Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: IPSec - VPN using shared key
Special Forums Cybersecurity IPSec - VPN using shared key Post 34240 by Neo on Tuesday 11th of February 2003 10:08:56 AM
Old 02-11-2003
Perhaps you would be better off using a simple shared secret between the two implementations. This shared secret would be used to establish a session key.

Did you try this to see if it would work? Did you establish a tunnel with only shared secrets (this is called a pre-shared key in the article below)?

http://www.onlamp.com/lpt/a/3043

Also, see the following article on setting up a BSD-LINUX IPSEC tunnel:

http://home.t-online.de/home/hburde/ipsec/node1.html
 

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

How to interpret the shared memory key

I'm facing a problem interpreting the shared memory key on an AIX machine. (1) I go to a property file and I see the following: shm_key = "119112066" (2) So I now go the command prompt and do this: ipcs -m | grep 119112066 And, I do not find it. So what I do is to run the... (2 Replies)
Discussion started by: vijaygade
2 Replies

2. IP Networking

IPSec VPN Routing

Hello, I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue. ... (0 Replies)
Discussion started by: salukibob
0 Replies

3. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ... (1 Reply)
Discussion started by: aixlover
1 Replies

4. Cybersecurity

IPSEC

hello, after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration! I also generate different key for AH and ESP as i have shown below. what is my problem and what should i do to have ping and test the configuration? code: ... (0 Replies)
Discussion started by: elinaz
0 Replies

5. Programming

Shared library with acces to shared memory.

Hello. I am new to this forum and I would like to ask for advice about low level POSIX programming. I have to implement a POSIX compliant C shared library. A file will have some variables and the shared library will have some functions which need those variables. There is one special... (5 Replies)
Discussion started by: iamjag
5 Replies

6. IP Networking

VPN IPSec Openswan

Hi all, I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side (... (4 Replies)
Discussion started by: ivancd
4 Replies

7. IP Networking

IPSec Openswan Site to Site VPN - Big Pain

Hi @all, I try to connect 2 LANs with IPSec/Openswan LAN 1: 192.168.0.0/24 LAN 2: 192.168.1.0/24 This is my Config: conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left=192.168.1.29 ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

8. IP Networking

Best tool to monitor VPN IPSEC Tunneling

We are using cyberoam device, VPN IPSEC tunnel is going of frequently even the traffic is throug. Please suggest what may be the cause for the above mentioned issue. Also suggest a best tool to monitor the same VPN IPSEC tunnel connectivity. (4 Replies)
Discussion started by: marunmeera
4 Replies

LEARN ABOUT HPUX

ipsec_admin

ipsec_admin(1M) 														   ipsec_admin(1M)

NAME

       ipsec_admin - HP-UX IPSec administration utility

SYNOPSIS

       audit_directory] max_audit_file_size] spi_min_value] spi_max_value] spd_soft_limit] spd_hard_limit]

       password

       audit_directory

       max_audit_file_size

       remote_ip_address

DESCRIPTION

       is  a  utility  for  performing HP-UX IPSec administration tasks such as starting and stopping the HP-UX IPSec subsystem and retrieving the
       status of the HP-UX IPSec subsystem.  The HP-UX IPSec subsystem includes the user-space key management daemon, audit daemon, policy daemon,
       and the HP-UX IPSec kernel portion.  You can also use to perform the following tasks:

	      o      Set the audit level.

	      o      Change the audit directory.

	      o      Set the maximum audit file size.

	      o      Get status on the HP-UX IPSec system.

	      o      Enable or disable Level 4 tracing for TCP, UDP or IGMP.

	      o      Delete the IKE and IPsec SAs for a give peer node.

	      o      Set the "soft" and "hard" limits for the size of the Security Policy Database (SPD).

	      o      Set  the range from which HP-UX IPSec assigns Security Parameters Index (SPI) numbers for inbound, dynamic key Security Asso-
		     ciations (SAs).  You can only change the SPI range when you start HP-UX IPSec.

	      o      Change the HP-UX IPSec password.  HP-UX IPSec does not have to be running when you change the password.

       requires the optional HP-UX IPSec software.

       You must have superuser capabilities to run

       In order to change the HP-UX IPSec password, you must provide the existing HP-UX IPSec password.  The HP-UX IPSec password must be  entered
       from the keyboard; it cannot be redirected from a file.

   Options
       recognizes the following command-line options and arguments:

	      Starts the HP-UX IPSec subsystem, including all user-space daemons.
		   If the configuration file to be used does not have the correct version, issues an error message and exits.

	      Stops the HP-UX IPSec subsystem, including all user-space daemons.

	      Reports the current status of the HP-UX IPSec subsystem.
		   The	report	displays  the  current state of HP-UX IPSec (active or not active).  If active, displays the status of HP-UX IPSec
		   daemons that are currently running.	It also displays the current audit file and any Level 4 tracing enabled.

	      Queries the current status of the HP-UX IPSec subsystem.
		   If HP-UX IPSec daemons are running and responding, returns a zero exit code to the shell; otherwise it returns a 1 exit code to
		   the shell.

	      Changes the HP-UX IPSec password.
		   The password must be at least 15 characters.  HP-UX IPSec does not have to be running when you change the password.

	      Specifies the HP-UX IPSec audit directory.
		   HP-UX IPSec stores audit files in the audit directory.  The default directory is

		   This option is also valid with the option.

