software like
strongswan (it has a networkmanager plugin) or even ipsec-tools
instead of vpnc, to see if you're getting the same problem? I think
that they should work with Cisco VPN gateways, although it may be
fiddly to set them up.
i can find only ebuilds of (networkmanager-)openswan
On Friday 19 Feb 2016 15:36:20 Mick wrote:
> On Friday 19 Feb 2016 14:51:40 Daniel Quinn wrote:
> > Hello all, I’ve been asked to connect my Gentoo box to a StrongSwan VPN
> > and was offered a .mobileconfig file as means to connect. Unfortunately,
> > this appears to be
On Friday 19 Feb 2016 16:23:22 Daniel Quinn wrote:
> The problem is that the names of the fields on iThings are different
> from the fields I see in NetworkManager, so I don’t know what correlates
> to what.
>
> I have just uninstalled libreswan and installed strongswan, but
On Friday 19 Feb 2016 14:51:40 Daniel Quinn wrote:
> Hello all, I’ve been asked to connect my Gentoo box to a StrongSwan VPN
> and was offered a .mobileconfig file as means to connect. Unfortunately,
> this appears to be a special-Apple-only-format and I can’t make heads or
> tails of
The problem is that the names of the fields on iThings are different
from the fields I see in NetworkManager, so I don’t know what correlates
to what.
I have just uninstalled libreswan and installed strongswan, but I can’t
find evidence of a networkmanager plugin for strongswan in Portage. |eix
another.
DPD timeouts are 30seconds minimum, which is too long.
i'll keep you posted if the bird recommendations works better
You can tune dpd_delay and dpd_retry in racoon.conf (if you are using ipsec-
tools) or the equivalent in open/strongswan. I think strongswan sends
keepalives every 20
?
maybe.
BTW, have you tried more actively developed VPN software like
strongswan (it has a networkmanager plugin) or even ipsec-tools
instead of vpnc, to see if you're getting the same problem? I think
that they should work with Cisco VPN gateways, although it may be
fiddly
You can read a comparison between the *Swans here, but things have moved on
since; e.g. StrongSwan supports IKEv1 in Aggressive Mode,
Aggressive mode with pre-shared keys is vulnerable to offline dictionary
attack so you might as well use main mode. If for some reason you have to
use
Hi,
Does anyone have any experience with IPsec? Preferably on Gentoo or
Linux in general?
I'd like to discuss some things (probably off list) while wading into
the IPsec pool. E.g.:
- ip xfrm ...
- strongSwan
- Libraswan
- X.509 certificate based authentication, preferably /mutual
Hello all, I’ve been asked to connect my Gentoo box to a StrongSwan VPN
and was offered a .mobileconfig file as means to connect. Unfortunately,
this appears to be a special-Apple-only-format and I can’t make heads or
tails of the contents. I understand that the server is Ubuntu running
StrongSwan
Hi,
since I am a while out of the game of doing ipsec with Linux:
What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon.
Emerge -p gave me some ~ for ipsec-tools while openswan goes without.
Any input welcome. I need this for a road warrior setup.
Regards,
Konstantin
actively developed VPN software like strongswan
(it has a networkmanager plugin) or even ipsec-tools instead of vpnc, to
see if you're getting the same problem? I think that they should work
with Cisco VPN gateways, although it may be fiddly to set them up.
i can find only ebuilds
On 24.01.2010 23:38, Konstantinos Agouros wrote:
since I am a while out of the game of doing ipsec with Linux:
What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon.
Emerge -p gave me some ~ for ipsec-tools while openswan goes without.
Any input welcome. I need
On 1/24/2010 1:38 PM, Konstantinos Agouros wrote:
Hi,
since I am a while out of the game of doing ipsec with Linux:
What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon.
Emerge -p gave me some ~ for ipsec-tools while openswan goes without.
Any input welcome. I need
kashani wrote:
On 1/24/2010 1:38 PM, Konstantinos Agouros wrote:
Hi,
since I am a while out of the game of doing ipsec with Linux:
What's the way to go? Strongswan/Openswan or ipsec-tools for
kame/racoon.
Emerge -p gave me some ~ for ipsec-tools while openswan goes without.
Any input
On Monday, April 5, 2021 3:46:37 AM CEST Grant Taylor wrote:
> Hi,
>
> Does anyone have any experience with IPsec? Preferably on Gentoo or
> Linux in general?
>
> I'd like to discuss some things (probably off list) while wading into
> the IPsec pool. E.g.:
>
> - i
In 4b612f2e.1070...@badapple.net kashani-l...@badapple.net (kashani) writes:
On 1/24/2010 1:38 PM, Konstantinos Agouros wrote:
Hi,
since I am a while out of the game of doing ipsec with Linux:
What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon.
Emerge -p gave me some
On Monday 13 May 2013 03:13:27 Adam Carter wrote:
You can read a comparison between the *Swans here, but things have moved
on since; e.g. StrongSwan supports IKEv1 in Aggressive Mode,
Aggressive mode with pre-shared keys is vulnerable to offline dictionary
attack so you might as well use
' to get some useful information until you get it going.
However, if you are using Windows =7 then it may be better to install and run
StrongSwan with IKEv2 on Linux, which MSWindows can now support natively and
do away with L2TP all together. Openswan also supports IKEv2.
--
Regards,
Mick
with ifconfig and ip.
