Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Best tool to monitor VPN IPSEC Tunneling
Special Forums IP Networking Best tool to monitor VPN IPSEC Tunneling Post 302930518 by DGPickett on Monday 5th of January 2015 08:32:25 AM
Old 01-05-2015
Maybe you can option it for more retries, longer wait so the IPSEC tunnel is more robust?
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

IPSec - VPN using shared key

Hello! I have some trouble trying to configure a VPN with two gateways. One of them uses IPSec with a single key, 256bits length, specified in /etc/ipsec.secrets. As FreeSwan manual page says, if i put esp=3des-md5-96, will be used a "64bit IV key (internally generated), a 192bit 3des ekey and a... (3 Replies)
Discussion started by: eNTer
3 Replies

2. UNIX for Dummies Questions & Answers

Tool to monitor user activity

Hello, Does any one knows any tools or method to monitor users all activities on Solaris 8, including command and its result. Similar to 'script' ??? Thanks nana (3 Replies)
Discussion started by: nana
3 Replies

3. UNIX for Advanced & Expert Users

Tunneling

Hello, I am within a LAN system and I need to be able to tunnel out (and recv UDP) packets. Currently the router automatically drops UDP packets. My PC cant see the outside world, nor ping, but it can connect via SSH to a server on the "edge" of the network which can see everything. I... (2 Replies)
Discussion started by: ErNci
2 Replies

4. Solaris

ssh tunneling

Hi, I have tried the following: on PC1 (win xp) I have created ssh connection with port forwarding (local 8888 to remote 8888) to server1. >From server1 I have created another ssh connection with port forwarding to server2(local 8888 to remote 1521). When I try to connect to oracle... (3 Replies)
Discussion started by: goran00
3 Replies

5. UNIX for Advanced & Expert Users

tool to monitor throughput

Was wonder if there was a tool or program I could run to measure throughput on our CentoS 4.x server. Our current dedicated host provider is charging us by how much throughput we are using and I just want to see if their numbers add up to whatever I get using a throughput tool of some kind. ... (6 Replies)
Discussion started by: mcraul
6 Replies

6. AIX

Tool to monitor the performance of the system ..

Dear experts , Pls advice for any good Tool to monitor the CPU and performance of AIX the system .. to keep monitoring to show me the utilization of that system .. (12 Replies)
Discussion started by: Mr.AIX
12 Replies

7. IP Networking

IPSec VPN Routing

Hello, I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue. ... (0 Replies)
Discussion started by: salukibob
0 Replies

8. IP Networking

VPN IPSec Openswan

Hi all, I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side (... (4 Replies)
Discussion started by: ivancd
4 Replies

9. IP Networking

IPSec Openswan Site to Site VPN - Big Pain

Hi @all, I try to connect 2 LANs with IPSec/Openswan LAN 1: 192.168.0.0/24 LAN 2: 192.168.1.0/24 This is my Config: conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left=192.168.1.29 ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

LEARN ABOUT X11R4

ipsec_spigrp

IPSEC_SPIGRP(8) 						  [FIXME: manual]						   IPSEC_SPIGRP(8)

NAME

       ipsec_spigrp - group/ungroup IPSEC Security Associations

SYNOPSIS

       ipsec spigrp
	     ipsecspigrp [--label label] af1dst1spi1proto1 [af2dst2spi2proto2 [af3dst3spi3proto3 [af4dst4spi4proto4]]]
	     ipsecspigrp [--label label] --said SA1 [SA2 [SA3 [SA4]]]
	     ipsecspigrp --help
	     ipsecspigrp --version

OBSOLETE

       Note that spi is only supported on the classic KLIPS stack. It is not supported on any other stack and will be completely removed in future
       versions. A replacement command still needs to be designed

DESCRIPTION

       Spigrp groups IPSEC Security Associations (SAs) together or ungroups previously grouped SAs. An entry in the IPSEC extended routing table
       can only point (via a destination address, a Security Parameters Index (SPI) and a protocol identifier) to one SA. If more than one
       transform must be applied to a given type of packet, this can be accomplished by setting up several SAs with the same destination address
       but potentially different SPIs and protocols, and grouping them with spigrp.

       The SAs to be grouped, specified by destination address (DNS name lookup, IPv4 dotted quad or IPv6 coloned hex), SPI ('0x'-prefixed
       hexadecimal number) and protocol ("ah", "esp", "comp" or "tun"), are listed from the inside transform to the outside; in other words, the
       transforms are applied in the order of the command line and removed in the reverse order. The resulting SA group is referred to by its
       first SA (by af1, dst1, spi1 and proto1).

       The --said option indicates that the SA IDs are to be specified as one argument each, in the format <proto><af><spi>@<dest>. The SA IDs
       must all be specified as separate parameters without the --said option or all as monolithic parameters after the --said option.

       The SAs must already exist and must not already be part of a group.

       If spigrp is invoked with only one SA specification, it ungroups the previously-grouped set of SAs containing the SA specified.

       The --label option identifies all responses from that command invocation with a user-supplied label, provided as an argument to the label
       option. This can be helpful for debugging one invocation of the command out of a large number.

       The command form with no additional arguments lists the contents of /proc/net/ipsec_spigrp. The format of /proc/net/ipsec_spigrp is
       discussed in ipsec_spigrp(5).

EXAMPLES

       ipsec spigrp inet gw2 0x113 tun inet gw2 0x115 esp inet gw2 0x116 ah
	   groups 3 SAs together, all destined for gw2, but with an IPv4-in-IPv4 tunnel SA applied first with SPI 0x113, then an ESP header to
	   encrypt the packet with SPI 0x115, and finally an AH header to authenticate the packet with SPI 0x116.

       ipsec spigrp --said tun.113@gw2 esp.115@gw2 ah.116@gw2
	   groups 3 SAs together, all destined for gw2, but with an IPv4-in-IPv4 tunnel SA applied first with SPI 0x113, then an ESP header to
	   encrypt the packet with SPI 0x115, and finally an AH header to authenticate the packet with SPI 0x116.

       ipsec spigrp --said tun:233@3049:1::1 esp:235@3049:1::1 ah:236@3049:1::1
	   groups 3 SAs together, all destined for 3049:1::1, but with an IPv6-in-IPv6 tunnel SA applied first with SPI 0x233, then an ESP header
	   to encrypt the packet with SPI 0x235, and finally an AH header to authenticate the packet with SPI 0x236.

       ipsec spigrp inet6 3049:1::1 0x233 tun inet6 3049:1::1 0x235 esp inet6 3049:1::1 0x236 ah
	   groups 3 SAs together, all destined for 3049:1::1, but with an IPv6-in-IPv6 tunnel SA applied first with SPI 0x233, then an ESP header
	   to encrypt the packet with SPI 0x235, and finally an AH header to authenticate the packet with SPI 0x236.

FILES

       /proc/net/ipsec_spigrp, /usr/local/bin/ipsec

SEE ALSO

       ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8), ipsec_spi(8), ipsec_klipsdebug(8), ipsec_spigrp(5)

HISTORY

       Written for the Linux FreeS/WAN project <http://www.freeswan.org/> by Richard Guy Briggs.

BUGS

       Yes, it really is limited to a maximum of four SAs, although admittedly it's hard to see why you would need more.

[FIXME: source] 						    10/06/2010							   IPSEC_SPIGRP(8)
All times are GMT -4. The time now is 10:55 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy