Questions tagged [ipsec]
IPSec is a method to provide internet security over the layer 3 of the OSI model.
215
questions
1
vote
0
answers
65
views
IPSec Phase 2 Configuration For Translated Subnets?
I have two networks with the 10.0.0.0/8 subnet I'm trying to connect via IPSec tunnels. I have the phase 1 configurations working but am a bit stuck on the phase 2 configurations. Each firewall used ...
- 314
1
vote
1
answer
5k
views
Use Own VPN Server on Google Chrome Browser
I'm looking a way to connect Internet through my VPN server while browsing from Google Chrome Browser. I though best way is use an extension but I couldn't find any extension that let me enter my own ...
- 623
0
votes
1
answer
3k
views
How can I create an IPsec tunnel between a FritzBox and a pfsense, without using Aggressive Mode?
I've successfully created an IPSEC Tunnel between my local FritzBox 7590 and my office, which is running a pfsense hardware firewall (APU2) with pfsense 2.4.5-RELEASE-p1 and coreboot firmware v4.11.0....
- 151
0
votes
1
answer
4k
views
IPSec nftables strongswan
How to configure nftables to allow inbound only ipsec traffic and process rules after decryption. I have nftable.conf:
#!/sbin/nft -f
flush ruleset
# ----- IPv4 -----
table ip filter {
chain ...
- 15
0
votes
1
answer
699
views
VPN redirect user to specific IP and port
Hope you can point me in the right direction. I have this idea but need some advice and suggestions where to look at and how to do it (if it's possible)
I want my family members to connect to a VPN (...
- 5
1
vote
0
answers
3k
views
How to setup IPSec VPN between PFSense and Edgerouter X
We have 2 routers/firewalls, 1x pfSense and 1x UBNT Edgerouter X. I tried to setup an IPsec site-to-site connection between these 2 but i cannot get it done. I followed multiple "tutorials"/...
- 133
1
vote
0
answers
131
views
How to configure pfsense to use VPN as gateway for OPT port only?
Currently I have set up my PfSense SG-1100 to function as a site to site VPN. I have an unused OPT port on my router and I want to attach that to a switch and have it function as the gateway to the ...
- 11
0
votes
0
answers
216
views
How to verify lets encrypt certs with server? - OSCP error linux Strongswan
Goal
I am attempting to build an IKEv2 VPN using the strongswan IPSEC implementation with Let's Encrypt certificates and RSA authentication. I successfully built it in the legacy ipsec.conf format, ...
- 1
2
votes
0
answers
2k
views
Troubleshooting VPN connection with Wireshark by decrypting IPSec packets
I'm having troubling establishing a VPN connection to a specific network and I'm not the only one having issues. As per their instructions, I'm using the standard VPN client built in windows with pre-...
0
votes
1
answer
177
views
Can multiple subnets reach each other connecting to a central IPsec VPN?
Say you have three networks, networks A, B, and C.
-A is an ipsec VPN server
-B is connected to A through ipsec
-C is connected to A through ipsec
Can network B access network C?
4
votes
2
answers
12k
views
How can I route only a particular subnet to the StrongSwan VPN but not my whole traffic on linux?
I have no particular competences on networking, so I'll do my best to explain my needs.
On my Linux laptop I'm running StrongSwan (with NetworkManager) to connect to a particular VPN with IPsec. This ...
- 53
0
votes
1
answer
834
views
Can any IPSec client connect to any IPSec server?
I have been pondering setting up my own VPS with a VPN server running. Most often, OpenVPN is thrown around when users talk about setting up a VPN on Linux, but this tech seems to live a bit on the ...
- 1,369
0
votes
0
answers
767
views
Strongswan IPsec configuration ( Linux - Cisco)
I'm configuring site-to-site ipsec tunnel. The error that I am getting shows that Quick Mode proposal (ESP) doesn't match
Jan 27 09:23:42 raspberrypi charon: 10[ENC] generating QUICK_MODE request ...
0
votes
0
answers
464
views
Troubleshooting L2TP/IPSec on Windows Server 2019 with PowerShell
The problem which I've got is that a Windows Server 2019 VM hosted in the cloud crashes exactly after it shows that a L2TP/IPSec connection is successfully established.
According to the VPN server (...
- 471
0
votes
1
answer
10k
views
IPsec on pfSense: Tunnel is up, but I can't connect to remote host
I have a strange problem with my IPsec VPN:
I have 2 matched [hardware and software - 2.4.4 release p3] pfSense boxes at different locations.
Each pfSense is a Firewall + DHCP server + Gateway for the ...
0
votes
0
answers
1k
views
VPN l2tp over IPSec: ppp - No auth is possible. Ubuntu 18.04 LTS
I setup IPSec over VPN using this tutorial https://20notes.net/linux/setup-l2tp-over-ipsec-client-on-ubuntu-18-04-using-gnome
It is working using NetworkManager.
However NetworkManager allow only one ...
