Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: VPN IPSec Openswan
Special Forums IP Networking VPN IPSec Openswan Post 302909177 by ivancd on Tuesday 15th of July 2014 06:11:24 AM
Old 07-15-2014
VPN IPSec Openswan
Hi all,

I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side ( private ip ) the packet for that tunnel trying to go out from the interface that have public ip. And for the other tunnel they are not going anyway. All this is on a linux machine CentOS, with eth0 - public ip address, eth0:0 and eth0:1 are private for the tunnels. Can someone help me out here because i need this thing to work ( it's a production ) and i have lost a whole week.

Thanks in advanced !
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

IPSec - VPN using shared key

Hello! I have some trouble trying to configure a VPN with two gateways. One of them uses IPSec with a single key, 256bits length, specified in /etc/ipsec.secrets. As FreeSwan manual page says, if i put esp=3des-md5-96, will be used a "64bit IV key (internally generated), a 192bit 3des ekey and a... (3 Replies)
Discussion started by: eNTer
3 Replies

2. IP Networking

IPSec VPN Routing

Hello, I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue. ... (0 Replies)
Discussion started by: salukibob
0 Replies

3. BSD

Problem on IPSec

Hi, this is my first post...:p Hello Admin :) Can I have an ask for something with my configuration ? I have finished some kind of the tutorial to build ipsec site to site, and the "step" has finished completely. I have a simulation with a local design topology with two PC's (FreeBSD ... (0 Replies)
Discussion started by: aulia
0 Replies

4. UNIX for Advanced & Expert Users

Ipsec implementation

How can i implement Ipsec between two machines in linux_ ubuntu? any link?? suggestion?? (0 Replies)
Discussion started by: elinaz
0 Replies

5. Cybersecurity

IPSEC

hello, after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration! I also generate different key for AH and ESP as i have shown below. what is my problem and what should i do to have ping and test the configuration? code: ... (0 Replies)
Discussion started by: elinaz
0 Replies

6. AIX

Allow port range using IPsec?

Hi Guys, Please could you tell me if it is possible to have a single rule/filter to allow a certain port range instead of a separate rule for each port? I'm sure it must be possible but I am unable to find the syntax. Thanks Chris (4 Replies)
Discussion started by: chrisstevens
4 Replies

7. IP Networking

IPSec Openswan Site to Site VPN - Big Pain

Hi @all, I try to connect 2 LANs with IPSec/Openswan LAN 1: 192.168.0.0/24 LAN 2: 192.168.1.0/24 This is my Config: conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left=192.168.1.29 ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

8. IP Networking

Openswan with Cisco ASA

Hi all, I need this as soon as possible to solve it or at least to find out what is the problem. I have configured IPSec tunnels with Openswan and Cisco ASA, i have established a connection and the ping was fine, but after some time there is request time out from both sites. I don't have ASA... (0 Replies)
Discussion started by: ivancd
0 Replies

9. IP Networking

Best tool to monitor VPN IPSEC Tunneling

We are using cyberoam device, VPN IPSEC tunnel is going of frequently even the traffic is throug. Please suggest what may be the cause for the above mentioned issue. Also suggest a best tool to monitor the same VPN IPSEC tunnel connectivity. (4 Replies)
Discussion started by: marunmeera
4 Replies

LEARN ABOUT MOJAVE

tc-tunnel_key

Tunnel metadata manipulation action in tc(8)                           Linux                          Tunnel metadata manipulation action in tc(8)

NAME

       tunnel_key - Tunnel metadata manipulation

SYNOPSIS

       tc ... action tunnel_key { unset | SET }

       SET := set src_ip ADDRESS dst_ip ADDRESS id KEY_ID dst_port UDP_PORT [ csum | nocsum ]

DESCRIPTION

       The  tunnel_key  action combined with a shared IP tunnel device, allows to perform IP tunnel en- or decapsulation on a packet, reflected by
       the operation modes UNSET and SET.  The UNSET mode is optional - even without using it, the metadata information will be released automati-
       cally  when packet processing will be finished.  UNSET function could be used in cases when traffic is forwarded between two tunnels, where
       the metadata from the first tunnel will be used for encapsulation done by the second tunnel.  SET mode requires the source and  destination
       ip  ADDRESS  and  the  tunnel  key  id KEY_ID which will be used by the ip tunnel shared device to create the tunnel header. The tunnel_key
       action is useful only in combination with a mirred redirect action to a shared IP tunnel device which will use the metadata (for SET )  and
       unset the metadata created by it (for UNSET ).

OPTIONS

       unset  Unset  the  tunnel metadata created by the IP tunnel device.  This function is not mandatory and might be used only in some specific
              use cases (as explained above).

       set    Set tunnel metadata to be used by the IP tunnel device. Requires id , src_ip and dst_ip options.  dst_port is optional.

              id     Tunnel ID (for example VNI in VXLAN tunnel)

              src_ip Outer header source IP address (IPv4 or IPv6)

              dst_ip Outer header destination IP address (IPv4 or IPv6)

              dst_port
                     Outer header destination UDP port

              [no]csum
                     Controlls outer UDP checksum. When set to csum (which is default), the outer UDP checksum is calculated and included  in  the
                     packets.  When set to nocsum, outer UDP checksum is zero. Note that when using zero UDP checksums with IPv6, the other tunnel
                     endpoint must be configured to accept such packets.  In Linux, this would be the udp6zerocsumrx option for the  VXLAN  tunnel
                     interface.

                     If  using  nocsum  with  IPv6, be sure you know what you are doing. Zero UDP checksums provide weaker protection against cor-
                     rupted packets. See RFC6935 for details.

EXAMPLES

       The following example encapsulates incoming ICMP packets on eth0 into a vxlan tunnel, by setting metadata to VNI 11,  source  IP  11.11.0.1
       and  destination  IP  11.11.0.2,  and  by redirecting the packet with the metadata to device vxlan0, which will do the actual encapsulation
       using the metadata:

              #tc qdisc add dev eth0 handle ffff: ingress
              #tc filter add dev eth0 protocol ip parent ffff: 
                flower 
                  ip_proto icmp 
                action tunnel_key set 
                  src_ip 11.11.0.1 
                  dst_ip 11.11.0.2 
                  id 11 
                action mirred egress redirect dev vxlan0

       Here is an example of the unset function: Incoming VXLAN traffic with outer IP's and VNI 11 is decapsulated by vxlan0 and metadata is unset
       before redirecting to tunl1 device:

              #tc qdisc add dev eth0 handle ffff: ingress
              #tc filter add dev vxlan0 protocol ip parent ffff:   flower 
                     enc_src_ip 11.11.0.2 enc_dst_ip 11.11.0.1 enc_key_id 11   action tunnel_key unset  action mirred egress redirect dev tunl1

SEE ALSO

       tc(8)

iproute2                                                            10 Nov 2016                       Tunnel metadata manipulation action in tc(8)
All times are GMT -4. The time now is 04:30 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy