Re: Connecting to L2TP over IPsec VPN on OpenBSD 6.1 with Ubuntu 16.04

On 2018-09-07, Alexander Skwar wrote: > Hello > > We use a L2TP over IPsec VPN running on OpenBSD 6.1, which was setup > by prior sysadmins. They are no longer at the company. > > Now a user running Ubuntu 16.04 + Gnome tries to connect to the VPN. > The VPN client (on Linux

Connecting to L2TP over IPsec VPN on OpenBSD 6.1 with Ubuntu 16.04

Hello We use a L2TP over IPsec VPN running on OpenBSD 6.1, which was setup by prior sysadmins. They are no longer at the company. Now a user running Ubuntu 16.04 + Gnome tries to connect to the VPN. The VPN client (on Linux side) was configured with NetworkManager. The connection fails. In /var

Re: L2TP/IPsec VPN server: trying to force HMAC_SHA in phase 2, but isakmpd keeps offering HMAC_SHA2_256?

Hi Philipp, Thank you - this was exactly what I was missing. I have now gotten it to work by excluding hmac-sha2-256 (and therefore falling back to hmac-sha1), which strongly suggests my Nexus 6P (all patched) doesn't implement hmac-sha2-256 correctly. The irony is that the manpage of

Re: L2TP/IPsec VPN server: trying to force HMAC_SHA in phase 2, but isakmpd keeps offering HMAC_SHA2_256?

Am 19.03.2017 15:36 schrieb Jurjen Oskam: So, to validate that I'm indeed hitting this bug (and also as a workaround) I tried to set up the OpenBSD side to not use SHA2. I haven't been able to get this running yet: isakmpd always seems to offer HMAC_SHA2_256. It's not offering that - but

L2TP/IPsec VPN server: trying to force HMAC_SHA in phase 2, but isakmpd keeps offering HMAC_SHA2_256?

Hi, I'm trying to set up my OpenBSD 6.0 box as an L2TP/IPsec server for my Android phone to connect to. It appears that recent Android versions have a bug that can prevent it to successfully use HMAC_SHA2_256 for its built-in L2TP/IPsec VPN client. (Whether the bug occurs seems to depend

Re: How to configure OpenBSD L2TP/IPSEC VPN to work with Windows 10?

*** Sent: Thursday, August 4, 2016 1:57 PM To: Sebastian Wain <sebastian.w...@nektra.com> Cc: OpenBSD misc <misc@openbsd.org> Subject: Re: How to configure OpenBSD L2TP/IPSEC VPN to work with Windows 10? ike passive esp transport proto udp from egress to 0.0.0.0/0 port 1701 \ ma

Re: How to configure OpenBSD L2TP/IPSEC VPN to work with Windows 10?

> > Thanks, > Sebastian > > -Original Message- > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of > R0me0 *** > Sent: Thursday, August 4, 2016 1:57 PM > To: Sebastian Wain <sebastian.w...@nektra.com> > Cc: OpenBSD misc <misc@openb

Re: How to configure OpenBSD L2TP/IPSEC VPN to work with Windows 10?

ike passive esp transport proto udp from egress to 0.0.0.0/0 port 1701 \ main auth hmac-sha1 enc 3des group modp2048 \ quick auth hmac-sha1 enc 3des psk "YOURSECRET" You are welcome (: 2016-08-04 13:15 GMT-03:00 Sebastian Wain : > I can't figure out

How to configure OpenBSD L2TP/IPSEC VPN to work with Windows 10?

I can't figure out how to make an OpenBSD VPN work. I followed the guide at [1] to set up a VPN, modified the network interface there to tun0 instead of pppoe0, and didn't configure the pf.conf. When I tried to connect from Win10 using the "L2TP/IPsec with pre-shared key" VPN type I see the issues

Android 4.4 and L2TP/IPSEC VPN

Hi, I'm wondering if anyone has had any experience with VPN and Android 4.4?? I used to use OpenVPN with versions 4.1 through 4.3 however, 4.4 apparently broke the tun interface so the app doesn't work now. As I need vpn access I configured ipsec and npppd however, I keep getting these errors

Re: IPSec VPN with iked (8)

There is a post of my findings in the archives. Android 2.3 worked fine with iked and npppd

IPSec VPN with iked (8)

