01-05-2015
Maybe you can option it for more retries, longer wait so the IPSEC tunnel is more robust?
9 More Discussions You Might Find Interesting
1. Cybersecurity
Hello! I have some trouble trying to configure a VPN with two gateways. One of them uses IPSec with a single key, 256bits length, specified in /etc/ipsec.secrets. As FreeSwan manual page says, if i put esp=3des-md5-96, will be used a "64bit IV key (internally generated), a 192bit 3des ekey and a... (3 Replies)
Discussion started by: eNTer
3 Replies
2. UNIX for Dummies Questions & Answers
Hello,
Does any one knows any tools or method to monitor users all activities on Solaris 8, including command and its result. Similar to 'script' ???
Thanks
nana (3 Replies)
Discussion started by: nana
3 Replies
3. UNIX for Advanced & Expert Users
Hello,
I am within a LAN system and I need to be able to tunnel out (and recv UDP) packets.
Currently the router automatically drops UDP packets.
My PC cant see the outside world, nor ping, but it can connect via SSH to a server on the "edge" of the network which can see everything. I... (2 Replies)
Discussion started by: ErNci
2 Replies
4. Solaris
Hi,
I have tried the following:
on PC1 (win xp) I have created ssh connection with port forwarding
(local 8888 to remote 8888) to server1.
>From server1 I have created another ssh connection with port
forwarding to server2(local 8888 to remote 1521).
When I try to connect to oracle... (3 Replies)
Discussion started by: goran00
3 Replies
5. UNIX for Advanced & Expert Users
Was wonder if there was a tool or program I could run to measure throughput on our CentoS 4.x server. Our current dedicated host provider is charging us by how much throughput we are using and I just want to see if their numbers add up to whatever I get using a throughput tool of some kind.
... (6 Replies)
Discussion started by: mcraul
6 Replies
6. AIX
Dear experts ,
Pls advice for any good Tool to monitor the CPU and performance of AIX the system ..
to keep monitoring to show me the utilization of that system .. (12 Replies)
Discussion started by: Mr.AIX
12 Replies
7. IP Networking
Hello,
I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue.
... (0 Replies)
Discussion started by: salukibob
0 Replies
8. IP Networking
Hi all,
I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side (... (4 Replies)
Discussion started by: ivancd
4 Replies
9. IP Networking
Hi @all,
I try to connect 2 LANs with IPSec/Openswan
LAN 1: 192.168.0.0/24
LAN 2: 192.168.1.0/24
This is my Config:
conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left=192.168.1.29 ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies
LEARN ABOUT DEBIAN
ipsec_spigrp
IPSEC_SPIGRP(5) [FIXME: manual] IPSEC_SPIGRP(5)
NAME
ipsec_spigrp - list IPSEC Security Association groupings
SYNOPSIS
ipsec spigrp
cat/proc/net/ipsec_spigrp
OBSOLETE
Note that spigrp is only supported on the classic KLIPS stack. It is not supported on any other stack and will be completely removed in
future versions. A replacement command still needs to be designed
DESCRIPTION
/proc/net/ipsec_spigrp is a read-only file that lists groups of IPSEC Security Associations (SAs).
An entry in the IPSEC extended routing table can only point (via an SAID) to one SA. If more than one transform must be applied to a given
type of packet, this can be accomplished by setting up several SAs with the same destination address but potentially different SPIs and
protocols, and grouping them with ipsec_spigrp(8).
The SA groups are listed, one line per connection/group, as a sequence of SAs to be applied (or that should have been applied, in the case
of an incoming packet) from inside to outside the packet. An SA is identified by its SAID, which consists of protocol ("ah", "esp", "comp"
or "tun"), SPI (with '.' for IPv4 or ':' for IPv6 prefixed hexadecimal number ) and destination address (IPv4 dotted quad or IPv6 coloned
hex) prefixed by '@', in the format <proto><af><spi>@<dest>.
EXAMPLES
tun.3d0@192.168.2.110
comp.3d0@192.168.2.110 esp.187a101b@192.168.2.110 ah.187a101a@192.168.2.110
is a group of 3 SAs, destined for 192.168.2.110 with an IPv4-in-IPv4 tunnel SA applied first with an SPI of 3d0 in hexadecimal, followed by
a Deflate compression header to compress the packet with CPI of 3d0 in hexadecimal, followed by an Encapsulating Security Payload header to
encrypt the packet with SPI 187a101b in hexadecimal, followed by an Authentication Header to authenticate the packet with SPI 187a101a in
hexadecimal, applied from inside to outside the packet. This could be an incoming or outgoing group, depending on the address of the local
machine.
tun:3d0@3049:1::2
comp:3d0@3049:1::2 esp:187a101b@3049:1::2 ah:187a101a@3049:1::2
is a group of 3 SAs, destined for 3049:1::2 with an IPv6-in-IPv6 tunnel SA applied first with an SPI of 3d0 in hexadecimal, followed by a
Deflate compression header to compress the packet with CPI of 3d0 in hexadecimal, followed by an Encapsulating Security Payload header to
encrypt the packet with SPI 187a101b in hexadecimal, followed by an Authentication Header to authenticate the packet with SPI 187a101a in
hexadecimal, applied from inside to outside the packet. This could be an incoming or outgoing group, depending on the address of the local
machine.
FILES
/proc/net/ipsec_spigrp, /usr/local/bin/ipsec
SEE ALSO
ipsec(8), ipsec_manual(8), ipsec_tncfg(5), ipsec_eroute(5), ipsec_spi(5), ipsec_klipsdebug(5), ipsec_spigrp(8), ipsec_version(5),
ipsec_pf_key(5)
HISTORY
Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.
BUGS
:-)
[FIXME: source] 10/06/2010 IPSEC_SPIGRP(5)