All Questions
Tagged with ipsec networking
71
questions
1
vote
1
answer
58
views
How can I setup FIREWALLD with IPSEC (StrongSwan) Site-to-Site to make PING work on Debian 12?
I have 3 nodes with public and local IP address, each:
Node A: edge router #1 (10.41.1.0/24)
Node B: edge router #2 (10.48.2.0/24)
Node C: VMS with Debian 12, docker containers and firewalld (ex. 172....
- 13
0
votes
0
answers
28
views
PFsense: fake subnet
I have got on IPSec tunnel mapping a remote 172.x/24 network to my local 10.x/16 network.
Because I cannot change the configuration on the remote site I need to use this like this (with 10.x/16 ...
- 73
2
votes
1
answer
202
views
How are `vti` and `xfrm` iproute2 interfaces supposed to be configured and used with xfrm states and policies?
XFRM states and policies enable configuring IPsec encryption without a virtual interface. The vti and xfrm interface types, however, I think make it possible to route traffic through a virtual ...
- 49
0
votes
0
answers
185
views
To allow IPsec NAT-T traffic to pass through, why does the firewall still need to permit ESP when it already allows UDP 4500?
I established an IPsec VPN tunnel between two Juniper SRX routers across NAT, with the NAT being performed by the firewall (a Linux server). When attempting to configure the firewall rules to allow ...
0
votes
0
answers
47
views
UDMP Wireguard Server + IPSec Site-to-site
We have a UDMP with a few VLANs : 10.92.10.0/24 , 10.92.41.0/24, 10.92.42.0/24
We have added a Wireguard server, which uses 192.168.4.0/24, and works wonderfully (clients can connect and access ...
0
votes
1
answer
22
views
IPSec S2S peer B host cannot receive ICMP reply or access host resources on peer A
I've got an IPSec S2S tunnel setup. The VPN is connected, tunnel established.
Here's the network topology:
(for reference, I am Peer A)
Problem:
host A pings host B and gets reply (this is not a ...
- 589
0
votes
0
answers
87
views
nftables config for ipsec (strongswan) vpn
If have got a working IPSec connection between a device (raspberry) on remote side (10.X.117.0/24 network) and the local network (10.Y.0.0/16 network).
The raspberry has a static 10.X.117.1 IP on its ...
- 73
0
votes
0
answers
133
views
How to chain in cascade two VPNs on macOS?
Given the following VPNs:
a WireGuard VPN I've created with a Fritz!Box
a Cisco IPSec VPN
I'd like to know if it's possible to connect to the Cisco VPN using the IP obtained via the WireGuard VPN. ...
- 101
0
votes
0
answers
147
views
set network interface for strongswan
I am using StrongSwan on Raspberry Pi with a LTE token which is handled as eth1. It works fine as long nothing is connected to the ethernet port (eth0).
Then StrongSwan wants to use eth0 which fails.
...
- 73
1
vote
0
answers
36
views
Routing specific subnet through a local peer
I have two (almost identical) Ubuntu machines with the local IP of 10.0.0.10 and 10.0.0.20, let's call them TEN and TWENTY respectively. Both have the default gateway of 10.0.0.1.
On TEN I have a site-...
- 11
0
votes
1
answer
2k
views
Mac OSX can dig or nslookup but cannot ping host
I am facing a problem with my mac on a Sophos Remote IpSec VPN.
The VPN IpSec is set to be the Default Gateway.
I can connect to the VPN, and I can join every IP on my remote network.
I can dig and ...
- 1
1
vote
0
answers
27
views
Using remore office local internet
I bought two routers (DrayTek Vigor 2866ax) to connect offices in different countries. The problem we have is we need to use internet of other country to connect to our bank accounts and local ...
- 11
1
vote
1
answer
547
views
VPN for remote access to home LAN (IPSec?)
Another probably daft question:
I am in the process of setting up a VPN connection for the purpose of remote access to services on my home LAN. The router, firewall and VPN server i am using for this ...
- 469
0
votes
0
answers
175
views
Configure IPsec only VPN on routerOS
For connections from my iPhone into my home network when I'm outside, I configured a VPN based on L2TP and IPsec. I found a lot of examples in the internet for this configuration. All network traffic ...
- 101
0
votes
0
answers
24
views
Occasional and Momentary Site-to-Site VPN Tunnel Failures
I just started managing a number of locations that have site-to-site VPN connections. Part of what I've been doing is going through the Sophos firewalls examining alerts, findings and incidents. While ...
- 41
0
votes
0
answers
463
views
Unifi UDM - IPSec VPN PING works but nothing else?
I'm trying to setup a remote syslog solution that is comprised of the following:
Unifi UDM SE --> Site-to-site IPSec VPN Connection --> AWS VPC --> Private EC2 Instance (syslog collector - ...