Hello, I am new to the concept of IPSec VPNs and although there are many tutorials to set one up with isakmp (8), I find there is less resources on setting up one with the newer iked. Can someone give me the main steps required to set up an IPSec VPN with iked? I understand this is still under

Re: IPSec VPN with iked (8)

to set up an IPSec VPN with iked? I understand this is still under development, but what are its limitations? Would it work with Android phones and Windows 8.1? I generated some keys using the examples in the iked presentation, I wrote a very simple and nonrestrictive iked.conf and launched iked

Re: IPSec VPN with iked (8)

On Mon, Nov 25, 2013 at 1:21 PM, Stuart Henderson s...@spacehopper.orgwrote: For Android phones the standard way to do VPNs is l2tp-over-ipsec (IKE). You can do this with npppd and isakmpd (iked is for IKEv2 which is not compatible with IKE). Apparently someone made an Android app to support

routing to IPsec VPN with dummy lo1 broken

Hi, My IPsec roadwarrior setup on my laptop broke with one of the latest snapshots because some outgoing connections are routed wrongly with a source ip of 127.0.0.1. On the roadwarrior laptop I use a dummy lo1 interface to which I assign the internal VPN IP of the laptop. wlan has the

Re: routing to IPsec VPN with dummy lo1 broken

On Tue, 2 Jul 2013 10:26:40 +0200 Christopher Zimmermann chr...@openbsd.org wrote: Hi, My IPsec roadwarrior setup on my laptop broke with one of the latest snapshots because some outgoing connections are routed wrongly with a source ip of 127.0.0.1. I was wrong in assuming a recent change

Re: routing to IPsec VPN with dummy lo1 broken

On Tue, 2 Jul 2013 10:26:40 +0200 Christopher Zimmermann chr...@openbsd.org wrote: Hi, My IPsec roadwarrior setup on my laptop broke with one of the latest snapshots because some outgoing connections are routed wrongly with a source ip of 127.0.0.1. I found the according line in the

External IP address not to go through IPSec VPN

Hi, I have setted up a simple IPSec VPN using the following instructions: http://www.symantec.com/connect/articles/zero-ipsec-4-minutes and have noticed that not only my internal networks get routed through the VPN but also the external IP address of both firewalls. I would like the external

Re: IPSEC VPN performance

On Mon, Oct 1, 2012 at 5:55 PM, Russell Garrison russell.garri...@gmail.com wrote: Is iPerf running threaded? What about dd to null and a loopback listener? Beware: only -current (since Tue Sep 25) net/iperf port has threading enabled. ciao, David

Re: IPSEC VPN performance

On 2 October 2012 08:57, David Coppa dco...@gmail.com wrote: On Mon, Oct 1, 2012 at 5:55 PM, Russell Garrison russell.garri...@gmail.com wrote: Is iPerf running threaded? What about dd to null and a loopback listener? Beware: only -current (since Tue Sep 25) net/iperf port has threading

Re: IPSEC VPN performance

On Tue, Oct 02, 2012 at 09:59:05AM +0200, Christiano F. Haesbaert wrote: Why not using tcpbench where you can actually specify the parameters and know what is going on :). Play with buffer sizes and you'll see a big difference, using -u will give you the actual PPS. I agree with this.

Re: IPSEC VPN performance

On Tue, Oct 2, 2012 at 9:59 AM, Christiano F. Haesbaert haesba...@haesbaert.org wrote: Why not using tcpbench where you can actually specify the parameters and know what is going on :). Play with buffer sizes and you'll see a big difference, using -u will give you the actual PPS. I agree, I

Re: IPSEC VPN performance

I just reran the test again. I still receive about 600Mbps using iPerf however using client # dd if=/dev/zero bs=1000 count=100 | nc -v 172.16.2.2 12345 server # nc -v -l 12345 /dev/null I get numbers around 350Mbps. I tend to think iPerf is more reliable in this situation. Any ideas

Re: IPSEC VPN performance

On Mon, Oct 01, 2012 at 11:20:06AM -0400, Jim Miller wrote: I just reran the test again. I still receive about 600Mbps using iPerf however using client # dd if=/dev/zero bs=1000 count=100 | nc -v 172.16.2.2 12345 server # nc -v -l 12345 /dev/null I get numbers around 350Mbps.

Re: IPSEC VPN performance

Perhaps the pipe size causes degradations, I seem to recall getting better results on benchmarks without pipes. Den 1 okt 2012 18:07 skrev Otto Moerbeek o...@drijf.net: On Mon, Oct 01, 2012 at 11:20:06AM -0400, Jim Miller wrote: I just reran the test again. I still receive about 600Mbps

Re: IPSEC VPN performance

Thus said Jim Miller on Mon, 01 Oct 2012 11:20:06 EDT: # dd if=/dev/zero bs=1000 count=100 | nc -v 172.16.2.2 12345 What if you try a different bs? $ dd if=/dev/zero bs=1000 count=100 /dev/null 100+0 records in 100+0 records out 10 bytes transferred in 1.102 secs

Re: IPSEC VPN performance

On Thu, Sep 27, 2012 at 05:30:38PM -0400, Jim Miller wrote: Hi, I'm trying to determine if the performance I'm seeing between two OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize there are quite a few variables to consider and I'm sure I've not toggled each one but I

Re: IPSEC VPN performance

On Thu, Sep 27, 2012 at 11:30 PM, Jim Miller jmil...@sri-inc.com wrote: Hi, I'm trying to determine if the performance I'm seeing between two OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize there are quite a few variables to consider and I'm sure I've not toggled each

Re: IPSEC VPN performance

On Fri, Sep 28, 2012 at 11:45 AM, Otto Moerbeek o...@drijf.net wrote: On Thu, Sep 27, 2012 at 05:30:38PM -0400, Jim Miller wrote: Hi, I'm trying to determine if the performance I'm seeing between two OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize there are quite

Re: IPSEC VPN performance

On 2012 Sep 27 (Thu) at 17:30:38 -0400 (-0400), Jim Miller wrote: :Hardware Configuration: :- (2) identical SuperMicro systems with quad core E31220 w/ AES-NI enabled : :cpu0: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class) :3.10 GHz :cpu0:

Re: IPSEC VPN performance

AM, Otto Moerbeek o...@drijf.net wrote: On Thu, Sep 27, 2012 at 05:30:38PM -0400, Jim Miller wrote: Hi, I'm trying to determine if the performance I'm seeing between two OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize there are quite a few variables to consider and I'm

Re: IPSEC VPN performance

, Otto Moerbeek o...@drijf.net wrote: On Thu, Sep 27, 2012 at 05:30:38PM -0400, Jim Miller wrote: Hi, I'm trying to determine if the performance I'm seeing between two OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize there are quite a few variables to consider

Re: IPSEC VPN performance

between two OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize there are quite a few variables to consider and I'm sure I've not toggled each one but I could use a sanity check regardless. Question: With the configuration below when I disable ipsec I can route traffic

Re: IPSEC VPN performance

Jim Miller jmil...@sri-inc.com wrote: The test I'm using is this Host A: # nc -v -l 12345 | /dev/null Host B: # dd if=/dev/zero bs=1000 count=1 | nc -v host a 12345 I increased the count a bit: 10 bytes transferred in 53.265 secs (18773882 bytes/sec) That's with AES-256-GCM

Re: IPSEC VPN performance

So I just realized another serious flaw in my testing. I was using a Mac Air w/ USB 100Mb ethernet adapter for one of the hosts behind the OpenBSD VPN devices. And it must have been limiting the speed more than I thought. So using another Mac w/ 1Gb ethernet adapter to a Linux box w/ 1Gb eth I

Re: IPSEC VPN performance

Hi, On 28.9.2012 22:09, Jim Miller wrote: So using another Mac w/ 1Gb ethernet adapter to a Linux box w/ 1Gb eth I was able to achieve approx. 600Mbps performance through the test setup (via iperf and my dd method). 600Mbps via ipsec between two Intel E31220 ?

Re: IPSEC VPN performance

Yes. Let me double check everything again on Monday. Keep in mind that all devices had 1Gb ethernet interfaces and everything was directly cabled. No pf rules either. w/o ipsec I could get 900mbps through the openbsd boxes. Now you've got me thinking I need to recheck everything. -Jim On

Re: IPSEC VPN performance

600Mbps seems about right, I tested a pair of E5649-based boxes to 550Mbps last year (with aes-128-gcm): http://marc.info/?l=openbsd-miscm=134033767126930 You'll probably get slightly more than 600 with with multiple TCP streams. Assuming PF was enabled for your test (the default

IPSEC VPN performance

Hi, I'm trying to determine if the performance I'm seeing between two OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize there are quite a few variables to consider and I'm sure I've not toggled each one but I could use a sanity check regardless. Question

Re: IPSEC newbie looking to replace vpnc with Openbsd built-in IPSEC vpn

On 2012-06-01, Sarah Caswell s.casw...@protocol6.com wrote: Hi all, I am currently using vpnc to connect to a client site (which has an CISCO ASA firewall/vpn endpoint) This setup works, but everytime I use vpnc from my server it breaks other networking, especially the openvpn tunnels I

IPSEC newbie looking to replace vpnc with Openbsd built-in IPSEC vpn

Hi all, I am currently using vpnc to connect to a client site (which has an CISCO ASA firewall/vpn endpoint) This setup works, but everytime I use vpnc from my server it breaks other networking, especially the openvpn tunnels I maintain to other sites. I'd prefer to use the built-in IPSEC

Re: IPSEC newbie looking to replace vpnc with Openbsd built-in IPSEC vpn

.com To: misc@openbsd.org Subject: IPSEC newbie looking to replace vpnc with Openbsd built-in IPSEC vpn Hi all, I am currently using vpnc to connect to a client site (which has an CISCO ASA firewall/vpn endpoint) This setup works, but everytime I use vpnc from my server it breaks other

IPSec VPN dropping packets from time to time

Hi, i've two openbsd firewalls running 1x OpenBSD 4.9 (amd64) in our office 1x OpenBSD 5.0 (amd64) in our co location. we have a vpn set up between both locations via /etc/ipsec.conf isakmpd is setup to not read any konfiguration files: === /etc/rc.conf.local === isakmpd_flags=-4 -K -v ===

Re: IPSec VPN dropping packets from time to time

See -stable fixes to 4.9. Otherwise consider upgrading 4.9-5.0. -Steve S. -Steve S. -Original Message- From: Georg Buschbeck [open...@thomas-daily.de] Received: Tuesday, 20 Dec 2011, 2:35am To: misc@openbsd.org [misc@openbsd.org] Subject: IPSec VPN dropping packets from time to time

ipsec vpn 'colouring'

*hmmm* i did a test using ipsec vpn colouring aka. tagging ipsec.conf offers the option to tag the vpn traffic for further PF filtering using these tags i can instruct PF to use different public NAT addresses (outgoing to internet) for each VPN but when you have overlapping subnets behind the VPNs

Re: ipsec vpn 'colouring'

On Fri, May 27 2011 at 07:16, Oeschger Patrick wrote: *hmmm* *hmmm*, i did a test using ipsec vpn colouring aka. tagging ipsec.conf offers the option to tag the vpn traffic for further PF filtering using these tags i can instruct PF to use different public NAT addresses (outgoing to internet

Routing all traffic through IPSEC VPN

Hello @misc I seem to still be having some problems but I have made progress. The branch office cannot get out to the internet at large which I think may be a NAT problem. At least, when changing the default route on the branch office, I don't lose connectivity to it. On the branch office,

Re: Routing all traffic through IPSEC VPN

Matt S P?P8QP5Q: Hello @misc: I am up against a stumper. I have a Site-to-Site IPSEC VPN working beautifully. However, I would like the remote site to route all of its traffic through the VPN. After googling, I seemed to come up with a suggestion to do a route change -net 0.0.0.0/0

Re: Routing all traffic through IPSEC VPN

On Tue, 2011-04-12 at 19:53 -0700, Matt S wrote: Hello @misc: I am up against a stumper. I have a Site-to-Site IPSEC VPN working beautifully. However, I would like the remote site to route all of its traffic through the VPN. After googling, I seemed to come up with a suggestion

Re: Routing all traffic through IPSEC VPN

against a stumper. I have a Site-to-Site IPSEC VPN working beautifully. However, I would like the remote site to route all of its traffic through the VPN. After googling, I seemed to come up with a suggestion to do a route change -net 0.0.0.0/0 gateway which didn't work well. I

Re: Routing all traffic through IPSEC VPN

On 12 April 2011 23:53, Matt S maschwa...@yahoo.com wrote: Hello @misc: I am up against a stumper. I have a Site-to-Site IPSEC VPN working beautifully. However, I would like the remote site to route all of its traffic through the VPN. After googling, I seemed to come up with a suggestion

