Questions tagged [ipsec]
IPSec is a method to provide internet security over the layer 3 of the OSI model.
121
questions with no upvoted or accepted answers
6
votes
0
answers
882
views
Forward IPsec tunnel from IPv4 endpoint to IPv6 endpoint
I have a new ISP and only have a Dual Stack - lite connection now. That means I can't access my router via IPv4 anymore, since the external IPv4 address is private. I have native IPv6 connectivity.
...
- 161
5
votes
0
answers
6k
views
How do I configure DD-WRT to forward IPSec traffic to an internal server to support a road warrior configuration?
I use dd-wrt as my home router setup and that's been working fine. Now I wanted to figure out a way to be able to use my iPad to set up a IPSec tunnel to my home network while I'm on the road.
PPTP ...
- 193
4
votes
1
answer
3k
views
L2TP/IPSec On Mac Failed to connect
I am connecting to a VPN Server set up following instructions in https://github.com/hwdsl2/setup-ipsec-vpn
And I setup the clients following https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/...
- 141
4
votes
0
answers
29k
views
Can someone help me understand ALG and VPN settings on my router?
I'm looking at the settings in my TP-LINK WDR4300 router and noticed settings for VPN passthrough and ALG. Every single option is enabled but I am hoping someone can help me understand these settings ...
mocky90
3
votes
0
answers
769
views
How to selectively route traffic for Cisco IPSec on macOS Mojave?
I am working from home and have to be connected to our Cisco VPN to access certain websites, such as self-hosted GitHub.
Is there away to configure the VPN to only be used for self-hosted GitHub and ...
- 131
3
votes
0
answers
1k
views
How can I set an IPsec ID using the Windows 8 built-in VPN client?
I'm trying to connect to a VPN using the built in Windows 8 VPN client. The VPN uses L2TP/IPsec and a pre-shared key. I can see it's connecting to the VPN but not making it through authentication. I ...
- 12.8k
3
votes
0
answers
2k
views
Shrew Soft VPN Client - Negotiation timout
I am having an issue running Shrew Soft VPN Client on Windows 7 Pro x64.
While trying to resolve this issue I have disabled miniport adapters like a lot of websites say to do however this hasn't ...
- 193
2
votes
0
answers
2k
views
Troubleshooting VPN connection with Wireshark by decrypting IPSec packets
I'm having troubling establishing a VPN connection to a specific network and I'm not the only one having issues. As per their instructions, I'm using the standard VPN client built in windows with pre-...
2
votes
0
answers
891
views
xl2tpd-control command not working
I have an cisco vpn server which which i am trying to connect an endpoint through VPN(IPsec/L2TP). I have strongswan, xl2tpd and pppd running on my machine. IPsec conection is established successfully ...
2
votes
1
answer
436
views
How can I automatically connect to a VPN if I connect to a specific Wi-Fi network on Windows 10?
I have set up an IKEv2 VPN connection with Windows 10. How can I automatically connect to this VPN if my laptop connects to a specific Wi-Fi network?
- 21
2
votes
0
answers
2k
views
Issue with setting up IPSec VPN in host-to-network mode
I have set up IPSec VPN using OpenSwan on CentOS 6.5. But not able to get the tunnel up and running. When site B tries to ping my VPS (site A), they get following error:
Feb 26 11:33:59 [IKEv1 DEBUG]...
- 21
2
votes
0
answers
966
views
Cisco RV180 ipsec vpn to mac os x 10.8.2 default client Configuration
I would like to configure an IPSec VPN tunnel between my RV180 (server, last firmware) and my Mac OSX 10.8.2 laptop.
I have little knowledge about VPN, and a bit more about network in general. I have ...
- 121
2
votes
1
answer
2k
views
Is it possible to set up IPSec on a linux virtual machine host to connect to an Azure virtual network
We run some virtual machines in an onsite Ubuntu based server with guests being a mixture of Windows Server and Ubuntu. We're also setting up some Windows Azure virtual machines and ideally would like ...
- 53
1
vote
0
answers
36
views
Routing specific subnet through a local peer
I have two (almost identical) Ubuntu machines with the local IP of 10.0.0.10 and 10.0.0.20, let's call them TEN and TWENTY respectively. Both have the default gateway of 10.0.0.1.
On TEN I have a site-...
- 11
1
vote
0
answers
27
views
Using remore office local internet
I bought two routers (DrayTek Vigor 2866ax) to connect offices in different countries. The problem we have is we need to use internet of other country to connect to our bank accounts and local ...
- 11
1
vote
0
answers
289
views
Configuring IPsec idle timeout on Windows
I am experimenting with built-in Windows IPsec functionality (advfirewall Connection Security Rules method) against an embedded Strongswan server. I have observed the following behavior:
Phase 2 (...
- 336
1
vote
0
answers
38
views
Trying to find out the best possible network setup to allow IPSec tunneling between networks through Cisco router and DreyTek network device
I'm trying to find out the best possible network setup for my test SOHO network.