	      Changes the audit level for the HP-UX IPSec subsystem.
		   The	levels	are  shown  in	ascending  order.  Higher audit levels include all lower levels.  The default audit level is which
		   includes messages.

		   This option is also valid with the option.

		   A definition of each class follows.

		   These messages include security violations and attacks,
			     password violations, errors that may prevent correct operation of the product, any error condition that is not recov-
			     erable,  authentication  problems, significant changes in security parameters, unknown message types, and changing of
			     the HP-UX IPSec password or audit level.

		   These messages include recoverable error conditions, syntax
			     errors, unsupported features, bad packets, and unknown message types.

		   These messages provide notification to the user about
			     non-intrusive security events.

		   These messages provide detailed event logging for
			     troubleshooting purposes.

		   These messages provide very detailed event logging for
			     debugging and troubleshooting purposes.  The debug audit level generates many messages in the audit file.

	      Specifies the maximum size, in kilobytes, of an audit file before
		   HP-UX IPSec creates a new one.

		   Default: 100.

		   This option is also valid with the option.

	      Enables Level 4 tracing for TCP, UDP, or IGMP.
		   If is selected, all three protocols are traced.  uses to enable Level 4 tracing.  Tracing output is directed to and if  is  not
		   already enabled for tracing.  If it is, the trace file is the file already started by See nettl(1M) for more information.

		   This option is also valid with the option.

	      Disables any Level 4 tracing enabled with the
		   option.

	      Specifies the lower bound for inbound, dynamic key
		   Security Parameters Index (SPI) numbers in hexadecimal, prefixed by 0x, or decimal.

		   Range: 1 - 4294967295 (0x1 - 0xFFFFFFFF hexadecimal).

		   Default:  If  you  do not specify spi_min_value, the default is the value specified for the spi_min parameter in the section of
		   the profile file.  The default spi_min value is 300.

	      Specifies the upper bound for inbound, dynamic key
		   Security Parameters Index (SPI) numbers in hexadecimal, prefixed by 0x, or decimal.

		   Range: 1 - 4294967295 (0x1 - 0xFFFFFFFF hexadecimal).

		   Default: If you do not specify spi_max_value, the default is the value specified for the spi_max parameter in  the  section	of
		   the profile file.  The default spi_max value is 2500000.

	      Specifies the "soft" limit for the size of the Security Policy Database (SPD).
		   The SPD is the HP-UX IPSec runtime policy database, with cached policy decisions for packet descriptors (five-tuples consisting
		   of exact, non-wildcard source IP address, destination IP address, protocol, source port, and destination port).

		   When the size of the SPD exceeds the soft limit, HP-UX IPSec logs a warning message to the system console, and  logs  an  addi-
		   tional warning message to the system console for each 1000 SPD entries added.

		   The spd_soft_limit is measured in units of 1000 entries.

		   Range: 1 - 1000000 units of 1000 entries (1000 - 1000000000 entries).

		   Default:  If you do not specify spd_soft_limit, the default is the value specified for the spd_soft parameter in the section of
		   the profile file.  The default spd_soft value is 25 (25000 entries; approximately 58000 Kbytes of memory).

	      Specifies the "hard" limit for the size of the Security Policy Database (SPD).

		   When the size of the SPD exceeds the hard limit, HP-UX IPSec stops adding new cache entries, and discards any packets  that	do
		   not match existing entries.

		   The spd_hard_limit is measured in units of 1000 entries.

		   Range: 1 - 1000000 units of 1000 entries (1000 - 1000000000 entries).

		   Default:  If you do not specify spd_hard_limit, the default is the value specified for the spd_hard parameter in the section of
		   the profile file.  The default spd_hard value is 50 (50000 entries; approximately 116000 Kbytes of memory).

	      Allows the user to flush all the IKE
		   SAs and IPSec SAs.  You can also use this option to clear the SA database without restarting HP-UX IPSec.

		   This option is automatically executed when you execute the option.

	      Allows the user to flush the Security
		   Policy data base kept by the Policy daemon and the kernel policy engine without restarting HP-UX IPSec.

		   This option is automatically executed when you execute the option.

	      Allows the user to delete the IKE SA
		   and IPSec SAs for a given remote_ip_address.  remote_ip_address must be in dotted-decimal notation for IPv4 addresses or colon-
		   hexadecimal notation for IPv6 addresses.

RETURN VALUE

       Upon successful completion, returns 0; otherwise it returns 1.

ERRORS

       fails if any of the following conditions is encountered:

	      o  Command used incorrectly - Usage message is returned.

EXAMPLES

       produces the following report for the command

       In normal operation, the status for the secauditd, secpolicyd, and daemons is and the status of the IPSec kernel status is

WARNINGS

       requires the optional HP-UX IPSec software.

AUTHOR

       was developed by HP.

FILES

       configuration database.

       default			profile file.

SEE ALSO

       ipsec_config(1M),  ipsec_config_add(1M),  ipsec_config_batch(1M),  ipsec_config_delete(1M), ipsec_config_export(1M), ipsec_config_show(1M),
       ipsec_migrate(1M), ipsec_policy(1M), ipsec_report(1M), nettl(1M).

							   HP-UX IPSec Software Required					   ipsec_admin(1M)
All times are GMT -4. The time now is 02:10 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy