Displaying 20 results from an estimated 7000 matches similar to: "Shorewall (Openswan) IPSEC VPN MASQ Problem"
2016 Mar 21
5
IPSec multiple VPN setups
I second Eero's comment, use a new IPSec daemon.
Openswan was forked and became Libreswan. Paul, now a RH employee, was a
main developer for the Openswan project before he and others created the
Libreswan fork.
https://libreswan.org/
EL6 has Openswan
EL7 has Libreswan
Racoon isn't all that fun to work with.
If you have the option, ditch it and EL5 and move to a newer platform
2016 Mar 21
3
IPSec multiple VPN setups
Centos 5 is still soon end of life. Using it as ipsec gateway is ..
Eero
21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com> kirjoitti:
> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip257 at gmail.com>
> wrote:
>
> > I second Eero's comment, use a new IPSec daemon.
> >
> > Openswan was forked and became Libreswan. Paul, now
2016 Mar 21
2
IPSec multiple VPN setups
Err. Sounds like security nightmare.
21.3.2016 7.47 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti:
> Will ask my boss :) We are hosted on memset so not so easy to update
>
> Thanks
>
> On 21 March 2016 at 17:36, Eero Volotinen <eero.volotinen at iki.fi> wrote:
> > Centos 5 is still soon end of life. Using it as ipsec gateway is ..
> >
2008 Jul 07
5
IPSEC tunnel up, but no traffic coming through
Hi all,
I finally got my IPSec tunnel from my Fedora firewall system (running
Shorewall 4.0.6) to a remote Draytek Router up-and-running, but I''m having
difficulties directing traffic through the tunnel. From the output of
"racoon -F -f racoon.conf" and the connection status page of the Draytek I
can tell the tunnel is UP, but ping and traceroute requests to several hosts
2014 Feb 08
1
openswan and ipsec
# ipsec verify
...
If you encounter network related SElinux errors, especially when using KLIPS,
try disabling SElinux
...
Well, it is not running KLIPS but netkey, anyways
I feel not comfortable about disabling selinux on a ipsec router.
I am not sure how to handle possible probems in this case, too.
If I decide not to disable selinux, and I run into problems, should I
a) report it to redhat
2009 Nov 25
7
Multiple ISP Routing Application Error
I''m getting an error when shorewall is trying to add the default routes
for my multi-isp configuration. I''ve attached a shorewall dump... If
anyone can give some input I''d appreciate it.
RTNETLINK answers: Invalid argument
ERROR: Command "ip -4 route replace default scope global table 254
nexthop via 67.110.119.245 dev eth3 weight 1 nexthop via 66.29.181.113
2009 Nov 21
5
WG: Policy make troubles once multiple zones are applied
OK - I figured out what it is but maybe someone can give an explanation
here.
If I use he multiple zones configuration I have to do in addition
Hosts
v3005 vlan3005:0.0.0.0/0
And of course this seems to be very logic since this means all ip´s on the
internet.
But I am still confused a lot why this is the first time I have to do it
after using Shorewall over years without to be forced to say
2016 Mar 21
2
IPSec multiple VPN setups
Hi I hope someone can answer something I'm sure is quite basic.
I am following the instructions at
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
On setting up a VPN
The part I am having trouble with is when it show the
/etc/racoon/racoon.conf file.
But it doesn't say whay you have to do with this file.
When I bring up my connection
ifup bicester
I get
RTNETLINK
2006 Aug 21
3
Connecting CentOS to IPSEC VPN (Checkpoint FW1)
Hi,
Does anyone have experience using IPSEC on CentOS in order to connect to
vendor IPSEC-based VPN products (specifically Checkpoint FW1) ?
Is the included IPSEC implementation sufficient, or do people have to rely
on OpenSWAN or FreeSWAN ? I'd be testing tomorrow and I'm interested with
experiences others have had and things to look out for.
Thanks in advance,
-- dag wieers, dag
2009 Jun 10
6
Shorewall + IPsec Tunnel
Hi everyone!
First of all, sorry about my bad English and the e-mails extension.
I need some help to implement a VPN connection using shorewall and openswan
as IPSec Tunnel.
My network map:
CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER
(DMZ)
I have two VPN connections with two different subnets to the other end. The
two of then are correctly established.
2012 Apr 05
3
IPSEC How To?
Hello,
now I have spent many hours to configure openswan for VPN connections
without any success.
