I am trying to set a policy between 2 machines for all the ports except for 22 i.e. for tcp - basically I want to bypass ssh. But my policy doesn't seem to work. Here are the entries
Security associations are also there and they are fine. I am able to see the packets from 4.3.2.1 to 1.2.3.4 are encrypted through tcpdump. Not able to ssh from 4.3.2.1 to 1.2.3.4
1.2.3.4 => Linux ( Issue is in the Linux machine. ssh from solaris to linux is not working )
4.3.2.1 => Solaris ( Bypass for ssh is enabled in ipsecconf )
I tried with priority, without prio - nothing helps.
One thing I noticed is that, if I give specific ports in the ipsec policy then ssh is bypassed. eg
But If I give [any] for the port in ipsec policy then it is not bypassing the ssh.
I also tried inserting the bypass policy before ipsec, after ipsec. Didn't work
Any info on this will be of great help.
Thank You
Ahamed.
---------- Post updated at 03:20 AM ---------- Previous update was at 03:18 AM ----------
Figured out the issue!!!
We need not specify the port 22 for the source IP.
I want a lan encrypted with ipsec.
This is my /etc/inet/ike/config
p1_xform
{ auth_method preshared oakley_group 5 auth_alg sha256 encr_alg aes }
p2_pfs 2
this is my /etc/inet/secret/ike.preshared
# ike.preshared on hostA, 192.168.0.21
#...
{ localidtype IP
localid... (1 Reply)
Hi all,
I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side (... (4 Replies)
Hi Guys,
Please could you tell me if it is possible to have a single rule/filter to allow a certain port range instead of a separate rule for each port?
I'm sure it must be possible but I am unable to find the syntax.
Thanks
Chris (4 Replies)
hello,
after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration!
I also generate different key for AH and ESP as i have shown below.
what is my problem and what should i do to have ping and test the configuration?
code:
... (0 Replies)
Hi, this is my first post...:p
Hello Admin :)
Can I have an ask for something with my configuration ?
I have finished some kind of the tutorial to build ipsec site to site, and the "step" has finished completely.
I have a simulation with a local design topology with two PC's (FreeBSD ... (0 Replies)
Hello,
I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue.
... (0 Replies)
Hello,
I have configured IPSEC between two AIX Server v5.2 using IKE transport. When I try to transfer a files from one server to another, it is very very slow and the file transfer has been terminated after 25% completes. How to overcome this problem? Please advsie. Thanks (0 Replies)
Hi,
does anyone have an experience how many IPSec tunnels Solaris 10 is able manage. A rough estimation would be great.
I know it's hardly dependent on the hardware used, so if anyone says on a 490 with 2 CPUs and 4GB RAM a maximum of 1000 IPSec tunnels is possible, that would be great.
I... (1 Reply)