My goal is to create a create IPSec tunnel between my network (192.168.68.0/24) and a remote network. The main reason I ...
1
vote
0
answers
388
views
StrongSwan 5.9.1 (Debian Bullseye): Traffic from IPsec tunnel gets forwarded via Ethernet, but not via bridge
The following problem:
I have a server that is, in addition to other tasks not relevant for the problem at hand, supposed to act as an IPsec gateway.
When I'm using the Ethernet interface pointing to ...
- 265
1
vote
1
answer
1k
views
Strongswan VPN certificate authentication failed
I've installed strongswan vpn on my ubuntu server. Set up certificate authentication. I've set up my android-phone and it works fine. But connection didn't established on the windows machine. I copied ...
- 11
1
vote
0
answers
2k
views
iptables to nftables for iKEv2 IPSEC VPN server
Can someone please help in converting the below iptable rules to equivalent nftables rules?
I have already tried to use iptables-translate, but it is not translating all of my rules...
# accept ports ...
- 111
1
vote
0
answers
117
views
firewalld: Block non-ESP packets on interface in GNU/Linux similar to OpenBSD
I am trying to "enforce" IPSec (StrongSwan) traffic on openSUSE.
On OpenBSD, with the IKE daemon iked and the packet filter pf, I employ a ruleset like the following, to ensure only ...
- 26
1
vote
0
answers
163
views
IPsec and private IP
I'm creating an IPsec / L2TP network and I want to have one server and multiple clients.
On each client, the only way I got IPsec to work properly was to set the IP of the interface that will host the ...
- 33
1
vote
1
answer
1k
views
macos ipsec vpn not using proper dns servers
I've read several articles on DNS resolution over IPSEC using the native VPN client for macos but I can't seem to resolve the issue.
The ISPEC server is pfSense. I have added the proper DNS servers ...
- 11
1
vote
0
answers
65
views
IPSec Phase 2 Configuration For Translated Subnets?
I have two networks with the 10.0.0.0/8 subnet I'm trying to connect via IPSec tunnels. I have the phase 1 configurations working but am a bit stuck on the phase 2 configurations. Each firewall used ...
- 314
1
vote
1
answer
5k
views
Use Own VPN Server on Google Chrome Browser
I'm looking a way to connect Internet through my VPN server while browsing from Google Chrome Browser. I though best way is use an extension but I couldn't find any extension that let me enter my own ...
- 623
1
vote
0
answers
3k
views
How to setup IPSec VPN between PFSense and Edgerouter X
We have 2 routers/firewalls, 1x pfSense and 1x UBNT Edgerouter X. I tried to setup an IPsec site-to-site connection between these 2 but i cannot get it done. I followed multiple "tutorials"/...
- 133
1
vote
0
answers
131
views
How to configure pfsense to use VPN as gateway for OPT port only?
Currently I have set up my PfSense SG-1100 to function as a site to site VPN. I have an unused OPT port on my router and I want to attach that to a switch and have it function as the gateway to the ...
- 11
1
vote
0
answers
240
views
Linux ShrewSoft client connects but doesn't pass any traffic
A customer recently changed their VPN server and now recommends ShrewSoft as the appropriate client.
On Windows, the provided config works. On Linux, it also appears to connect and sets up a tap0 ...
- 231
1
vote
0
answers
109
views
IPSEC connection between SIP Client and PCSCF. ESP header does not appear. IPsec does not apply to the header
I wanted to create SIPP script to create scenario to establish IPSEC connection between UE and PCSCF using below;
For example:-
setkey -c << EOF
spdadd $pcscf/32[$port_pc] $ue/32[$port_us] tcp ...
- 11
1
vote
0
answers
35
views
Is it possible to skip main mode for IPSec communication on Windows?
On Linux, after registered several SAs (Security Associations) between a pair of Linux host, I can create communication between those two Linux hosts, i.e, communicate with ESP packets.
But on ...
- 111
1
vote
1
answer
3k
views
L2TP / IPSec couldn't look up L2TP VPN gateway IP address (CentOS 7)
I'm trying to connect to VPN from CentOS 7. I have network-manager-l2tp installed (1.2.10). The output I'm getting:
Mar 18 23:46:43 localhost NetworkManager[4790]: <info> [1552949203.6892] vpn-...
- 11
1
vote
0
answers
2k
views
Configure a Linux client for a Windows VPN
I am trying to connect from my personal Arch Linux laptop to my office's windows server VPN.
I have followed the instructions of the Arch wiki but I cannot get the IPSec tunnel to connect.
The ...
- 238
1
vote
0
answers
3k
views
Strongswan, how to configure ipsec site-to-site using psk?
I'm setting up ipsec site-to-site VPN connection (with pre-shared key auth method). However I'm unsure of the correct values to put in ipsec.conf.
vpn server ip - xx.45.40.46
encryption algorithm - ...
- 11
1
vote
0
answers
1k
views
Getting Timeout when connecting to StrongSwan IPSec
I've tried to set up a Root Server in the public Internet with StrongSwan to use it as a VPN Server. Plan is to tunnel all Internet Traffic for some devices via this server. I've also set up an ...
- 11
1
vote
0
answers
555
views
Strongswan ikev2: https stops working on client when connected to vpn server
I have set up strongswan 5.3.3-1 on OpenWRT 15.05 based router.
Followed this tutorial
The certificate for Server side authentication is issued by Let's Encrypt - I use it for my synology box and it ...
- 2,157
1
vote
0
answers
1k
views
Can't SSH into machine with ipsec VPN
I have an ubuntu virtual machine with bridged adapter which I've configured to use an ipsec VPN. I can SSH into the machine just fine, but when I turn on the VPN, I can't. The VPN tunnel also makes ...
- 262
1
vote
1
answer
101
views
IPSec doesn't hide IAX2 informations
I am trying to setup a secure truncked IAX2 connexion with IPSec between routers:
But when I make sniffing attack with wireshark, all call's informations are showen !
IPsec is well configured and ...
- 11
1
vote
0
answers
557
views
Racoon IPsec-SA expired: ESP/Tunnel
Hello my vpn link vpn does not connect anymore and gives me the following logs thank you to help me please:
Jun 19 08:06:25 FwME racoon: INFO: IPsec-SA established: ESP/Tunnel 89.30.97.2[500]->57....
- 23
1
vote
2
answers
7k
views
Have Site-To-Site (IPSEC) connected but cannot ping anything other than router
Just setup a new Azure subscription, and i'm stumped trying to troubleshoot why I can't ping any local VMWare machines from a Azure VM. After successfully setting up an IPSec Site-To-Site VPN.
I am ...
1
vote
0
answers
4k
views
Connect to L2TP/IPsec (username/password/PSK) on cmd.exe
How may I connect to VPN using the username, password and PSK combo in the command line? Google has been of no help; any guidance will be most welcome.
I want a command to the effect of vpnclient /...
- 316
1
vote
1
answer
63
views
Linux box as network gateway changes source address
I have a Ubuntu Server box(A) with an IPSec tunnel to another datacenter(AWS, through a VPC VPN). The tunnel is fine and I can ping the other side of the tunnel.
The problem is when I try to ...
- 111
1
vote
0
answers
337
views
Zywall IPSEC config for remote shares using ipsecuritas
I have a Zywall USG 20 using IPsec. It works and connects fine however I can only access the zywall its self. Traffic does not route to other computers on the subnet. In my case I need to access linux ...
- 153
1
vote
0
answers
5k
views
Route all traffic through IPSEC tunnel
I'm using Strongswan on CentOS as IPSEC VPN server. Is possible to tell client (win7) to route all traffic through tunnel interface after tunnel is up?
Here is my ipsec.conf
config setup
conn %...
- 191
1
vote
0
answers
761
views
IPSec Policy Is Blocking 127.0.0.1
I created an IPSec policy on Windows 8.1, it's purpose was to allow only traffic that goes via the VPN, everything else should be blocked (except LAN and 127.0.0.1). LAN is working fine, but 127.0.0.1 ...
- 212
1
vote
1
answer
5k
views
Strongswan IPSEC VPN for Windows 7 road warrior config
Following the Strongswan wiki link for configuring Strongswan for Windows 7 clients:
http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig
I used the sample files as-is with no ...
1
vote
3
answers
8k
views
IPsec VPN connection drops automatically every 47 mins
I'm using Cisco Systems VPN Client Version 5.0.07.0440 on Windows 7 Ultimate 64-bit to connect to a VPN server through IPSec/UDP.
The problem is each time when it connects, I always get warnings in ...
- 83
1
vote
0
answers
199
views
Netgear NAT over LAN TO LAN
I have the following question:
I need to connect through a vpn IPsec lan 2 lan tunnel with a partner but they want that I connect through a specific ip subnet which is not mine. Here's the situation:
...
- 107
1
vote
0
answers
283
views
M0n0wall IPsec tunnel fails after switch to PPPoE
I have had a M0n0wall site-to-site IPsec VPN working for several months on a static IP via an ADSL router.
We've just switched to a fibre (FTTC) connection, and M0n0wall has now been configured to ...
- 111
1
vote
1
answer
3k
views
Cisco ASA5505 site-to-site VPN doesn't establish tunnel to remote peer
The remote peer can start the tunnel successfully when accessing my local network like pinging a local host, however, the tunnel cannot be automatically started from the local side.
The log shows no ...
- 151
1
vote
0
answers
74
views
IP header "Option field"
Is it true that the GRE (Cisco tunnel) header is placed in the IP header "option field" ?
Are the IPSec headers (ESP or AH) installed in the "option field" too ?
- 11