Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ipsec]

IPsec (Internet Protocol Security) is a protocol for securing IP communications by authenticating and encrypting each IP packet of a communication session.

IPsec (Internet Protocol Security) is a protocol for securing IP communications by authenticating and encrypting each IP packet of a communication session.

1031 questions
4
votes
2 answers

IPSec VPN on Vista

My company uses IPCop to configure it's VPN. We have an IPSec script that runs on Windows XP to open a connection using a security certificate for authentication. Microsoft totally changed things around with Vista, and our script no longer works. …
Scottie T
  • 245
  • 1
  • 5
  • 10
3
votes
0 answers

Libreswan Testbed in VirtualBox

I'm currently working to create a testbed in VirtualBox for two VMs with an isolated opportunistic IPSec network with LibreSwan. All services are coming up fine, but network traffic between the two VMs doesn't seem to actually be encrypted. If I…
schrodingersket
  • 31
  • 1
3
votes
0 answers

FreeBSD major update broke vpnc connectivity, incoming ESP traffic doesn't appear unencrypted on interfaces

I updated a FreeBSD box from 10.4 to 11.2-RELEASE-p4 recently and it seems to have broken the vpnc VPN connectivity. Here's the vpnc.conf: IPSec gateway 10.1.0.1 IPSec ID vpnuser IPSec secret su0hoh8liNgeiT8 Xauth username vpnuser Xauth password…
alo
  • 31
  • 4
3
votes
1 answer

Block an application from accessing the network, except for a single IP address

How would I go about preventing a specific .exe from accessing any network (TCP) resources, with the exception of 1 or 2 IP addresses? Can it be done with Windows Firewall (netsh or UI) and/or IPSec? If so, how? Note: I don't want to set my…
Adam Plocher
  • 143
  • 7
3
votes
1 answer

strongSwan 5.6.2 and xl2tp 1.3.12 on Ubuntu 18.04 SA established but no traffic

Since updating strongSwan and xl2tpd to the latest versions available for Ubuntu I encounter a problem with ESP and AH in L2TP. Server config: Interface for generating traffic ens224: flags=4163 mtu 1500 inet…
Boris
  • 31
  • 5
3
votes
1 answer

Windows 10 connection to strongswan ipsec server fails with "IKE authentication credentials are unacceptable

I'm trying to get a simple IPSEC/IKEv2 server set up with username/password (for now) on Ubuntu 18.04. I'm using Windows 10 Pro built in client, and the connection fails complaining about the IKE authentication credentials. The event log shows error…
Kayson
  • 301
  • 2
  • 9
3
votes
0 answers

Route OpenVPN traffic through Site to Site IPSec connection for specific routes

We recently changed our firewall from a Sonicwall 3060 to a Meraki MX100. After changing we discovered that our work for one customer relied on a site to site vpn to their network with outbound nat translation. Meraki devices do not support such a…
Ben Gourarie
  • 31
  • 2
3
votes
2 answers

Client packets not forwarded over strongSwan IPsec site-to-site tunnel for client and gateway on the same server

I have a site-to-site IPsec tunnel set up with strongSwan between my CentOS 7 virtual private server (public IP x.x.x.233 for subnet 172.25.10.0/24) and a customer's network (public IP y.y.y.24 for subnet 10.9.200.0/24). The tunnel seems to be…
Ben
  • 33
  • 1
  • 3
3
votes
1 answer

No ping on IPSec tunnel with Strongswan

I have the following situation. The home network is on 192.168.1.0/24 and uses a Zyxel USG50 which is able to handle IPSec tunnels. The remote VPS runs Ubuntu 16.04 and hosts a PPTP server (10.0.0.1) which assigns addresses 10.0.0.100-200 to the…
Michele Scuttari
  • 61
  • 2
  • 10
3
votes
1 answer

How do I configure StrongSwan to act as a IKEv1 client?

A customer of our development business has provided access to their IPSec VPN providing the necessary credentials (anonymized): Gateway: example.fake Group: MYGROUP User: MYUSER Password: MYPASSWORD PSK: MYPSK They have also provided the…
Andrea Lazzarotto
  • 131
  • 1
  • 1
  • 7
3
votes
1 answer

Does Common Name matter in Certificates for VPN or IPSEC use?

Common Name (and SAN) in a PEM certificate should match the hostname in case of a web service. However, I found many IPSEC or VPN online documentations (the ones using a self-signed certificate) ignore Common Name field on the certificate request. I…
flymetothemoon
  • 31
  • 1
  • 2
3
votes
1 answer

Decrypting ESP Packets with IPSEC Transport Mode if Pre-Shared Key is Known

I am reading up on IPSec, and was wondering if I could use wireshark to decrypt ESP packets from IPSEC transport mode sessions that are using a preshared key . From reading this thread, I have gathered that even if the preshared key is already…
Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
3
votes
1 answer

Tunnel is up but I can't ping

I need to understand and resolve my issue. I know openswan works because when I connect from home network with an internal ip address of 10.0.0.97 to work's VPN, I'm able to ping but when I use the public xFinity wifi it indicates that the tunnel is…
BioRod
  • 303
  • 4
  • 13
3
votes
4 answers

Windows 10 built in VPN

I am trying to setup Windows built in VPN with an asa 5505 using IPsec/L2TP with IKEv1. Remote access vpn using a psk. I got a mismatch error during phase 1, and I cannot figure out what IPsec proposal windows 10 is using, so I can match on the…
Andreas
  • 309
  • 1
  • 5
  • 17
3
votes
5 answers

The right vpn to replace heavy ssh usage

We are a small development firm looking to access the following services remotely: http smb network shares rdc / vnc Currently we do this with a lot of ssh tunnels. We are looking into switching to a vpn solution, which hopefully should have less…
Sindhudweep
  • 175
  • 1
  • 7
1 2 3
68 69