Questions tagged [ipsec]
IPSec is a method to provide internet security over the layer 3 of the OSI model.
215
questions
0
votes
1
answer
331
views
internet sharing over ipsec
I try to connect my Windows 7 workstation to the Internet over ipsec tunnel.
I have:
192.168.88.251 - win7 workstation
192.168.88.1 - my mikrotik router
VPN_IPSEC - my vpn with ipsec ...
1
vote
0
answers
3k
views
Strongswan, how to configure ipsec site-to-site using psk?
I'm setting up ipsec site-to-site VPN connection (with pre-shared key auth method). However I'm unsure of the correct values to put in ipsec.conf.
vpn server ip - xx.45.40.46
encryption algorithm - ...
- 11
17
votes
3
answers
103k
views
L2TP/IPsec VPN fails to connect on Windows 10 - Works fine on iOS
I’ve configured an L2TP/ipsec server with a pre-shared key that works like a charm on my phone. I’ve tried several ways including disabling of firewall to connect on Windows 10 but it always fails. ...
- 677
1
vote
0
answers
1k
views
Getting Timeout when connecting to StrongSwan IPSec
I've tried to set up a Root Server in the public Internet with StrongSwan to use it as a VPN Server. Plan is to tunnel all Internet Traffic for some devices via this server. I've also set up an ...
- 11
0
votes
1
answer
5k
views
Force Windows IPSec/L2TP VPN to use AES in IPSec main mode
The RAS-based IPSec VPN client in Windows does not seem to respect the IPSec defaults in Windows Firewall (which hosts the IPSec driver), but insists on using 3DES encryption with SHA1 integrity for ...
- 7,109
1
vote
0
answers
555
views
Strongswan ikev2: https stops working on client when connected to vpn server
I have set up strongswan 5.3.3-1 on OpenWRT 15.05 based router.
Followed this tutorial
The certificate for Server side authentication is issued by Let's Encrypt - I use it for my synology box and it ...
- 2,157
1
vote
1
answer
364
views
Cannot create Security Association in CentOS 7.4 using Setkey
I've been asked to migrate from CentOS 6.8 to 7.4 on all of our Linux devices. I'm running into an issue with loading Security Associations into the Linux kernel. I'm using ipsec-tools' ...
- 347
1
vote
0
answers
1k
views
Can't SSH into machine with ipsec VPN
I have an ubuntu virtual machine with bridged adapter which I've configured to use an ipsec VPN. I can SSH into the machine just fine, but when I turn on the VPN, I can't. The VPN tunnel also makes ...
- 262
1
vote
1
answer
101
views
IPSec doesn't hide IAX2 informations
I am trying to setup a secure truncked IAX2 connexion with IPSec between routers:
But when I make sniffing attack with wireshark, all call's informations are showen !
IPsec is well configured and ...
- 11
0
votes
0
answers
992
views
Setup static routes with Libreswan
We are using Libreswan to connect On-Premise network to Azure and BGP to advertise routes. But Azure BGP it's eBGP with 2 hops.
The use case it's:
a. setup IPSec tunnel
b. route Azure Peer IP via ...
- 101
0
votes
0
answers
288
views
IPSec VPN Routed LANs
Recently I changed from a home-run OpenVPN to a home-run Cisco (XAuth) IPSec VPN for more compatibility. However, I haven't found documentation on "pushing" routes from the IPSec server to clients. In ...
- 53
0
votes
1
answer
618
views
Why does VPN client connect with pfs=yes when server has pfs=no?
I have a small VPN set-up. The client in question is a Raspberry Pi running strongswan and xl2tpd to run as IPsec/L2TP. I made a configuration mistake on the client where I set pfs=yes (for perfect ...
- 191
0
votes
1
answer
2k
views
strongswan roadwarrior doesn't route properly
I want to have a Linux client connect to a Linux gateway so it can access the hosts from that network (typical road warrior setup).
I have this config on the server side:
conn vpnserver-ikev2
...
- 275
0
votes
1
answer
2k
views
Required ICMP types for IPSec tunnel?
I have IPSec tunnel set up between 2 routers. It used to work fine, however recently I hardened policy in IDS and I started getting alerts about ICMP type 11 code 1 being sent from one router to ...
- 820
3
votes
1
answer
8k
views
strongSwan - no matching peer config found
I am trying to setup strongSwan to configure an iPhone to it but I am getting an error that I have trouble overcoming.
no matching peer config found
The complete debug log is as follows:
root@vpn-...
- 275
0
votes
1
answer
1k
views
Can not access internal web server over IPsec vpn
I have configured my Cisco router(which is my gateway) to handle remote access IPsec VPN connections from Android clients and I have configured my Android phone to connect to the router over the VPN ...
- 133
0
votes
0
answers
369
views
StrongSwan Roadwarrior not usable
I have a config on my lede router for a strongswan rw. The connection is up and pings are working.