Re: Routing all traffic through IPSEC VPN

-to-Site IPSEC VPN working beautifully. However, I would like the remote site to route all of its traffic through the VPN. After googling, I seemed to come up with a suggestion to do a route change -net 0.0.0.0/0 gateway which didn't work well. I think it might have to do with NAT. The main

Re: Routing all traffic through IPSEC VPN

S wrote: Hello @misc: I am up against a stumper. I have a Site-to-Site IPSEC VPN working beautifully. However, I would like the remote site to route all of its traffic through the VPN. After googling, I seemed to come up with a suggestion to do a route change -net 0.0.0.0/0

Re: Routing all traffic through IPSEC VPN

0 - 4 em0 matthew-schwartz.c 52:54:00:27:26:22 UHLc 00 - 4 lo0 BASE-ADDRESS.MCAST localhost URS00 33160 8 lo0 On Tue, 2011-04-12 at 19:53 -0700, Matt S wrote: Hello @misc: I am up against a stumper. I have a Site-to-Site IPSEC

Re: Routing all traffic through IPSEC VPN

matthew-schwartz.c 52:54:00:27:26:22 UHLc 00 - 4 lo0 BASE-ADDRESS.MCAST localhost URS00 33160 8 lo0 On Tue, 2011-04-12 at 19:53 -0700, Matt S wrote: Hello @misc: I am up against a stumper. I have a Site-to-Site IPSEC VPN working

Routing all traffic through IPSEC VPN

Hello @misc: I am up against a stumper. I have a Site-to-Site IPSEC VPN working beautifully. However, I would like the remote site to route all of its traffic through the VPN. After googling, I seemed to come up with a suggestion to do a route change -net 0.0.0.0/0 gateway which didn't

Re: Force Internet traffic out IPSec VPN

On 2011-04-07, Andrew Klettke aklet...@opticfusion.net wrote: We have a working IPSec VPN between two 4.8 endpoints. One of them is at a remote location, and the other at the main office. The remote location has its own external, routable IP (to establish the VPN), and an internal subnet

Re: Force Internet traffic out IPSec VPN

tunnel on those 2 IP. You could route anything over GRE tunnel. Beware of encapsulation overhead, cause it is tunnel in tunnel. 2. Use OpenVPN instead of IPSec. It is far less painful. I. On Thu, 2011-04-07 at 16:51 -0700, Andrew Klettke wrote: We have a working IPSec VPN between two 4.8 endpoints

Re: Force Internet traffic out IPSec VPN

IPSec and then build GRE tunnel on those 2 IP. You could route anything over GRE tunnel. Beware of encapsulation overhead, cause it is tunnel in tunnel. 2. Use OpenVPN instead of IPSec. It is far less painful. I. On Thu, 2011-04-07 at 16:51 -0700, Andrew Klettke wrote: We have a working IPSec

Force Internet traffic out IPSec VPN

We have a working IPSec VPN between two 4.8 endpoints. One of them is at a remote location, and the other at the main office. The remote location has its own external, routable IP (to establish the VPN), and an internal subnet behind it. The main office has its own external IP, though which

Re: ipsec vpn unexpected flow

On 2010/11/27 23:47, Andrea Parazzini wrote: On Fri, 26 Nov 2010 12:58:09 + (UTC), Stuart Henderson s...@spacehopper.org wrote: isakmpd.policy(5), and have some aspirin ready for the inevitable headache. Stuart is right. I tried to play with isakmpd.policy and it's rather

Re: ipsec vpn unexpected flow

On Thu, 11/25/10, Andrea Parazzini a.parazz...@sirtisistemi.net wrote: Hi, we have a vpn connection with a customer. The remote peer is not under our management. Our box is an OpenBSD 4.7 i386. We have configured the vpn as follows: /etc/rc.conf.local ipsec=YES isakmpd_flags=-K -v

Re: ipsec vpn unexpected flow

than you realize -damon --- On Thu, 11/25/10, Andrea Parazzini a.parazz...@sirtisistemi.net wrote: From: Andrea Parazzini a.parazz...@sirtisistemi.net Subject: ipsec vpn unexpected flow To: misc@openbsd.org Date: Thursday, November 25, 2010, 2:40 PM Hi, we have a vpn connection

