similar to: Openswan and IPtables

Hello, I'm having a bit of trouble connecting our current CentOS Openswan server with a Vyos server via IPSec. I've posted this on the VyOS forums, but haven't had many helpful responses, so I thought I would ask here. http://forum.vyos.net/showthread.php?tid=26504&pid=29703#pid29703 Basically our Openswan configuration is as follows: conn VYOS keyingtries=0

I´ve figured out the following. I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp x.x.x.14 eth2 eth0 No very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn) but with public ip x.x.x.14 to x.x.x.11 If I try to sftp through the fw to the public internet I have the same

Hi, is there anybody running centos3 (el3) with a standard kernel 2.4.32 or newer, because it seems openswan versions > 2.21 don''t run with centos3(el3) anymore. But we need the newer openswan versions. Problem arise when I try to build the ipsec.o module: /usr/src/openswan-2.4.4/linux/net/ipsec/ipsec_init.c /usr/src/openswan-2.4.4/linux/net/ipsec/ipsec_init.c: In function

Hi All, I upgraded from 5.3 to 5.4 today on a vpn gateway using openswan. After the upgrade the vpn stopped working. From what I could tell the new version of openswan uses NSS. I tried following the instructions in this thead https://bugzilla.redhat.com/show_bug.cgi?id=508107 without success. # certutil -N -d sql:/etc/ipsec.d certutil: function failed: security library: bad database.

I looked in the yum repositories for CentOS 7 and I noticed that there are no packages for any of the major open source IPSec VPN apps - Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan packages. What is the current consensus w.r.t. building an IPSec VPN "server" (concentrator, whatever) on CentOS 7, that will do site-to-site connections with Cisco hardware at

2015-04-14 21:40 GMT+03:00 Florin Andrei <florin at andrei.myip.org>: > On 2015-04-14 11:25, Gordon Messmer wrote: > >> On 04/14/2015 11:07 AM, Florin Andrei wrote: >> >>> I looked in the yum repositories for CentOS 7 and I noticed that there >>> are no packages for any of the major open source IPSec VPN apps - >>> Openswan, strongSwan, etc.

Does anyone else noticed problems after updating openswan to openswan-2.6.32-27.2.el6_5.i686 ? In our case a connection to Cisco VPN 3000 Series would no longer work. I can see in the log an ASSERTION FAILED error and the connection would remain in Pending phase 2. Mar 7 16:24:40 firewall pluto[7647]: "ciscovpntest" #2: discarding duplicate packet; already STATE_MAIN_I1 Mar 7

On 2015-04-14 11:25, Gordon Messmer wrote: > On 04/14/2015 11:07 AM, Florin Andrei wrote: >> I looked in the yum repositories for CentOS 7 and I noticed that there >> are no packages for any of the major open source IPSec VPN apps - >> Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan >> packages. > > libreswan replaced openswan, and is

Hi All: Ok, here is my network: 192.168.1.0/28 is the network behind the Cisco, the Gig0/1 interface is 192.168.1.1. Linux box is 192.168.1.96/28 behind with 192.168.1.97 the Eth1 interface. I have the Ipsec tunnel up and working between them using preshared keys. So that works. Here is the Cisco tunnel setup: interface Tunnel6 ip address 192.168.2.110 255.255.255.240 tunnel source

On 04/14/2015 11:07 AM, Florin Andrei wrote: > I looked in the yum repositories for CentOS 7 and I noticed that there > are no packages for any of the major open source IPSec VPN apps - > Openswan, strongSwan, etc. I'm pretty sure CentOS 6 had Openswan packages. libreswan replaced openswan, and is available in the CentOS 7 repo.

As I said though, there's no lost ICMP packets, even when the IPSec tunnel drops out. I do notice a lot of these errors in the secure log though, would this be any indication of a problem? (I'm grepping for this specific error, they're not the only messages in there). Feb 11 14:18:10 site-a pluto[10450]: "site-b/1x1" #803: ignoring Delete SA payload: PROTO_IPSEC_ESP

Hi all, Any one have success with Openswan and IPSEC VPN? Having some issues. Wondering if any would mind posting there configs; ipsec.conf. Also open to any IPSEC client. - aurf

I am trying to get a debian system with openswan 2.2 shorewall 2.1.11 + debian kernel 2.6.8 working together. I have read the documentation (IPSEC using Linux Kernel 2.6) and before I go and compile my own modules I would like to know if the standard debian kernel already has the Netfilter+ipsec patches and the policy match patches installed. Does anyone know? thanks Jim

Try setting lower keyexpiry time on other endpoint. -- Eero 2016-02-09 17:04 GMT+02:00 John Cenile <jcenile1983 at gmail.com>: > Hello, > > I'm cross posting this from the OpenSwan mailing list, in case someone here > can help. > > We have two sites connected via OpenSwan 2.6.32-9 on CentOS 5, sharing 6 > /24 subnets each (so 12 in total). > > The problem

On 2015-04-14 11:44, Eero Volotinen wrote: > 2015-04-14 21:40 GMT+03:00 Florin Andrei <florin at andrei.myip.org>: >> >> http://serverfault.com/a/655752/24406 >> >> If that is accurate, the documentation, and the clustering / load >> balancing might tilt the balance in the direction of strongSwan. >> >> > Well, both packages can do ipsec to

Hi, I wonder what is better on CentOS 6 if openswan or ipsec-tools, what do you recommend me? (I can't use openvpn) Thanks in advance! -- -- Sergio Belkin ?http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org

Hi everyone! First of all, sorry about my bad English and the e-mails extension. I need some help to implement a VPN connection using shorewall and openswan as IPSec Tunnel. My network map: CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER (DMZ) I have two VPN connections with two different subnets to the other end. The two of then are correctly established.

I''m just looking for a quick sanity check to make sure what I''m finding is really all necessary here. I''m upgrading a gateway/firewall from Linux 2.4 to 2.6 using Mandrake 10.1. In the old 2.4 kernel I structured my firewall rules around the ipsec0 interface, which I understand isn''t present with Openswan running under 2.6 (no KLIPS). Ok, So as I start to

Well. Centos 5 is really near of it's end of life. There is not much updates to kernel or openswan. You should at least try latest openswan version. Your issue looks like a bit network problem. -- Eero 2016-02-10 8:34 GMT+02:00 John Cenile <jcenile1983 at gmail.com>: > So lowering the keylife / ikelifetime didn't solve the problem. I've > enabled debugging and I'll

Hello, I'm cross posting this from the OpenSwan mailing list, in case someone here can help. We have two sites connected via OpenSwan 2.6.32-9 on CentOS 5, sharing 6 /24 subnets each (so 12 in total). The problem we're having is completely randomly, be it in the middle of the day, or in the middle of the night (so I don't believe it's traffic related), certain (and sometimes