandled symlink to directory conversion: /usr/lib/GNUstep/Frameworks/PostgreSQLEOAdaptor.framework/Resources
Added indication that 771755 affects steptalk
> unarchive 767561
Bug #767561 {Done: Timo Aaltonen <tjaalton at debian.org>} [pki-tools,strongswan-starter] pki-tools,strongswan-starter: error when trying to install together
Unarchived Bug 767561
> reassign 767561 pki-tools 10.2.0-2
Bug #767561 {Done: Timo Aaltonen <tjaalton at debian.org>} [pki-tools,strongswan-starter] pki-tools,strongswan-starter: error when trying to install toget...
2018 Nov 16
4
Any way to run tinc on MikroTik routers?
...er) to participate in a tinc mesh, in
interoperation with GNU/Linux machines.
Please see:
https://mikrotik.com/
https://mikrotik.com/product/rb1100ahx4
(Confession: after using tinc for a few years, on a few dozen free software
machines, going back to point-to-point L2TP/IPSec tunnels, even with
Strongswan, would be a NIGHTMARE. This is just because someone in the
organization insists in using hardware routers and proprietary software...
So this is a cry for help ;-) )
Friendly regards,
Răzvan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.o...
2013 Apr 11
2
IKEv2/IPSEC "Road Warrior" VPN Tunneling?
Is there a "cookbook" for setting this up? There are examples for
setting up a tunnel between two fixed-address networks (e.g. a remote
LAN that needs to be "integrated" with a central LAN over IPSec but I
can't find anything addressing the other situation -- remote user(s)
where the connecting IPs are not known in advance, such as a person with
a laptop or smartphone in a
2019 Jul 31
0
GPO issues - getting SYSVOL cleaned up again
...> And check-me.txt
>
> yeah ...
>
> > I just did that on my brand new Buster proxy servers, 2
> with keepalived.
> > I'm almost done with this, you should only see hostname
> IP's as differences...
> > Virtual ips, firewalling, added winbind, nfs, strongswan,
> kerberos SSO auths.
> > Squid with 4 setups.. Pfew.. But guys, when done im posting
> this howto also.
> > With squid 4.8 on buster, ( hint : repo buster-squid48 ssl
> enabled )
> > What a dragon this was, strongswan is last what im on now.
> > If someone...
2019 Jul 31
3
GPO issues - getting SYSVOL cleaned up again
...o a new folder.
And runn diff -r /etc-dc1/ /etc-dc2/ > check-me.txt
And check-me.txt
I just did that on my brand new Buster proxy servers, 2 with keepalived.
I'm almost done with this, you should only see hostname IP's as differences...
Virtual ips, firewalling, added winbind, nfs, strongswan, kerberos SSO auths.
Squid with 4 setups.. Pfew.. But guys, when done im posting this howto also.
With squid 4.8 on buster, ( hint : repo buster-squid48 ssl enabled )
What a dragon this was, strongswan is last what im on now.
If someone has a strongswan setup with user/ldap auth, pm me your con...
2016 Apr 05
7
VPN suggestions centos 6, 7
...ngle udp
or tcp port, so it usually works on strictly firewalled places like in
hotels and so on.
--
Eero
2016-04-04 23:18 GMT+03:00 Gordon Messmer <gordon.messmer at gmail.com>:
> On 04/04/2016 10:57 AM, david wrote:
>
>> I have seen discussions of OpenVPN, OpenSwan, LibreVPN, StrongSwan (and
>> probably others I haven't noted). I'd be interested in hearing from anyone
>> who wishes to comment about which to use, with the following requirements:
>>
>
> I recommend l2tp/ipsec. It's supported out of the box on a wide variety
> of client platfo...
2017 Dec 14
3
ADUC missing msNPAllowDialin and need vpn advice for ad setup.
...more.
So my question, how can i add all needed properties back in the Ad like the msNPAllowDialin .
Does samba have anything what can sort of restore these, samba-tool dbcheck and --cross-nc show 0 errors.
Or should i import the radius schema and use that?
The results where im going at is a strongswan server with user auth from ad/ldap with or without radius.
vpn is already up and tested with eap-mschapv2, with plain text username/passwords and im reading now into the ldap part.
so if anyone has some tips, that would be great.
Greetz,
Louis