|
|
Sponsored Content
Special Forums
IP Networking
Best tool to monitor VPN IPSEC Tunneling
Post 302930051 by marunmeera on Tuesday 30th of December 2014 12:04:56 AM
12-30-2014
Best tool to monitor VPN IPSEC Tunneling
|
|
9 More Discussions You Might Find Interesting
1. Cybersecurity
Hello! I have some trouble trying to configure a VPN with two gateways. One of them uses IPSec with a single key, 256bits length, specified in /etc/ipsec.secrets. As FreeSwan manual page says, if i put esp=3des-md5-96, will be used a "64bit IV key (internally generated), a 192bit 3des ekey and a... (3 Replies)
Discussion started by: eNTer
3 Replies
2. UNIX for Dummies Questions & Answers
Hello,
Does any one knows any tools or method to monitor users all activities on Solaris 8, including command and its result. Similar to 'script' ???
Thanks
nana (3 Replies)
Discussion started by: nana
3 Replies
3. UNIX for Advanced & Expert Users
Hello,
I am within a LAN system and I need to be able to tunnel out (and recv UDP) packets.
Currently the router automatically drops UDP packets.
My PC cant see the outside world, nor ping, but it can connect via SSH to a server on the "edge" of the network which can see everything. I... (2 Replies)
Discussion started by: ErNci
2 Replies
4. Solaris
Hi,
I have tried the following:
on PC1 (win xp) I have created ssh connection with port forwarding
(local 8888 to remote 8888) to server1.
>From server1 I have created another ssh connection with port
forwarding to server2(local 8888 to remote 1521).
When I try to connect to oracle... (3 Replies)
Discussion started by: goran00
3 Replies
5. UNIX for Advanced & Expert Users
Was wonder if there was a tool or program I could run to measure throughput on our CentoS 4.x server. Our current dedicated host provider is charging us by how much throughput we are using and I just want to see if their numbers add up to whatever I get using a throughput tool of some kind.
... (6 Replies)
Discussion started by: mcraul
6 Replies
6. AIX
Dear experts ,
Pls advice for any good Tool to monitor the CPU and performance of AIX the system ..
to keep monitoring to show me the utilization of that system .. (12 Replies)
Discussion started by: Mr.AIX
12 Replies
7. IP Networking
Hello,
I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue.
... (0 Replies)
Discussion started by: salukibob
0 Replies
8. IP Networking
Hi all,
I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side (... (4 Replies)
Discussion started by: ivancd
4 Replies
9. IP Networking
Hi @all,
I try to connect 2 LANs with IPSec/Openswan
LAN 1: 192.168.0.0/24
LAN 2: 192.168.1.0/24
This is my Config:
conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left=192.168.1.29 ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies
LEARN ABOUT DEBIAN
shorewall6-tunnels
SHOREWALL6-TUNNELS(5) [FIXME: manual] SHOREWALL6-TUNNELS(5) NAME
tunnels - Shorewall6 VPN definition file SYNOPSIS
/etc/shorewall6/tunnels DESCRIPTION
The tunnels file is used to define rules for encapsulated (usually encrypted) traffic to pass between the Shorewall6 system and a remote gateway. Traffic flowing through the tunnel is handled using the normal zone/policy/rule mechanism. See http://www.shorewall.net/VPNBasics.html for details. The columns in the file are as follows (where the column name is followed by a different name in parentheses, the different name is used in the alternate specification syntax). TYPE - {ipsec[:{noah|ah}]|ipsecnat|gre|l2tp|pptpclient|pptpserver|{openvpn|openvpnclient|openvpnserver}[:{tcp|udp}][:port]|generic:protocol[:port]} Types are as follows: ipsec - IPv6 IPSEC ipsecnat - IPv6 IPSEC with NAT Traversal (UDP port 4500 encapsulation) gre - Generalized Routing Encapsulation (Protocol 47) l2tp - Layer 2 Tunneling Protocol (UDP port 1701) openvpn - OpenVPN in point-to-point mode openvpnclient - OpenVPN client runs on the firewall openvpnserver - OpenVPN server runs on the firewall generic - Other tunnel type If the type is ipsec, it may be followed by :ah to indicate that the Authentication Headers protocol (51) is used by the tunnel (the default is :noah which means that protocol 51 is not used). NAT traversal is only supported with ESP (protocol 50) so ipsecnat tunnels don't allow the ah option (ipsecnat:noah may be specified but is redundant). If type is openvpn, openvpnclient or openvpnserver it may optionally be followed by ":" and tcp or udp to specify the protocol to be used. If not specified, udp is assumed. Note: At this writing, OpenVPN does not support IPv6. If type is openvpn, openvpnclient or openvpnserver it may optionally be followed by ":" and the port number used by the tunnel. if no ":" and port number are included, then the default port of 1194 will be used. . Where both the protocol and port are specified, the protocol must be given first (e.g., openvpn:tcp:4444). If type is generic, it must be followed by ":" and a protocol name (from /etc/protocols) or a protocol number. If the protocol is tcp or udp (6 or 17), then it may optionally be followed by ":" and a port number. ZONE - zone The zone of the physical interface through which tunnel traffic passes. This is normally your internet zone. GATEWAY(S) (gateway or gateways) - address-or-range [ , ... ] The IP address of the remote tunnel gateway. If the remote gateway has no fixed address (Road Warrior) then specify the gateway as ::/0. May be specified as a network address and if your kernel and ip6tables include iprange match support then IP address ranges are also allowed. Beginning with Shorewall 4.5.3, a list of addresses or ranges may be given. Exclusion (shorewall6-exclusion[1] (5) ) is not supported. GATEWAY ZONE(S) (gateway_zone or gateway_zones) - [zone[,zone]...] Optional. If the gateway system specified in the third column is a standalone host then this column should contain a comma-separated list of the names of the zones that the host might be in. This column only applies to IPSEC tunnels where it enables ISAKMP traffic to flow through the tunnel to the remote gateway(s). EXAMPLE
Example 1: IPSec tunnel. The remote gateway is 2001:cec792b4:1::44. The tunnel does not use the AH protocol #TYPE ZONE GATEWAY ipsec:noah net 2002:cec792b4:1::44 Example 2: Road Warrior (LapTop that may connect from anywhere) where the "gw" zone is used to represent the remote LapTop #TYPE ZONE GATEWAY GATEWAY ZONES ipsec net ::/0 gw Example 3: Host 2001:cec792b4:1::44 is a standalone system connected via an ipsec tunnel to the firewall system. The host is in zone gw. #TYPE ZONE GATEWAY GATEWAY ZONES ipsec net 2001:cec792b4:1::44 gw Example 4: OPENVPN tunnel. The remote gateway is 2001:cec792b4:1::44 and openvpn uses port 7777. #TYPE ZONE GATEWAY GATEWAY ZONES openvpn:7777 net 2001:cec792b4:1::44 Example 8: You have a tunnel that is not one of the supported types. Your tunnel uses UDP port 4444. The other end of the tunnel is 2001:cec792b4:1::44. #TYPE ZONE GATEWAY GATEWAY ZONES generic:udp:4444 net 2001:cec792b4:1::44 FILES
/etc/shorewall6/tunnels SEE ALSO
http://shorewall.net/configuration_file_basics.htm#Pairs shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-zones(5) NOTES
1. shorewall6-exclusion http://www.shorewall.net/manpages6/shorewall6-exclusion.html [FIXME: source] 06/28/2012 SHOREWALL6-TUNNELS(5)