1
vote
0
answers
240
views
Linux ShrewSoft client connects but doesn't pass any traffic
A customer recently changed their VPN server and now recommends ShrewSoft as the appropriate client.
On Windows, the provided config works. On Linux, it also appears to connect and sets up a tap0 ...
- 231
0
votes
0
answers
116
views
Some VPN traffic blocked to secure endpoints
I have a VPN server (strongswan) used for testing that I connect to via IKEv2 on a variety of systems (here, I tried Windows, Ubuntu, & Android), normally without issues. This morning, I was on a ...
user1085183
0
votes
0
answers
2k
views
Strongswan ipsec site-site configuration
I'm configuring site-to-site ipsec tunnel using strongswan, but i don`t know how is ipsec tunnel opened on remote side (definitely without using strongswan)
When i try to connect - i get no response
...
- 1
1
vote
0
answers
109
views
IPSEC connection between SIP Client and PCSCF. ESP header does not appear. IPsec does not apply to the header
I wanted to create SIPP script to create scenario to establish IPSEC connection between UE and PCSCF using below;
For example:-
setkey -c << EOF
spdadd $pcscf/32[$port_pc] $ue/32[$port_us] tcp ...
- 11
0
votes
0
answers
30
views
IPSec Tunnel in a tunnel? A soon to be travelling remote worker
Ok. I generally work remotely, which is nice. I soon plan to do some overseas travelling, and I would prefer to hide my real srcIP if possible (potential audits/geo-restrictions, etc.).
I'm ...
4
votes
1
answer
3k
views
L2TP/IPSec On Mac Failed to connect
I am connecting to a VPN Server set up following instructions in https://github.com/hwdsl2/setup-ipsec-vpn
And I setup the clients following https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/...
- 141
0
votes
1
answer
1k
views
RTNETLINK answers: Operation not supported for ip xfrm command on debian os
I am trying to configure ipsec through ip xfrm commands in debian image. I am facing operation not supported error. Kindly help me on where am going wrong.
Logs:
NE145:2-10*:/tmp # ip xfrm policy ...
0
votes
0
answers
483
views
Connect to my server from outside my network securely
I have a LAN with computers connected to server, what I need to do is connecting PC to this server securely from another location.
My network structure is described in the image attached and needs ...
- 11
1
vote
0
answers
35
views
Is it possible to skip main mode for IPSec communication on Windows?
On Linux, after registered several SAs (Security Associations) between a pair of Linux host, I can create communication between those two Linux hosts, i.e, communicate with ESP packets.
But on ...
- 111
0
votes
0
answers
608
views
IPv6 Strongswan IPSec + NAT
I have a VPS with an IPv4 (/32) and an IPv6 (/128).
I've set up Strongswan and my IPv4 IPSec server works just fine - I'm using it all the time.
I'm trying to get it to work with IPv6 and so far it'...
- 237
0
votes
2
answers
541
views
Edit Windows Defender Firewall defaults IPSEC settings through CLI
I am looking for a commandlet to modify the defaults IPSEC settings of the Windows Defender Firewall through CLI. Specifically the defaults authentication settings.
Here is a screenshot of the GUI ...
- 11
0
votes
1
answer
127
views
SQL Server encapsulating packets into IPsec?
I found this with Wireshark while troubleshooting a SQL Server AlwaysOn cluster for that damned ASYNC_NETWORK_IO problem: a few packets originating from SQL Server's data port (manually configured as ...
- 179
1
vote
1
answer
3k
views
L2TP / IPSec couldn't look up L2TP VPN gateway IP address (CentOS 7)
I'm trying to connect to VPN from CentOS 7. I have network-manager-l2tp installed (1.2.10). The output I'm getting:
Mar 18 23:46:43 localhost NetworkManager[4790]: <info> [1552949203.6892] vpn-...
- 11
0
votes
1
answer
2k
views
Strongswan IPsec configuration
I'm configuring site-to-site ipsec tunnel, being given very few details about the remote host.
On my server I'm using strongswan with the following ipsec.conf:
conn %default
ikelifetime=60m
...
- 21
2
votes
1
answer
1k
views
How to enable Perfect forward secrecy in WIndows IPsec client?
Windows IPsec has options to configure several parameters i.e. authentication , encryption algorithm etc. but there doesn't seem to be any option to configure PFS(Perfect forward secrecy).
- 23
0
votes
1
answer
3k
views
IKEV2 tunnel not getting created
Getting bellow error message while trying to ping.
Feb 12 17:51:11.383 IST: IKEv2-INTERNAL:Processing an item off the pak
queue
Feb 12 17:51:11.384 IST: IKEv2-INTERNAL:Couldn't find matching ...
1
vote
1
answer
428
views
Is there any way in which i can configure Windows IPSEC policy to use just AH mode and not ESP
I have done windows machine authentication with Linux running free swan server. With default configuration i could see ping encrypted with ESP. But i want to test it with AH also. Is there any way in ...
0
votes
0
answers
177
views
IPSec VPN between DO Droplet and other (trusted) provider
I have a requirement to set up IPsec VPN between my company's droplet and a network owned by partner company that uses another provider.