Re: ipsec vpn unexpected flow

On 2010-11-25, Andrea Parazzini a.parazz...@sirtisistemi.net wrote: As you can see there is a flow that is not configured on our box. It is probably configured on the remote peer. Is a normal behavior? Yes. This is especially fun when you end up accidentally routing all traffic from a

Re: ipsec vpn unexpected flow

On Fri, 26 Nov 2010 12:58:09 + (UTC), Stuart Henderson s...@spacehopper.org wrote: On 2010-11-25, Andrea Parazzini a.parazz...@sirtisistemi.net wrote: As you can see there is a flow that is not configured on our box. It is probably configured on the remote peer. Is a normal behavior?

ipsec vpn unexpected flow

Hi, we have a vpn connection with a customer. The remote peer is not under our management. Our box is an OpenBSD 4.7 i386. We have configured the vpn as follows: /etc/rc.conf.local ipsec=YES isakmpd_flags=-K -v /etc/ipsec.conf ike active esp tunnel \ from 10.1.0.0/16 (0.0.0.0/0) to

Re: ipsec vpn unexpected flow

...@sirtisistemi.net Subject: ipsec vpn unexpected flow To: misc@openbsd.org Date: Thursday, November 25, 2010, 2:40 PM Hi, we have a vpn connection with a customer. The remote peer is not under our management. Our box is an OpenBSD 4.7 i386. We have configured the vpn as follows: /etc/rc.conf.local ipsec=YES

Re: ipsec vpn unexpected flow

traffic in the tunnel?3. is nat allowed in the tunnel? 4. you may have let in more networks than you realize -damon --- On Thu, 11/25/10, Andrea Parazzini a.parazz...@sirtisistemi.net wrote: From: Andrea Parazzini a.parazz...@sirtisistemi.net Subject: ipsec vpn unexpected flow To: misc

Re: ipsec vpn unexpected flow

wrote: From: Andrea Parazzini a.parazz...@sirtisistemi.net Subject: ipsec vpn unexpected flow To: misc@openbsd.org Date: Thursday, November 25, 2010, 2:40 PM Hi, we have a vpn connection with a customer. The remote peer is not under our management. Our box is an OpenBSD 4.7

IPSEC VPN

1.- IPSEC VPN Load Balancer connections it's make that posible ? 2.- somebody have benchmark or something to reference CPU consuption of vpn tunel -- Jorge Andris Medina Oliva.

IPSEC VPN

Hello I am wondering if anyone whom uses OpenBSD as an IPSEC VPN concentrator could provide an example configuration. I am planning on using OpenBSD 4.7 to achieve this and I need to be able to support multiple road warrior users who will have dynamic IP addresses. If possible, I would also

test : ipsec vpn and mac road warrior

Hi, I ve done theses tests : inter...@work (OpenBSD PF)(ip fixe) (dynamic ip) Home (A mac) I mounted vpn on mac to Work with third software : VPN Tracker VPN is OK, i can ping my openbsd gateway and ping my Windows 7 Workstation. But i cant access any ressource except pings. Why ? Enc0 is

IPSec VPN and tunnel mode routing

Dear all, I find no explicit mention of how to encapsulate and decapsulate IPsec protected packets in tunnel mode. Are we supposed to use gre0 or gif0 interface to add routes? I am able to create SAs using automatic keying with isakmpd and 1 line in ipsec.conf. But I am unable to connect two

Re: IPSec VPN and tunnel mode routing

Dear all, I find no explicit mention of how to encapsulate and decapsulate IPsec protected packets in tunnel mode. Are we supposed to use gre0 or gif0 interface to add routes? I am able to create SAs using automatic keying with isakmpd and 1 line in ipsec.conf. But I am unable to

Re: IPSec VPN and tunnel mode routing

On 2010-03-30, Girish Venkatachalam girishvenkatacha...@gmail.com wrote: Dear all, I find no explicit mention of how to encapsulate and decapsulate IPsec protected packets in tunnel mode. Are we supposed to use gre0 or gif0 interface to add routes? I am able to create SAs using automatic

Re: IPSec VPN and tunnel mode routing

describe your configuration, the output from the relevant commands (e.g. sudo ipsecctl -sa, netstat -n), what if any changes you've made to PF rules to accommodate the vpn, how you're testing, etc, perhaps someone can help. I always thought that pf should have nothing to do with IPsec VPN

IPSEC VPN and NAT

It works, i remove my enc0 from set skip on {lo enc0 } like told Mitja. Thank's to Mitja.

