On 2018-09-07, Alexander Skwar wrote:
> Hello
>
> We use a L2TP over IPsec VPN running on OpenBSD 6.1, which was setup
> by prior sysadmins. They are no longer at the company.
>
> