Displaying 20 results from an estimated 1000 matches similar to: "racoon and ipsec issues"
2009 Feb 16
0
ipsec net-to-net problem
I am trying to set up an ipsec net-to-net VPN and am having problems.
Here is a diagram of the setup:
LAN A --> Host A ----> Internet <---- Host B <-- LAN B
LAN A = 10.10.2.0/24
LAN A gateway = 10.10.2.254
Host A internal = 10.10.2.254
Host A external = xx.xx.xx.xx
Host B external (see below)
Host B internal = 10.10.1.10
LAN B = 10.10.1.0/24
LAN B gateway = 10.10.1.252 (F5 Big
2006 May 03
5
SNAT on IPSEC tunnel with kernel 2.6/KAME tools?
Hi,
Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey
on which I have one address on my side acting as an SNAT router for all
traffic from my network to a network segment on the far side.
my network --- my gateway ---------------------- remote network
10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22
All traffic starts on my side, so if I can
2006 Jul 26
1
IPSec tunnel mode, through a IPIP tunnel
Hello Gurus,
I am a small problem with routing and here are the details.
Interfaces on my server:
* ipsec0 - 172.19.58.94
* tunl0 - 172.19.58.94
* eth0 - 172.19.58.94
Now, the problem is that there is another host 172.19.58.200. All
communication to 172.19.58.200 should be through tunl0, and all the data
should be secured using IPSec (tunnel mode - because there are more
machines on my
2003 Jan 09
2
AW: How do I configure 2 static net2net VPNs ov er one interface ipsec0?
Hi,
Problem:
I want 2 vpn tunnels for 2 subnets over one interface ipsec0.
Documentation only describes config for 1 vpn or road warriors.
I defined 2 vpn zones ''fre'' and ''swe''.
#ZONE DISPLAY COMMENTS
net Net Internet zone
loc Local Local
fre VPN_Fre VPN Fre
swe VPN_Swe VPN Swe
Interface ipsec0 is tunnel over eth1. Local is eth0.
ipsec0 serves 2 zones: fre
2005 May 27
1
Still VPN
Hi, still trying to understand one thing. I would definitely like to
tell iptables to accept all packets coming from remote vpn only if they
hit the $VIRTUALVPNINTERFACE. I tried -o ipsec0 but this is not working,
looks like ipsec0 device doesn't exist or it is not recognized. I red on
the Openswan users list, that Linux kernel 2.6 native ipsec don't create
ipsec* interface (if I am
2005 Feb 02
6
NAT troubles with IPSEC traffic
I just got the list confirmation and noticed it''s text only email so here it
is again in plain text. Below is the oringal message.
Hi all,
I am really struggling with this one, I have built a lot of linux machines
using IPSEC tunnels and shorewall gateways. I decied to build a new test
machine with Debian running 2.4.25 and Shorewall 2.0.15. I have two subnets
on their own switches and
2003 Jan 14
1
MULTIPLE IPSEC TUNNELS
I am have a shorewall firewall and freeswan ipsec running on a redhat 8.0
Linux gateway machine. I have one working tunnel defined, all works well. I
am not clear how to define mutiple concurrent tunnels. I can not add further
interface entries as all the tunnels come in on ipsec0, do I still have
mutiple zone definitions? some of the tunnels will be dynamic roadwarriors
and as such would need a
2004 Aug 13
1
ipsec tunnel to netgear fvs318
Hi,
I''m trying to set-up an ipsec tunnel between a Redhat9 box and a Netgear
FVS318.
When trying to initialise the connection - ifup ipsec0 - I get the error:
RTNETLINK answers: Network is unreachable
This would lead me to believe shorewall is blocking ipsec.
My config is below.
The output of ''shorewall status'' is attached.
Any help in pointing out if I''ve
2003 Jan 14
1
Question on Shorewall with FreeSwan
I am new to Shorewall and FreeSwan, please excuse my ignorance I was
wondering if someone could help me.
I had help getting my FreeSwan running with the following iptables
commands:
iptables -I FORWARD -s 0/0 -d 192.168.1.0/24 -i ipsec0 -o eth1 -j
ACCEPT
iptables -I FORWARD -s 192.168.1.0/24 -d 0/0 -i eth1 -o ipsec0 -j
ACCEPT
If I manually run this FreeSwan works, however I am not sure
2004 Jan 07
1
Forward some traffic to VPN
Hi. I am trying to force some traffic that goes to address 203.7.93.94
through a VPN tunnel. I use freeswan 1.98b and Shorewall 1.4.6c in one
machine. The 203.7.93.94 is in the DMZ on the other end. (Both ends use
the same shorewall and freeswan).