Ipsec VPN and NAT

I'm trying to do vpn ipsec with nat. (I can do fully some test @ work with have sdsl with 5 ip address) To resume i want to do ipsec vpn between Site A (192.168.0.0/24) and Site B (192.168.0.0/24). They have same network address. So i ve done done with this good article : http://undeadly.org/cgi

Re: Ipsec VPN and NAT

Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of open...@e-solutions.re Sent: Friday, March 12, 2010 4:34 PM To: misc@openbsd.org Subject: Ipsec VPN and NAT I'm trying to do vpn ipsec with nat. (I can do fully some test @ work with have sdsl with 5 ip

Ipsec vpn and nat

Hello, we have to connect factory using ipsec vpn and nat. The factory server (windows 2003) will send his backup to our NAS using FTP,so : Site A and Site B (factory) Site A , OpenBSD 4.5 -RELEASE, used like firewall (and ftpproxy) Ip address (provided by IAP): 11.11.11.11(Egress), IP

OpenBSD Road Warrior connecting to L2TP/IPSec VPN?

Hell All, I am trying to connect to my University's VPN System, with little luck, I am not sure how to even begin, though I have found Undeadly articles on IPSec in Under 4 Minutes, as well as some various tutorials and documents on connecting OpenBSD Servers to other Servers and gateways. I

Re: OpenBSD Road Warrior connecting to L2TP/IPSec VPN?

-Urspr|ngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Aaron W. Hsu Gesendet: Montag, 22. September 2008 20:04 An: misc@openbsd.org Betreff: OpenBSD Road Warrior connecting to L2TP/IPSec VPN? Hell All, I am trying to connect to my University's

Re: IPSEC VPN between OpenBSD and Linux (OpenSwan)

This config works for me: OpenBSD 4.3 as GW and Debian Linux with OpenSWAN as client, and the package ike is installed under Linux, too. OpenBSD: ike esp from any to 172.16.1.98 quick auth hmac-sha1 enc aes group modp1024 psk IMTEHLINUXCLIENT Linux: /etc/ipsec.conf version 2.0 cono,
g setup

Re: IPSEC VPN between OpenBSD and Linux (OpenSwan)

Dirk Mast wrote: This config works for me: Hi, OpenBSD 4.3 as GW and Debian Linux with OpenSWAN as client, and the package ike is installed under Linux, too. The openswan package is not sufficient to get a working IPsec between Linux and OpenBSD ? OpenBSD: ike esp from any to

Re: IPSEC VPN between OpenBSD and Linux (OpenSwan)

Laurent CARON wrote: Dirk Mast wrote: This config works for me: Hi, OpenBSD 4.3 as GW and Debian Linux with OpenSWAN as client, and the package ike is installed under Linux, too. The openswan package is not sufficient to get a working IPsec between Linux and OpenBSD ? OpenBSD:

Re: IPSEC VPN between OpenBSD and Linux (OpenSwan)

Dirk Mast wrote: Linux /etc/ipsec.conf: version 2.0 config setup ... (snip) Hi, I finally managed to get it up and working (without IKE). OpenBSD: /etc/ipsec.conf: ike esp from 10.50.0.0/24 to 192.168.9.0/24 peer PUBLIC_LINUX quick \ auth hmac-sha1 enc aes group modp1024 psk

IPSEC VPN between OpenBSD and Linux (OpenSwan)

Hi, I'm basically trying to setup a VPN between a linux box (debian) and an OpenBSD one. I'd like to use a PSK for that VPN. Here are the config files: Linux box: conn jak-ha left=PUBLICIP_OF_LINUX_BOX leftsubnet=192.168.9.0/24 right=PUBLIC_IP_OF_BSD_BOX

Re: IPSEC VPN between OpenBSD and Linux (OpenSwan)

Hi! I'm basically trying to setup a VPN between a linux box (debian) and an OpenBSD one. I am not a seasoned IPSec user but i tried out couple of configurations and one of them was Debian with Racoon and OpenBSD's native isakmpd. I based my experimentation on article which is about

Re: IPSEC VPN between OpenBSD and Linux (OpenSwan)