- 101
0
votes
0
answers
828
views
Extremely slow transfer speed through IPsec tunnel between 2 locations
I have 2 location with fibre connection. Location A has ~400M down/up whereas Location B has 1Gbps (up/down) shared pipe between 4 offices (total of 15 computers).
Location A has a Windows 2019 Hyper-...
- 481
1
vote
0
answers
38
views
Trying to find out the best possible network setup to allow IPSec tunneling between networks through Cisco router and DreyTek network device
I'm trying to find out the best possible network setup for my test SOHO network.
My goal is to create a create IPSec tunnel between my network (192.168.68.0/24) and a remote network. The main reason I ...
0
votes
1
answer
2k
views
Single IP left subnet and routing traffic through tunnel in strongswan
I must set up an ipsec tunnel to use an external service provided by another company (so I have no control on the other side and can't change anything there). Let's say that:
192.168.0.0/24 is my ...
- 23
0
votes
1
answer
392
views
How can RDP get secured using IPSec and IPv4, rather than IPv6 on Windows 10
I found this approach to secure RDP-connections on a post at the University of Rostock.
On the Server (W10):
netsh ipsec static set store location=local
netsh ipsec static add policy name="...
- 1
1
vote
0
answers
65
views
IPSec Phase 2 Configuration For Translated Subnets?
I have two networks with the 10.0.0.0/8 subnet I'm trying to connect via IPSec tunnels. I have the phase 1 configurations working but am a bit stuck on the phase 2 configurations. Each firewall used ...
- 314
4
votes
2
answers
12k
views
How can I route only a particular subnet to the StrongSwan VPN but not my whole traffic on linux?
I have no particular competences on networking, so I'll do my best to explain my needs.
On my Linux laptop I'm running StrongSwan (with NetworkManager) to connect to a particular VPN with IPsec. This ...
- 53
0
votes
1
answer
834
views
Can any IPSec client connect to any IPSec server?
I have been pondering setting up my own VPS with a VPN server running. Most often, OpenVPN is thrown around when users talk about setting up a VPN on Linux, but this tech seems to live a bit on the ...
- 1,369
0
votes
1
answer
10k
views
IPsec on pfSense: Tunnel is up, but I can't connect to remote host
I have a strange problem with my IPsec VPN:
I have 2 matched [hardware and software - 2.4.4 release p3] pfSense boxes at different locations.
Each pfSense is a Firewall + DHCP server + Gateway for the ...
0
votes
0
answers
1k
views
VPN l2tp over IPSec: ppp - No auth is possible. Ubuntu 18.04 LTS
I setup IPSec over VPN using this tutorial https://20notes.net/linux/setup-l2tp-over-ipsec-client-on-ubuntu-18-04-using-gnome
It is working using NetworkManager.
However NetworkManager allow only one ...
0
votes
0
answers
2k
views
Strongswan ipsec site-site configuration
I'm configuring site-to-site ipsec tunnel using strongswan, but i don`t know how is ipsec tunnel opened on remote side (definitely without using strongswan)
When i try to connect - i get no response
...
- 1
1
vote
0
answers
109
views
IPSEC connection between SIP Client and PCSCF. ESP header does not appear. IPsec does not apply to the header
I wanted to create SIPP script to create scenario to establish IPSEC connection between UE and PCSCF using below;
For example:-
setkey -c << EOF
spdadd $pcscf/32[$port_pc] $ue/32[$port_us] tcp ...
- 11
4
votes
1
answer
3k
views
L2TP/IPSec On Mac Failed to connect
I am connecting to a VPN Server set up following instructions in https://github.com/hwdsl2/setup-ipsec-vpn
And I setup the clients following https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/...
- 141
0
votes
1
answer
1k
views
RTNETLINK answers: Operation not supported for ip xfrm command on debian os
I am trying to configure ipsec through ip xfrm commands in debian image. I am facing operation not supported error. Kindly help me on where am going wrong.
Logs:
NE145:2-10*:/tmp # ip xfrm policy ...
0
votes
0
answers
483
views
Connect to my server from outside my network securely
I have a LAN with computers connected to server, what I need to do is connecting PC to this server securely from another location.
My network structure is described in the image attached and needs ...
- 11
0
votes
0
answers
177
views
IPSec VPN between DO Droplet and other (trusted) provider
I have a requirement to set up IPsec VPN between my company's droplet and a network owned by partner company that uses another provider.
Tooling:
Debian (my droplet) with IP e.g 169.22.231.13 and ...
- 1
0
votes
2
answers
5k
views
Openconnect with IPsec protocol
I need to force openconnect to use IPsec protocol as first option. As long as I know, openconnect first try SSL connection (correct me if I am wrong). Problem is, that our company ASA deny my ...
0
votes
1
answer
342
views
Docker: host grabs ICMP packets (Strongswan IPsec)
These machines are Docker containers with strongswan installed running IPsec tunnels.
routeur1 and routeur2 have a site-to-site IPsec tunnel, while pc-nomad have a IPsec tunnel with routeur1. ...