Apparently they work if you use xauth, according to this thread:
http://forums.gentoo.org/viewtopic-p-6977674.html
Instead, I opted for using StrongSwan, which is *much* better documented,
supports additional ciphers, RADIUS, etc. and allocation of IKEv1 pools using
certificates with strongswan, so I think I will be
limited to:
prime256v1
secp384r1
secp521r1
http://wiki.strongswan.org/projects/strongswan/wiki/EcDsaSecret
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
On Sunday 24 January 2010 21:38:23 Konstantinos Agouros wrote:
Hi,
since I am a while out of the game of doing ipsec with Linux:
What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon.
Openswan is simpler to configure, although I have not tried it yet. I have
however
L2TP.
Has anyone else done this successfully?
Thanks for any clues.
I haven't used L2TP to comment on specifics, but have you emerged and set up
xl2tp which I understand will set up the L2TP tunnel? L2TP will be
encapsulated within IPSec, which you should set up using racoon, strongswan
-lite:/var/run/pcscd:/sbin/nologin
ipsec:x:110:998:added by portage for strongswan:/dev/null:/sbin/nologin
polkitd:x:111:997:added by portage for polkit:/var/lib/polkit-1:/sbin/nologin
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
to install and
run
StrongSwan with IKEv2 on Linux, which MSWindows can now support natively and
do away with L2TP all together. Openswan also supports IKEv2.
--
Regards,
Mick
--
Your life is like a penny. You're going to lose it. The question is:
How do
you spend it?
John Covici
Gentoo (without dnsmasq) I have found the
remote peer's nameservers are written in resolv.conf by the VPN client Up
script, but only for full tunnels. I've noticed with strongswan when setting
up split tunnels it errors out as it tries to set a nameserver for the tunnel
side and ends up wit
configuring
IPSec policies via a GPEdit snapin. It was extremly low level and
obtuse to configure.
OpenSWAN was forked into LibreSWAN and FreeSWAN is now called StrongSWAN.
Anyway, part of the IKEv2 standard is to offer support for mobile and
multihomed users (MOBIKE).
Hum. I've not payed
AN was forked into LibreSWAN and FreeSWAN is now called StrongSWAN.
Anyway, part of the IKEv2 standard is to offer support for mobile and
multihomed users (MOBIKE).
Although IKE operates in userspace, the IPSec stack is in kernelspace and its
performance superior to userspace VPN technologies. A
> > init scripts themselves.
>
> Unfortunately I can't test this anymore, but looking at the
> documentation this _should_ work.
>
> Thanks!
>
> --
> Regards,
> Christoph
I recall noticing a somewhat similar behaviour with the ipsec service of
strongswan. In pa
for 0.5.2:
Fix Phase 2 rekeying, by various authors
I don't know whether this is along your statement above.
So it seems not to be completely fixed. The homepage is not updated the last 7
years.
BTW, have you tried more actively developed VPN software like strongswan
(it has a networkmanager
implementations of IKE/IPSec VPNs. For the latter I recommend StrongSwan
which has extensive documentation and example configurations.
Saying all this, I would still stick with ftps/filezilla and get the users
trained. When things don't work troubleshooting ought to be simpler. ;-)
--
Regards
consider using a
different tunnel method. A network layer VPN, like IPSec (you can use
StrongSwan which also offers IKEv2 and MOBIKE for your laptop, or ipsec-tools
with racoon for IKEv1 only) should work without such problems. You will be
tunnelling tcp in udp packets. If you tunnel to your
consider using a
different tunnel method. A network layer VPN, like IPSec (you can use
StrongSwan which also offers IKEv2 and MOBIKE for your laptop, or ipsec-tools
with racoon for IKEv1 only) should work without such problems. You will be
tunnelling tcp in udp packets. If you tunnel to your
, but I don't know if this
includes any necessary patches. You could check the changelog.
BTW, have you tried more actively developed VPN software like strongswan (it
has a networkmanager plugin) or even ipsec-tools instead of vpnc, to see if
you're getting the same problem? I think
$ADST proto esp reqid $AID mode transport # d in policy
-->8--
This is working and does enable IPsec /transport/ /mode/ between
$LeftHost and $RightHost. But it's completely manual at the moment.
I'm curious if you have any comments on "ip xfrm".
- strongSwan / Libraswan /
VPN IP
allocated by the remote VPN gateway, e.g. $SOME_COMPANY_IP_1, via the VPN
tunnel (tun0) to the remote company's LAN.
2. Route for all other connections, outside the VPN tunnel:
A second route is typically the default route of the PC for all other
connections and it is used to route datagr
lco is wanting to do.
Some VPN clients add a new routing policy rule table (e.g. strongswan),
but others (e.g. racoon) add routes for the VPN tunnel in the main
routing policy rule table.
I was not aware that any VPNs used alternate routing tables and rules to
use them. But that does m
there like strongswan, but
would really like to learn to do it using the vanilla racoon and kernel set up
first rather than apply another layer of software to it.
Could some kind soul give me a nudge in troubleshooting this?
On the home router I have:
public IP: 123.456.78.9
LAN: 10.10.10.0/24
configuration
of
racoon is not working. There are other apps out there like strongswan, but
would really like to learn to do it using the vanilla racoon and kernel set up
first rather than apply another layer of software to it.
Could some kind soul give me a nudge in troubleshooting
39 matches
Mail list logo