I have successfully set up a tunnel between the two network (using a
point to point topology, not hub).
I added a static routing that redirect
2005 May 23
2
VPN
Hi list, I am trying to create a VPN between two different locations. On
the first location we have a cisco pix 525 Natting the internal
192.168.100.x network, while on the second location we have a Centos3
box Natting via iptables the internal 192.168.10.x netowrk. My goal is
to connect this 2 over the internet via IPsec. I created the IPsec
Net2Net via the network configuration graphic
2002 Feb 14
1
iproute2 src/FreeS/WAN
Hi!
I''ve got two FreeS/WAN gateways setup, with one subnet<->subnet tunnel
setup, which is working fine.
I''ve setup iproute2 to route anything for either subnet via the ipsec0
device using a src address of the local interface. This is to force
locally generated traffic (ie, traffic generated on the server) to go
through the VPN, rather than out with a source IP of the
2004 Dec 30
5
Proxy Arp
Hello Tom,
I have successfully configured proxy arp subnettinng on my network with
three hosts in a Dmz.
And it works great. (using proxyarp in interfaces) I also tryed this on
network below same trouble.
However for this network below I have tryed to configure one host in a
Dmz (using /etc/shorewall/proxyarp) which works and comes up after I set it
up
and clear Isp''s arp
2004 Dec 04
7
vpn-zone wide open
Hello!
I am using shorewall shorewall-2.0.11-1 on fedora core2
(iptables-1.2.9-95.7). My box has 2 physical nicĀ“s plus one virt. ipsec
interface for a freeswan-vpn connection.
A few days ago, portsentry spit out a lot of connections from windows
clients (port 135, 445). Ooops.
I review my shorewall settings but could not find a mistake. So I took a
win-client and established a second
2004 Mar 05
4
Wondershaper breaks IPSec tunnels
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello, been awhile since I''ve written.
I now have a situation where I get to use traffic shaping for a client.
~ We implemented the WonderShaper script on our own firewall and
experienced no problems. I made some modifications to it to add IPSec
protocol packets into the 1:10 high priority class using the u32 filter.
~ So far on our
2009 Aug 12
6
Shorewall (Openswan) IPSEC VPN MASQ Problem
Hi,
I have setup a IPSEC VPN using Openswan to connect a Draytek router to a
CentOS 5.2/Shorewall 4.2.9 firewall. The VPN establishes OK but I''m
getting a problem with packets from the left hand subnet getting
masqueraded rather than routed down the IPSEC VPN as though they were
going out onto the net. I''ve spent the last day searching Google and so
far I''ve hit a
2013 Mar 04
6
Centos6 ipsec troubles
Hello,
it looks like the usual way to do ipsec on centos5 won't work anymore on
centos6
I installed ipsec-tools but an interface type IPsec is not recognized by
the kernel
ifup ipsec0
Device does not seem to be present, delaying initialization.
I am not planning to use the awful OpenSwan, I Want to sue the Kame
implementation which was working fine on CentOS5
any hints ?
thank you
2002 Feb 28
2
Problem with FreeSwan and Shorewall on a LEAF(Oxygen) based router.
Hello,
I seem to have the Freeswan IPSEC tunnel working between my two sites,
but I am still having a problem that looks to be because of something I have
configured wrong in my shorewall setup..
I have a LEAF Oxygen < 1.9 heavily modifed firewall setup.. Using
FreeSwan 1.91, and Kernel 2.4.8. Modified to use IPTables and
standard Debian network/interfaces. I am also using Shorewall
2003 Oct 26
4
linux-xp x509 ipsec connection
hi,
I can''t get a freeswan 2.02 ipsec x509 connection at work
can somebody help me?
*************************************************************************************
global situation
*************************************************************************************
the linux gateway (chivas) is a single machine 192.168.1.250 with a local net 192.168.1.0/24,
a dyn IP via a DSL
2003 Jan 14
1
Firewalling multiple FreeSwan connections
Hi all!
I have got a vpn connection set up using FreeSwan and shorewall.
Everything works fine but I want to add another subnet to the whole. This
means that 1 box will get two net-to-net connections.
I want to limit the services on one subnet however. Cuurently I have
defined a vpn zone for the current connection and allow all vpn<->loc
traffic.
How would I go about in tightening the