Tooling:
Debian (my droplet) with IP e.g 169.22.231.13 and ...
- 1
0
votes
2
answers
551
views
whitelist 127.0.0.1 on IPSEC Windows
How do we whitelist the localhost 0r 127.0.0.1 on IPSec?
Currently I have two policy.
1. Block All IPs.
2. Permit some IP.
Rule number 1 has blocked localhost IP also.
- 101
0
votes
2
answers
5k
views
Openconnect with IPsec protocol
I need to force openconnect to use IPsec protocol as first option. As long as I know, openconnect first try SSL connection (correct me if I am wrong). Problem is, that our company ASA deny my ...
0
votes
0
answers
322
views
How to know and fix fails or errors in randomly down ipsec tunnel connection?
I have a server connected by VPN site to site with strongswan (first time with VPN), when I start the connection (sudo ipsec up my-conn) all work good but in some point the server lost the connection (...
- 101
3
votes
1
answer
2k
views
L2TP/IPSec using srongswan in ubuntu
I'm using strongswan on ubuntu 16.04 to connect to a thirdparty L2TP/IPSec VPN.
They provided me a profile file like this:
VPN connection IP : X.X.X.X
IPSEC Authentication : ---------------------
...
- 141
0
votes
1
answer
342
views
Docker: host grabs ICMP packets (Strongswan IPsec)
These machines are Docker containers with strongswan installed running IPsec tunnels.
routeur1 and routeur2 have a site-to-site IPsec tunnel, while pc-nomad have a IPsec tunnel with routeur1. ...
- 3
3
votes
0
answers
769
views
How to selectively route traffic for Cisco IPSec on macOS Mojave?
I am working from home and have to be connected to our Cisco VPN to access certain websites, such as self-hosted GitHub.
Is there away to configure the VPN to only be used for self-hosted GitHub and ...
- 131
0
votes
1
answer
249
views
IPSec-tools packages
Are these two packages are different things? (1 and 2)
apt-get install ipsec-tools
vs
apt-get install racoon
I thought racoon is contained inside the ipsec-tools packages.
Why need both of them?...
- 5
0
votes
1
answer
455
views
IPSec database location
Internet Protocol Security (IPSec) has two database:
Security Policy Database (SPD) and Security Association Database (SAD)
I want to know where are these database located?
Do they exist on both ...
- 5
1
vote
0
answers
2k
views
Configure a Linux client for a Windows VPN
I am trying to connect from my personal Arch Linux laptop to my office's windows server VPN.
I have followed the instructions of the Arch wiki but I cannot get the IPSec tunnel to connect.
The ...
- 238
0
votes
1
answer
314
views
IPsec Tunnel Mode - ping won't work after 15 minutes of no traffic
I have an IPsec (tunnel mode) connection which after about 15 minutes of no traffic, the ping stops working and can be resumed only if ping is initiated from the other end.
The setup is made out of ...
- 1
0
votes
1
answer
613
views
Site to site VPN tunnel to external company
I would like to set up an IPSec site-to-site tunnel between my company and an external company. (The external company does not support a dial-in mechanism, so I have to use a site-to-site VPN...)
I ...
- 461
0
votes
1
answer
1k
views
Can't connect to IPsec/L2TP on OpenSUSE Tumbleweed
I want to access VPN network from my laptop, which runs OpenSUSE Tumbleweed. The problem is that I can't connect with neither NetworkManager, neither configuring anything manually.
Logs provided:
● ...
user704063
5
votes
2
answers
27k
views
Connect FortiClient IPsec VPN via Ubuntu 18.04 KDE
I have just installed FortiClient 6.0.0.0029 in Ubuntu 18.04 - KDE.
I'm not shure, but looks like Linux's FortiClient has only SSL connection but not IPsec (which I need)...
Works ok in Windows 10, ...
- 153
0
votes
0
answers
224
views
Configure L2TP/IPSec so the user identity is passed to iptables rule
Hi I'm pretty new to this so you'll have to be very explicit.
I set up L2TP/IPSec on CentOS so that I can VPN. User identities are stored in the /etc/ppp/chap-secrets, mainly because that's how ...
- 181
4
votes
3
answers
17k
views
Can't connect to L2TP IPsec VPN from Windows 10 but it works with macOS High Sierra
I am trying to connect from a Windows 10 client to an Ubiquiti EdgeRouter VPN, I went through the instructions on https://help.ubnt.com/hc/en-us/articles/204950294-EdgeRouter-L2TP-IPsec-VPN-Server but ...
- 41
0
votes
0
answers
1k
views
IPsec IKEv2 on OpenWrt fails to establish tunnel
Following these instructions in order to configure IPSec IKEv2 VPN server on OpenWRT (15.05 Chaos Calmer)
Router: Linksys AC1900-WRT
# uname -a
Linux OpenWrt 3.18.23 #1 SMP Sun Jan 31 12:53:24 CET ...
- 2,157