My goal:
VPN Server CentOS 6 with public IPv4
VPN Client (= road warrier) from private site with NAT router or from
mobile cell with Linux, Windows 7, Mac, iPhone or Android
Is there any how to in the net?
When I read
file:///usr/share/doc/openswan-doc-2.6.32/config.html
then I belive, there is
2006 Mar 27
1
CentOS 3 and openswan > 2.2.1
Hi,
is there anybody running centos3 (el3) with a standard kernel 2.4.32 or
newer, because it seems openswan versions > 2.21 don''t run with
centos3(el3) anymore.
But we need the newer openswan versions.
Problem arise when I try to build the ipsec.o module:
/usr/src/openswan-2.4.4/linux/net/ipsec/ipsec_init.c
/usr/src/openswan-2.4.4/linux/net/ipsec/ipsec_init.c: In function
2015 Apr 14
3
state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
I looked in the yum repositories for CentOS 7 and I noticed that there
are no packages for any of the major open source IPSec VPN apps -
Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan
packages.
What is the current consensus w.r.t. building an IPSec VPN "server"
(concentrator, whatever) on CentOS 7, that will do site-to-site
connections with Cisco hardware at
2014 Mar 07
2
Latest openswan update does no longer connect to Cisco VPN 3000 Series
Does anyone else noticed problems after updating openswan to
openswan-2.6.32-27.2.el6_5.i686 ? In our case a connection to Cisco VPN
3000 Series would no longer work. I can see in the log an ASSERTION FAILED
error and the connection would remain in Pending phase 2.
Mar 7 16:24:40 firewall pluto[7647]: "ciscovpntest" #2: discarding
duplicate packet; already STATE_MAIN_I1
Mar 7
2015 Apr 14
2
state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
On 2015-04-14 11:25, Gordon Messmer wrote:
> On 04/14/2015 11:07 AM, Florin Andrei wrote:
>> I looked in the yum repositories for CentOS 7 and I noticed that there
>> are no packages for any of the major open source IPSec VPN apps -
>> Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan
>> packages.
>
> libreswan replaced openswan, and is
2004 Oct 24
2
openswan+shorewall+kernel 2.6.8 debian
I am trying to get a debian system with openswan 2.2 shorewall 2.1.11 + debian kernel 2.6.8 working together. I have
read the documentation (IPSEC using Linux Kernel 2.6) and before I go and compile my own modules I would like to know
if the standard debian kernel already has the Netfilter+ipsec patches and the policy match patches installed.
Does anyone know?
thanks
Jim
2006 Aug 16
2
Openswan 2.4.6rc5 under CentOS 4.3
Hello,
I'm trying to get Openswan running in a CentOS 4.3 environment. I want to
modify as little as possible so that the machine can be kept up to date
easily. I'd rather not compile a special kernel, but if that's the only
solution, no problem (I don't need NAT traversal).
It's running kernel 2.6.9-34.0.2.EL. Installed the kerneldevel RPM (and
kernel src rpm as well). I
2016 Feb 17
2
Openswan <-> VyOS
Hello,
I'm having a bit of trouble connecting our current CentOS Openswan server
with a Vyos server via IPSec.
I've posted this on the VyOS forums, but haven't had many helpful
responses, so I thought I would ask here.
http://forum.vyos.net/showthread.php?tid=26504&pid=29703#pid29703
Basically our Openswan configuration is as follows:
conn VYOS
keyingtries=0
2016 Feb 09
2
OpenSwan Drop Out Issue
Centos 5 is also a bit old os. Is it possible to use newer version? (like
centos 7 or centos 6?)
Eero
2016-02-09 19:52 GMT+02:00 Gordon Messmer <gordon.messmer at gmail.com>:
> On 02/09/2016 07:04 AM, John Cenile wrote:
>
>> does anyone have any suggestions on what the problem might be?
>>
>
> Not off the top of my head, but if I were you, I'd enable debugging
2015 Apr 14
1
state of IPSec VPN on CentOS 7: Openswan, strongSwan, RPM packages
On 2015-04-14 11:44, Eero Volotinen wrote:
> 2015-04-14 21:40 GMT+03:00 Florin Andrei <florin at andrei.myip.org>:
>>
>> http://serverfault.com/a/655752/24406
>>
>> If that is accurate, the documentation, and the clustering / load
>> balancing might tilt the balance in the direction of strongSwan.
>>
>>
> Well, both packages can do ipsec to