But for some reason I am not able to browse anything.
[root@WOLVERINE tmp]# ipsec statusall
Status ...
- 201
1
vote
0
answers
557
views
Racoon IPsec-SA expired: ESP/Tunnel
Hello my vpn link vpn does not connect anymore and gives me the following logs thank you to help me please:
Jun 19 08:06:25 FwME racoon: INFO: IPsec-SA established: ESP/Tunnel 89.30.97.2[500]->57....
- 23
0
votes
0
answers
278
views
VPN, NAT - an out of the box solution
I am looking for an out of the box VPN solution for homeuser build with cheap hardware. The szenario is as easy as everywhere:
Office:
Server (private IPv4 LAN 192.168.10.x) <->
router and ...
- 103
0
votes
1
answer
645
views
IPSec vpn fails with encryption transform rejected on CentOS 7 Libreswan
How should I fix this error from pluto when connecting to IPSec VPN in CentOS 7? -->
May 27 22:33:22 localhost pluto[19657]: "f3a020a3-0d8d-48ff-a70a-9b9a72e9581f" #34: XAUTH: Successfully ...
- 332
0
votes
1
answer
1k
views
Connection through VPN and another subnet
I'm a Java Developer and for a few weeks I'll be in charge of the network as well. A client of ours wants a VPN connection to his network which I already mounted (Using a TP-link router to stablish ...
- 1
3
votes
1
answer
4k
views
Error 800 connecting to VPN on certain networks on Windows 10
I have an interesting issue trying to connect to a client's VPN on Windows 10 Pro.
I can connect to the client's VPN while connecting through my phone (4G) but not the office network however other ...
- 49
0
votes
1
answer
731
views
HMAC GCM failure
I am trying to configure for IPSEC GCM- this is the error I keep getting:
Error(s):
'encryption-algorithm aes-256-gcm'
1) HMAC Authentication is not compatible with AES-GCM
2) commit failed: (...
Adrian
2
votes
0
answers
891
views
xl2tpd-control command not working
I have an cisco vpn server which which i am trying to connect an endpoint through VPN(IPsec/L2TP). I have strongswan, xl2tpd and pppd running on my machine. IPsec conection is established successfully ...
3
votes
1
answer
2k
views
MAC OS El Capitan - VPN Cisco IPSec shared secret not being saved
Summary:
I can't connect to a VPN with Cisco IPSec apparently because the Shared Secret is not being saved after entering it (it always remains blank).
Detailed explanation:
I created a VPN ...
- 141
2
votes
1
answer
436
views
How can I automatically connect to a VPN if I connect to a specific Wi-Fi network on Windows 10?
I have set up an IKEv2 VPN connection with Windows 10. How can I automatically connect to this VPN if my laptop connects to a specific Wi-Fi network?
- 21
0
votes
1
answer
2k
views
L2TP/IPsec VPN Debian/Ubuntu IPsec fails to negotiate or establish security associations
I spent 2 days to configure and figure what's wrong with this setup of L2TP/IPsec VPN. I'm using Debian 8.6 on my VPS server and on my Virtual machine on laptop I'm using Ubuntu 14.04.5. On my VPS im ...
- 15
0
votes
1
answer
4k
views
Using openswan on raspian get "We cannot identify ourselves with either end of this network"
I just spent several hours fighting with Raspberry Pi 3 to get it to connect to my VPN at work. I got OpenSwan installed and (apparently) configured, and also xl2ptd. After starting the services and ...
- 191
0
votes
1
answer
7k
views
PFSense IPSec connection established, wan works, lan not
I want to setup a vpn service on top of my PFSense box at home. PFSense is configured and working fine for my home network.
The problem is, that i can only access wan addresses over the vpn tunnel ...
2
votes
1
answer
424
views
Strongswan 5.5.0 RSA sigkeys
I'm setting up an IPSec connection between two Strongswan clients using RSA "sigkeys." The documentation says that leftsigkey and rightsigkey are used to provide the public RSA keys for the two ...
- 23
0
votes
1
answer
2k
views
How do I configure ipsec and xl2tpd to not use compression when connecting to VPN?
I have two config files:
./etc/ppp/options.xl2tpd.myvpn_name
./etc/ipsec.d/myvpn_name.conf
and somewhere in one of them I need to say "no compression" because I error I get is:
Unsupported protocol ...
- 651
0
votes
1
answer
486
views
How to safely open ports on home networks for testing purposes
I am trying to simulate a client/server scenario on my home network. To setup the socket connections, i require unused ports. For safety reasons these ports are closed.
What criteria should be ...
- 103
-1
votes
1
answer
48
views
leased line broadband speedup problems
i recently upgrade my broadband speed,i was using 1mbps connection that time i get only 125kbps file download speed from everywhere.now i'm using 1mbps leased line. which means i should get 1:1 ...