- 3
0
votes
1
answer
1k
views
Can't connect to IPsec/L2TP on OpenSUSE Tumbleweed
I want to access VPN network from my laptop, which runs OpenSUSE Tumbleweed. The problem is that I can't connect with neither NetworkManager, neither configuring anything manually.
Logs provided:
● ...
user704063
5
votes
2
answers
27k
views
Connect FortiClient IPsec VPN via Ubuntu 18.04 KDE
I have just installed FortiClient 6.0.0.0029 in Ubuntu 18.04 - KDE.
I'm not shure, but looks like Linux's FortiClient has only SSL connection but not IPsec (which I need)...
Works ok in Windows 10, ...
- 153
0
votes
1
answer
331
views
internet sharing over ipsec
I try to connect my Windows 7 workstation to the Internet over ipsec tunnel.
I have:
192.168.88.251 - win7 workstation
192.168.88.1 - my mikrotik router
VPN_IPSEC - my vpn with ipsec ...
1
vote
0
answers
3k
views
Strongswan, how to configure ipsec site-to-site using psk?
I'm setting up ipsec site-to-site VPN connection (with pre-shared key auth method). However I'm unsure of the correct values to put in ipsec.conf.
vpn server ip - xx.45.40.46
encryption algorithm - ...
- 11
1
vote
0
answers
1k
views
Getting Timeout when connecting to StrongSwan IPSec
I've tried to set up a Root Server in the public Internet with StrongSwan to use it as a VPN Server. Plan is to tunnel all Internet Traffic for some devices via this server. I've also set up an ...
- 11
1
vote
0
answers
1k
views
Can't SSH into machine with ipsec VPN
I have an ubuntu virtual machine with bridged adapter which I've configured to use an ipsec VPN. I can SSH into the machine just fine, but when I turn on the VPN, I can't. The VPN tunnel also makes ...
- 262
0
votes
0
answers
288
views
IPSec VPN Routed LANs
Recently I changed from a home-run OpenVPN to a home-run Cisco (XAuth) IPSec VPN for more compatibility. However, I haven't found documentation on "pushing" routes from the IPSec server to clients. In ...
- 53
0
votes
1
answer
2k
views
Required ICMP types for IPSec tunnel?
I have IPSec tunnel set up between 2 routers. It used to work fine, however recently I hardened policy in IDS and I started getting alerts about ICMP type 11 code 1 being sent from one router to ...
- 820
0
votes
1
answer
1k
views
Connection through VPN and another subnet
I'm a Java Developer and for a few weeks I'll be in charge of the network as well. A client of ours wants a VPN connection to his network which I already mounted (Using a TP-link router to stablish ...
- 1
0
votes
1
answer
4k
views
Using openswan on raspian get "We cannot identify ourselves with either end of this network"
I just spent several hours fighting with Raspberry Pi 3 to get it to connect to my VPN at work. I got OpenSwan installed and (apparently) configured, and also xl2ptd. After starting the services and ...
- 191
0
votes
1
answer
7k
views
PFSense IPSec connection established, wan works, lan not
I want to setup a vpn service on top of my PFSense box at home. PFSense is configured and working fine for my home network.
The problem is, that i can only access wan addresses over the vpn tunnel ...
0
votes
1
answer
2k
views
How do I configure ipsec and xl2tpd to not use compression when connecting to VPN?
I have two config files:
./etc/ppp/options.xl2tpd.myvpn_name
./etc/ipsec.d/myvpn_name.conf
and somewhere in one of them I need to say "no compression" because I error I get is:
Unsupported protocol ...
- 651
0
votes
1
answer
486
views
How to safely open ports on home networks for testing purposes
I am trying to simulate a client/server scenario on my home network. To setup the socket connections, i require unused ports. For safety reasons these ports are closed.
What criteria should be ...
- 103
24
votes
1
answer
35k
views
Does the traffic go through my company network when I browse when connected through SSL-VPN
I work for a company which is not in my country. The enterprise intranet is in a different country. We do not have many employees in my country - so everyone works from home. When we need intranet ...
- 583
0
votes
1
answer
575
views
Strongswan IPSec to Amazon VPC going down randomly
I got established connection between Amazon VPC and my site using strongswan.
I followed documentation from Amazon. Tunnel can be established and is running but is going down randomly if I can say.
...
- 101
1
vote
1
answer
63
views
Linux box as network gateway changes source address
I have a Ubuntu Server box(A) with an IPSec tunnel to another datacenter(AWS, through a VPC VPN). The tunnel is fine and I can ping the other side of the tunnel.
The problem is when I try to ...
- 111
2
votes
2
answers
2k
views
IPSec tunneling mode vs transport mode vs transport+L2TP
According to many docs, transport mode should be used in host-to-host IPSec, while tunneling is used to connect gateways and L2TP is used for remote access.
But nothing prevents me from using ...
- 1,533