It may also be worth noting that Debian has OpenBSD's isakmpd packaged, 'apt-get install isakmpd'. I've had success using isakmpd on Debian to create VPN's between OpenBSD and Debian gateways. John On Mon, Aug 25, 2008 at 03:52:42PM +0300, Imre Oolberg wrote: Hi! I'm basically trying to

Re: IPSEC VPN between OpenBSD and Linux (OpenSwan)

John Jackson wrote: It may also be worth noting that Debian has OpenBSD's isakmpd packaged, 'apt-get install isakmpd'. I've had success using isakmpd on Debian to create VPN's between OpenBSD and Debian gateways. Since i'm using OpenSwan on 99% of my servers, i'd like to be able to integrate

Re: IPSEC VPN between OpenBSD and Linux (OpenSwan)

John Jackson wrote: It may also be worth noting that Debian has OpenBSD's isakmpd packaged, 'apt-get install isakmpd'. I've had success using isakmpd on Debian to create VPN's between OpenBSD and Debian gateways. Here is where I'm now: Openswan's side: conn lncjakarta-lncha

Re: IPSEC VPN between OpenBSD and Linux (OpenSwan)

On Mon, Aug 25, 2008 at 09:50:08PM +0200, Laurent CARON wrote: John Jackson wrote: It may also be worth noting that Debian has OpenBSD's isakmpd packaged, 'apt-get install isakmpd'. I've had success using isakmpd on Debian to create VPN's between OpenBSD and Debian gateways. Here is

Re: ipsec vpn problem

On Fri, Aug 22, 2008 at 03:11:16PM +0200, Claus Larsen wrote: Well I did get a bit futher with the problem, it seems it was cause by a firewall blocking some of the traffic. So new problem now. Using the Greenbow vpn client. It says Phase 2 algoritm problem. From the isakmpd output I

ipsec vpn problem

Have a problem getting a vpn tunnel up between a zyxel vpn gw and my openbsd 4.3 system. /etc/ipsec.conf ike passive from any to any \ main auth hmac-sha1 enc 3des group modp1024 \ quick auth hmac-sha1 enc 3des group none \ psk openbsdrules Below follows output from cmd: isakmpd -d -DA=99 -K

Re: Site-to-site IPSec VPN between OpenBSD and Cisco PIX 515E

: Re: Site-to-site IPSec VPN between OpenBSD and Cisco PIX 515E From which machine do I have to do ping -I A.B.C.D E.F.G.H pf has default config and allows everything forwarding is enabled What does netstat -rn -f encap look like? ~bas Christoph Leser wrote: you could try ping -I A.B.C.D

ipsec vpn netgear DG834 : openbsd 4.2 (SOLVED !)

So by the way .. the problem was link with pf.conf.. In fact there is something i did not put on my last mail, it is the fact i'am using TWO adsl pppoe link on the same PC. i'm doing load balancing for the web access it's working like a charm So there is TWO tun interfaces : tun0 link

ipsec vpn netgear DG834 : openbsd 4.2 (new thread)

New thread .. after some new test.. And stiill the same ... shit ! Here is the LAn/WAn network 192.168.0/24(lan)--Netgear DG 834 (adsl + NAT + ipsec +ip fix A) | ---WEB---

Re: ipsec vpn netgear DG834 : openbsd 4.2 (new thread)

) Once we know whether the packets really leave openBSD, we can do further analysis. -Urspr|ngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von jcr Gesendet: Dienstag, 27. November 2007 12:10 An: misc@openbsd.org Betreff: ipsec vpn netgear DG834 : openbsd

Re: ipsec vpn netgear DG834 : openbsd 4.2 (new thread)

Gesendet: Dienstag, 27. November 2007 12:10 An: misc@openbsd.org Betreff: ipsec vpn netgear DG834 : openbsd 4.2 (new thread) New thread .. after some new test.. And stiill the same ... shit ! Here is the LAn/WAn network 192.168.0/24(lan)--Netgear DG 834 (adsl + NAT + ipsec +ip fix

ipsec vpn openbsd 4.2 / netgear DG834

Ok . here i go i have red the misc list upside/down and right to left , but i can't find a solution to my problhme Here is the LAn/WAn network 192.168.0/24(lan)--Netgear DG 834 (adsl + NAT + ipsec +ip fix A) |

  1   2   >