- 1
0
votes
1
answer
84
views
How does IPsec operate in NAT environment?
I know that if you mess with IPsec header it will drop the packet and NAT is build exactly for that. How do they deploy IPsec where NAT is also needed.
- 189
1
vote
2
answers
7k
views
Have Site-To-Site (IPSEC) connected but cannot ping anything other than router
Just setup a new Azure subscription, and i'm stumped trying to troubleshoot why I can't ping any local VMWare machines from a Azure VM. After successfully setting up an IPSec Site-To-Site VPN.
I am ...
24
votes
1
answer
35k
views
Does the traffic go through my company network when I browse when connected through SSL-VPN
I work for a company which is not in my country. The enterprise intranet is in a different country. We do not have many employees in my country - so everyone works from home. When we need intranet ...
- 583
1
vote
1
answer
846
views
Windows Firewall with secure connection - ipsec
I am trying to set up host based firewall rules with machine authentication to ensure that only certain machines (regardless of IP...in DHCP environment) can access the target machine. That is, I am ...
- 11
1
vote
0
answers
4k
views
Connect to L2TP/IPsec (username/password/PSK) on cmd.exe
How may I connect to VPN using the username, password and PSK combo in the command line? Google has been of no help; any guidance will be most welcome.
I want a command to the effect of vpnclient /...
- 316
0
votes
1
answer
575
views
Strongswan IPSec to Amazon VPC going down randomly
I got established connection between Amazon VPC and my site using strongswan.
I followed documentation from Amazon. Tunnel can be established and is running but is going down randomly if I can say.
...
- 101
1
vote
1
answer
63
views
Linux box as network gateway changes source address
I have a Ubuntu Server box(A) with an IPSec tunnel to another datacenter(AWS, through a VPC VPN). The tunnel is fine and I can ping the other side of the tunnel.
The problem is when I try to ...
- 111
2
votes
2
answers
2k
views
IPSec tunneling mode vs transport mode vs transport+L2TP
According to many docs, transport mode should be used in host-to-host IPSec, while tunneling is used to connect gateways and L2TP is used for remote access.
But nothing prevents me from using ...
- 1,533
0
votes
1
answer
27
views
Linux Server Virtual Networking
I have a Linux (CentOS 6) database test server which is often inaccessible so therefore a terrible way to test.
I was wondering if anyone has any recommendations for remote access to the server ...
- 113
1
vote
1
answer
6k
views
Error 809 when trying to connect Windows 7 with IPsec
Using IPFire 2.17 Core 89 as the IPsec-server, Windows 7 shows the error message "Error 809: The network connection between your computer and the VPN could not be established because the remote server ...
- 182
1
vote
0
answers
337
views
Zywall IPSEC config for remote shares using ipsecuritas
I have a Zywall USG 20 using IPsec. It works and connects fine however I can only access the zywall its self. Traffic does not route to other computers on the subnet. In my case I need to access linux ...
- 153
0
votes
1
answer
403
views
Can't connect to IPSec VPN via D-Link DIR-100 router
I am trying to connect to VPN via Cisco Systems VPN Client with IPSec/UDP transport, but I am getting error:
Secure VPN Connection terminated locally by the Client. Reason 412:
The remote peer is ...
- 133
2
votes
0
answers
2k
views
Issue with setting up IPSec VPN in host-to-network mode
I have set up IPSec VPN using OpenSwan on CentOS 6.5. But not able to get the tunnel up and running. When site B tries to ping my VPS (site A), they get following error:
Feb 26 11:33:59 [IKEv1 DEBUG]...
- 21
0
votes
0
answers
382
views
Block web sites for VPN clients
I installed IPSEC L2TP VPN Server on Ubuntu 12 x86 vps machine. I want to block some web sites for clients connected to VPN Server. So, changed hosts file in Ubuntu to block accessing unwanted web ...
0
votes
1
answer
2k
views
How to block all but a specific list of IP addresses on a given port using IPSEC on Windows?
I have a list of IP addresses.
L={x.x.x.x,y.y.y.y,...etc}
I want to block all IP addresses except for the ones in the above list.
How to do using IPSEC commands in windows machine?
I tried to ...
- 11
0
votes
1
answer
275
views
Do all hosts and nodes in a Broadcast domain have to have the same MTU value?
Some documents on the Internet say that all interfaces in a broadcast domain ( ie Router boundaries ) have to have the same MTU value.
Is that an inflexible rule ?
But what about my roaming laptop ...
- 21
1
vote
1
answer
410
views
Why IPSec ESP needs NAT-T
I understand why it is not possible to use IPSec AH over a NAT server, since the IP header is included in the MAC too.
But I am confused about ESP with Authentication (I am talking about tunnel mode, ...
- 43