Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ipsec]

IPsec (Internet Protocol Security) is a protocol for securing IP communications by authenticating and encrypting each IP packet of a communication session.

IPsec (Internet Protocol Security) is a protocol for securing IP communications by authenticating and encrypting each IP packet of a communication session.

1031 questions
6
votes
3 answers

How do I route a public IP range over an IPSEC VPN?

So, I have an established IPSec Site to Site tunnel. Site A has a SonicWall, Site B has a EdgeRouter. The first tunnel consists of Site A's NATed ips to Site B's NATed ips. Everything works as expected. Next, I have a public IP range that Site B…
William Hilsum
  • 3,536
  • 6
  • 29
  • 39
6
votes
1 answer

IPSec + L2TP + NAT-Traversal does not work for multiple clients behind same nat

I have recently configured a VPN server hosted in AWS EC2. Details: Centos 6.4, openswan, xl2tpd, NAT-traversal. The configuration works great for a scenario when only one user connects form a given public IP address behind NAT. But when there are…
Fentik
  • 61
  • 1
  • 2
6
votes
3 answers

Simple L2TP/IPsec server not working (openswan, xl2tpd, Ubuntu, Windows)

I configured openswan and xl2tpd on an Ubuntu 12.04 server (on EC2) by following various tutorials/documentation which seem to largely say the same things, but most recently this one. However, my attempts to connect from Windows (which I configured…
Yang
  • 1,665
  • 6
  • 21
  • 35
6
votes
1 answer

strongSwan IPsec server with AWS EC2 VPC VPN client

I'm trying to create a VPN tunnel between 2 AWS regions. The way I'm trying to do this is by setting up a IPsec server in Linux with strongSwan in one region, and then a VPC VPN in the other region. The problem is I can't come up with a…
phemmer
  • 5,909
  • 2
  • 27
  • 36
6
votes
1 answer

Bypassing an Active Directory assigned IPSEC policy

I was in the process of translating some locally defined IPSEC policies on my test systems into group policies. In the process I applied an incomplete policy which was missing the line that allows direct access to my DCS which aren't yet set up for…
Tim Brigham
  • 15,545
  • 10
  • 75
  • 115
6
votes
1 answer

IPsec VPN site-to-site: How should I configure the ipsec.conf files on both sites to get the tunnel up?

What I am trying to do is to create a site-to-site IPsec VPN between my network and my friend's network. We both have a router and two computers on each router, with all computers running Linux. So I guess the topology looks like this [myPC1 +…
Deneb
  • 107
  • 1
  • 1
  • 6
6
votes
1 answer

ASA site-to-site IPSec vpn to linux ipsec-tools endpoints stops working after a random period of time

We swapped to ASA's over the weekend, and we replaced our VPN infrastructure which was previously based on openvpn and are now using IPSec between our ASA 5520's and our other sites that have linux (CentOS) routers. The VPNs connect just fine, but…
Peter Grace
  • 3,456
  • 1
  • 27
  • 43
6
votes
2 answers

Issue routing openswan vpn traffic beyond the server

Trying to set up a openswan based server sitting in an Amazon VPC cluster. The goal is to make it so we can VPN into VPC and have our workstations be as if they were on the network, more of a roadwarrior configuration. Our VPN client of choice is…
Ken Robertson
  • 61
  • 1
  • 3
6
votes
1 answer

Can I use Win 2k8 R2 as an IPSEC client?

I'm trying to connect a win server 2008 R2 box to a juniper ssg firewall using a client-to-gateway IPSEC VPN. I tried to set it up in Windows Firewall with Advanced Security, but the connection doesn't appear to work. Would love to hear from someone…
user55696
6
votes
4 answers

How to connect to a IPsec VPN with Preshared key and Xauth from Linux?

I would very much like to connect to a VPN network which have these info: host: example.com user: my_name pass: my_pass group: VPN1 key: secret_passphrase It uses Preshared key and Xauth. Can I connect to this VPN from my Linux desktop, and if so,…
Sandra
  • 10,303
  • 38
  • 112
  • 165
5
votes
2 answers

Policy-based IPsec routing in linux

In linux, when it comes to route-based IPsec tunnels, it's pretty straight forward. Install one of the mainly ipsec implementations. Establish your security associations, add a VTI interface on each endpoint, add a mark to the VTI, change some…
Rijndael
  • 173
  • 1
  • 5
5
votes
1 answer

Setting up site-to-site IPsec in bridged mode

I'd like to set up site-to-site IPsec in bridged mode: that is, where the hosts in each site don't need to be modified to use the IPsec gateway, but the IPsec gateway acts as a pseudowire. My plan to do this is: Set up host-to-host IPsec on each…
SRobertJames
  • 63
  • 1
  • 4
5
votes
0 answers

IPSec bandwidth between two Pfsense hosts has predictable, variable bandwidth

I have a IPSec tunnel between two Pfsense machines. Both machines are connected to a 100mbps symmetrical connection. The latency between the two routers is ~70ms. I'm using AES-GCM-128 and SHA1, both machines support hardware acceleration of AES and…
ensnare
  • 2,212
  • 7
  • 24
  • 40
5
votes
1 answer

Site-to-Site IPsec vpn not sending ping across a tunnel

This is my first attempt at a site-to-site VPN. I chose to use IPec because it appeared to be the best solution for what I needed to accomplish. I've followed several different tutorials over the last week with little success. Right now I can not…
autisticgeek
  • 53
  • 1
  • 1
  • 3
5
votes
2 answers

TCP connection through IPSec (Linux/Strongswan) stalls after exceeding PMTU

The backups (via Bacula) of one of my servers (“A”) connected via IPSec (Strongswan on Debian testing) to a storage daemon (“B”) don't finish 95% of the times they run. What apparently happens, is: Bacula opens a TCP connection to the storage…
al.
  • 925
  • 6
  • 17
1 2 3
68 69