All Questions
19
questions
2
votes
1
answer
202
views
How are `vti` and `xfrm` iproute2 interfaces supposed to be configured and used with xfrm states and policies?
XFRM states and policies enable configuring IPsec encryption without a virtual interface. The vti and xfrm interface types, however, I think make it possible to route traffic through a virtual ...
- 49
0
votes
0
answers
24
views
Occasional and Momentary Site-to-Site VPN Tunnel Failures
I just started managing a number of locations that have site-to-site VPN connections. Part of what I've been doing is going through the Sophos firewalls examining alerts, findings and incidents. While ...
- 41
0
votes
1
answer
675
views
Strongswan ipsec tunneling between two VMs
I am very new to VPN and IPsec tunneling. I have two VMs between them I need to establish IPsec tunnel by using pre-defined PSK key or provided certificate .pem.
I have installed strongswan-5.9.6-1....
- 103
1
vote
1
answer
5k
views
Define PFS Group in Strongswan IKEv2/IPsec Phase 2 Settings
I am trying to setup a VPN connection on Ubuntu 20.04 using Strongswan. One of the requirements for the tunnel is to use PFS group 20.
Is the PFS group 20 being set when we have the following line in ...
- 153
1
vote
0
answers
65
views
IPSec Phase 2 Configuration For Translated Subnets?
I have two networks with the 10.0.0.0/8 subnet I'm trying to connect via IPSec tunnels. I have the phase 1 configurations working but am a bit stuck on the phase 2 configurations. Each firewall used ...
- 314
0
votes
1
answer
3k
views
How can I create an IPsec tunnel between a FritzBox and a pfsense, without using Aggressive Mode?
I've successfully created an IPSEC Tunnel between my local FritzBox 7590 and my office, which is running a pfsense hardware firewall (APU2) with pfsense 2.4.5-RELEASE-p1 and coreboot firmware v4.11.0....
- 151
1
vote
0
answers
3k
views
How to setup IPSec VPN between PFSense and Edgerouter X
We have 2 routers/firewalls, 1x pfSense and 1x UBNT Edgerouter X. I tried to setup an IPsec site-to-site connection between these 2 but i cannot get it done. I followed multiple "tutorials"/...
- 133
0
votes
0
answers
2k
views
Strongswan ipsec site-site configuration
I'm configuring site-to-site ipsec tunnel using strongswan, but i don`t know how is ipsec tunnel opened on remote side (definitely without using strongswan)
When i try to connect - i get no response
...
- 1
0
votes
0
answers
30
views
IPSec Tunnel in a tunnel? A soon to be travelling remote worker
Ok. I generally work remotely, which is nice. I soon plan to do some overseas travelling, and I would prefer to hide my real srcIP if possible (potential audits/geo-restrictions, etc.).
I'm ...
0
votes
0
answers
177
views
IPSec VPN between DO Droplet and other (trusted) provider
I have a requirement to set up IPsec VPN between my company's droplet and a network owned by partner company that uses another provider.
Tooling:
Debian (my droplet) with IP e.g 169.22.231.13 and ...
- 1
0
votes
1
answer
613
views
Site to site VPN tunnel to external company
I would like to set up an IPSec site-to-site tunnel between my company and an external company. (The external company does not support a dial-in mechanism, so I have to use a site-to-site VPN...)
I ...
- 461
0
votes
0
answers
278
views
VPN, NAT - an out of the box solution
I am looking for an out of the box VPN solution for homeuser build with cheap hardware. The szenario is as easy as everywhere:
Office:
Server (private IPv4 LAN 192.168.10.x) <->
router and ...
- 103
2
votes
2
answers
2k
views
IPSec tunneling mode vs transport mode vs transport+L2TP
According to many docs, transport mode should be used in host-to-host IPSec, while tunneling is used to connect gateways and L2TP is used for remote access.
But nothing prevents me from using ...
- 1,533
3
votes
2
answers
9k
views
IPSec with or without L2TP?
I'm referring to this question. And to be clear: This is really not about the old PPTP vs L2TP debate. ;-)
I successfully set up racoon as an IKE server without any L2TP implementation running and it ...
- 43
-1
votes
1
answer
1k
views
Is my VPN tunnel connected? Is my traffic going via the VPN tunnel? How do i verify this?
From RHEL i have to connect VPN server and reach that target PC1. Till now it was possible to make the VPN interconnect but 10.0.0.108 cant ping 10.109.0.200.
Variables:
ME WAN IP: 8.8.8.8 (Amazon ...
- 1,685
0
votes
1
answer
2k
views
How to set up NAT in windows server 2008 r2 for IPSec tunnel use
I am having troubles setting up the whole IPSec tunnel thing.
What i have:
1. Router that only has a VPN/IPsec passthrough functionality (IP 192.168.0.1)
2. Windows Server 2008 R2 which has group ...
- 158
1
vote
0
answers
74
views
IP header "Option field"
Is it true that the GRE (Cisco tunnel) header is placed in the IP header "option field" ?
Are the IPSec headers (ESP or AH) installed in the "option field" too ?
- 11
2
votes
3
answers
1k
views
IPv6 and IPSec - why do I need an external daemon?
I read that IPSec is mandatory for IPv6 implementations. Does this mean that it should be handled by the OS and that IPSec configuration should be mandatory for IPv6 to work? If so, why is this not ...
- 414
1
vote
1
answer
2k
views
Private IP address over IPSEC tunnel
I have two dedicated servers that I have configured to require AH and ESP between their (public) IP addresses and using racoon I've set up isakmp. The IPsec tunnel between them is working well - I ...
- 121