All Questions
22
questions
1
vote
1
answer
58
views
How can I setup FIREWALLD with IPSEC (StrongSwan) Site-to-Site to make PING work on Debian 12?
I have 3 nodes with public and local IP address, each:
Node A: edge router #1 (10.41.1.0/24)
Node B: edge router #2 (10.48.2.0/24)
Node C: VMS with Debian 12, docker containers and firewalld (ex. 172....
2
votes
1
answer
202
views
How are `vti` and `xfrm` iproute2 interfaces supposed to be configured and used with xfrm states and policies?
XFRM states and policies enable configuring IPsec encryption without a virtual interface. The vti and xfrm interface types, however, I think make it possible to route traffic through a virtual ...
1
vote
0
answers
2k
views
iptables to nftables for iKEv2 IPSEC VPN server
Can someone please help in converting the below iptable rules to equivalent nftables rules?
I have already tried to use iptables-translate, but it is not translating all of my rules...
# accept ports ...
0
votes
1
answer
699
views
VPN redirect user to specific IP and port
Hope you can point me in the right direction. I have this idea but need some advice and suggestions where to look at and how to do it (if it's possible)
I want my family members to connect to a VPN (...
0
votes
0
answers
216
views
How to verify lets encrypt certs with server? - OSCP error linux Strongswan
Goal
I am attempting to build an IKEv2 VPN using the strongswan IPSEC implementation with Let's Encrypt certificates and RSA authentication. I successfully built it in the legacy ipsec.conf format, ...
4
votes
2
answers
12k
views
How can I route only a particular subnet to the StrongSwan VPN but not my whole traffic on linux?
I have no particular competences on networking, so I'll do my best to explain my needs.
On my Linux laptop I'm running StrongSwan (with NetworkManager) to connect to a particular VPN with IPsec. This ...
0
votes
0
answers
767
views
Strongswan IPsec configuration ( Linux - Cisco)
I'm configuring site-to-site ipsec tunnel. The error that I am getting shows that Quick Mode proposal (ESP) doesn't match
Jan 27 09:23:42 raspberrypi charon: 10[ENC] generating QUICK_MODE request ...
1
vote
0
answers
240
views
Linux ShrewSoft client connects but doesn't pass any traffic
A customer recently changed their VPN server and now recommends ShrewSoft as the appropriate client.
On Windows, the provided config works. On Linux, it also appears to connect and sets up a tap0 ...
0
votes
1
answer
1k
views
RTNETLINK answers: Operation not supported for ip xfrm command on debian os
I am trying to configure ipsec through ip xfrm commands in debian image. I am facing operation not supported error. Kindly help me on where am going wrong.
Logs:
NE145:2-10*:/tmp # ip xfrm policy ...
1
vote
0
answers
2k
views
Configure a Linux client for a Windows VPN
I am trying to connect from my personal Arch Linux laptop to my office's windows server VPN.
I have followed the instructions of the Arch wiki but I cannot get the IPSec tunnel to connect.
The ...
0
votes
1
answer
1k
views
Can't connect to IPsec/L2TP on OpenSUSE Tumbleweed
I want to access VPN network from my laptop, which runs OpenSUSE Tumbleweed. The problem is that I can't connect with neither NetworkManager, neither configuring anything manually.
Logs provided:
● ...
1
vote
1
answer
364
views
Cannot create Security Association in CentOS 7.4 using Setkey
I've been asked to migrate from CentOS 6.8 to 7.4 on all of our Linux devices. I'm running into an issue with loading Security Associations into the Linux kernel. I'm using ipsec-tools' ...
0
votes
0
answers
992
views
Setup static routes with Libreswan
We are using Libreswan to connect On-Premise network to Azure and BGP to advertise routes. But Azure BGP it's eBGP with 2 hops.
The use case it's:
a. setup IPSec tunnel
b. route Azure Peer IP via ...
1
vote
0
answers
557
views
Racoon IPsec-SA expired: ESP/Tunnel
Hello my vpn link vpn does not connect anymore and gives me the following logs thank you to help me please:
Jun 19 08:06:25 FwME racoon: INFO: IPsec-SA established: ESP/Tunnel 89.30.97.2[500]->57....
0
votes
1
answer
2k
views
How do I configure ipsec and xl2tpd to not use compression when connecting to VPN?
I have two config files:
./etc/ppp/options.xl2tpd.myvpn_name
./etc/ipsec.d/myvpn_name.conf
and somewhere in one of them I need to say "no compression" because I error I get is:
Unsupported protocol ...
1
vote
1
answer
63
views
Linux box as network gateway changes source address
I have a Ubuntu Server box(A) with an IPSec tunnel to another datacenter(AWS, through a VPC VPN). The tunnel is fine and I can ping the other side of the tunnel.
The problem is when I try to ...
0
votes
1
answer
27
views
Linux Server Virtual Networking
I have a Linux (CentOS 6) database test server which is often inaccessible so therefore a terrible way to test.
I was wondering if anyone has any recommendations for remote access to the server ...
0
votes
0
answers
382
views
Block web sites for VPN clients
I installed IPSEC L2TP VPN Server on Ubuntu 12 x86 vps machine. I want to block some web sites for clients connected to VPN Server. So, changed hosts file in Ubuntu to block accessing unwanted web ...
1
vote
0
answers
5k
views
Route all traffic through IPSEC tunnel
I'm using Strongswan on CentOS as IPSEC VPN server. Is possible to tell client (win7) to route all traffic through tunnel interface after tunnel is up?
Here is my ipsec.conf
config setup
conn %...
0
votes
2
answers
3k
views
Openswan L2TP/IPsec VPN for iPhone fails during connection
I spent the morning trying to configure an L2TP/IPsec VPN using Openswan and xl2tpd on a Debian Squeeze server for use by a mix of iOS and Mac clients. I am trying to set it up using pre-shared keys ...
1
vote
1
answer
2k
views
Private IP address over IPSEC tunnel
I have two dedicated servers that I have configured to require AH and ESP between their (public) IP addresses and using racoon I've set up isakmp. The IPsec tunnel between them is working well - I ...
2
votes
1
answer
2k
views
IPSec-Tools build on Ubuntu
I am trying to build ipsec-tools package from http://ipsec-tools.sourceforge.net/ on Ubuntu PC.
I build the package with:
$ ./autoreconf --force --install
$ ./bootstrap
$ ./configure --enable-...