Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ipsec]

IPsec (Internet Protocol Security) is a protocol for securing IP communications by authenticating and encrypting each IP packet of a communication session.

IPsec (Internet Protocol Security) is a protocol for securing IP communications by authenticating and encrypting each IP packet of a communication session.

1031 questions
7
votes
2 answers

How to debug ip xfrm rules

I created ip xfrm rules on 2 machine and trying to pass traffic through the ipsec tunnel. The packet comes into the other end, encrypted, and disappears. I traced them through iptables, and here is the trace. 2015-11-27T14:50:21.442638+04:30 cfae…
Sindhura Bandi
  • 81
  • 1
  • 1
  • 6
7
votes
1 answer

Can't get past "pending Phase 2" on OpenSWAN <-> ISA Server IPSec VPN

The issue I´m having quite a hard time configuring OpenSWAN on my Linux server (Ubuntu 12.04) to connect to an ISA Server 2004 IPSec VPN. There is apparently something wrong in the configuration that impedes the tunnel from working. It looks like…
GomoX
  • 796
  • 3
  • 8
  • 21
7
votes
1 answer

L2TP over IPSec VPN with OpenSwan and XL2TPD can't connect, timeout on Centos 6

I'm setting up LT2p over IPSec on my Centos 6.3 fresh install. I have iptables flushed, permit all. Whenever I try to connect, i get a 'no reply from vpn' and nothi Here's my ipsec.conf file (Server is 1.2.3.4) : config setup nat_traversal=yes …
Disco
  • 1,421
  • 5
  • 20
  • 34
7
votes
1 answer

IPSec software that can use multiple CPU cores

Can anyone recommend a good IPSec software that can use multiple CPU cores to achieve performance ~2Gbps on Linux dual-CPU quad-core E5620 Xeon setup (total 16HT cores)? I have tried OpenSwan and StrongSwan. The OpenSwan KLIPS stack runs only on a…
user389238
  • 632
  • 4
  • 8
  • 18
7
votes
7 answers

Alternative Cisco VPN clients for Windows XP

I'm considering investing in a Cisco ASA5505. As Cisco's own VPN client requires a service subscription, which I am trying to do without, are there any free or low-cost ipsec VPN clients that will work with the ASA and run on Windows XP? Is XP's…
weiyin
  • 195
  • 1
  • 1
  • 7
7
votes
4 answers

Wireshark and IPSec

I am trying to troubleshoot communication between two servers on a Windows network where IPSEC is encrypting everything. I installed wireshark on the source server and captured traffic at the point that the communication is failing, but other than…
Sean Earp
  • 7,227
  • 3
  • 36
  • 38
6
votes
4 answers

Linux ip xfrm: What is the purpose of the tmpl?

If we take an example of the Linux ip xfrm command: ip xfrm policy add src $LOCAL dst $REMOTE dir out tmpl src $SRC dst $DST proto esp reqid $ID mode tunnel What does the tmpl do? UPDATE: Of course, I understand we need to specify the $SRC and…
SRobertJames
  • 221
  • 4
  • 8
6
votes
2 answers

How to enable debug logs in OpenSwan?

I use OpenSwan IPSec tunnel on CentOS 6.7. I have added the following configuration in /etc/ipsec.secrets according to this link: http://linux.die.net/man/5/ipsec.conf config setup plutodebug=all plutostderrlog=/var/log/openswan.log Unfortunately…
Michael
  • 597
  • 3
  • 9
  • 23
6
votes
2 answers

Enable IKE tracing on windows 10 VPN

I have an IKEV2 VPN setup (including certs) that worked fine on windows 7. On Windows 10, the same config fails with 'IKE authentication credentials are unacceptable'. Server is StrongSwan. The last line in the log for a connection attempt…
FatalFlaw
  • 181
  • 1
  • 1
  • 4
6
votes
2 answers

Setting up IPSEC on LAN between two hosts (OpenBSD)

Trying to use IPSEC between two hosts on a LAN. No VPN involved Using OpenBSD 5.8 (in VirtualBox). I'd prefer to use OpenBSD's built-in support for IPSEC and key exchange and not a third-party. Two hosts: 10.0.2.10 (host "A") and 10.0.2.11 (host…
Neil McGuigan
  • 214
  • 4
  • 14
6
votes
3 answers

Using strongswan, what's the difference between auto=add, and auto=start?

The docs on this are pretty vague, what operation, if any, should be done automatically at IPsec startup. add loads a connection without starting it. route loads a connection and installs kernel traps. If traffic is detected between leftsubnet and…
Evan Carroll
  • 2,373
  • 10
  • 34
  • 53
6
votes
1 answer

How do I allow only certain IPSet set's to access a certain port with iptables?

I'm using IPSet to build IP ranges for different countries as follows : # Canada ipset -F ca.zone ipset -N ca.zone nethash for IP in $(wget -O - http://www.ipdeny.com/ipblocks/data/countries/ca.zone) do ipset -A ca.zone $IP echo…
James Morrison
  • 63
  • 1
  • 5
6
votes
1 answer

Restrict access to RD Gateway based on IP

I'm trying to restrict who can access our RD Gateway based on both their group membership and IP address (so people in group A can only access the system from IP address X). The Network Policy Server installed by the RD Gateway seems to imply that…
Sam Cogan
  • 38,736
  • 6
  • 78
  • 114
6
votes
1 answer

Simultaneous IKEv1 and IKEv2 connection support in Strongswan

I'm using Strongswan to handle IPsec connections, and need a way to support both Windows (IKEv2) and OS X (IKEv1) clients. I would prefer to use pure IPsec (i.e. avoid having to setup L2TP) unless there's a compelling reason to use L2TP/IPsec. I…
Alex
  • 471
  • 7
  • 18
6
votes
1 answer

strongswan: entirely virtual subnet

I recently set up a strongswan IPSec VPN to access some non-public services of my home server from my android smartphone. I am using OpenVPN on some other devices for the same task, but chose strongswan for the phone, as IKEv2 is supposed (correct…
Fabian Henze
  • 223
  • 3
  • 6
1 2
3
68 69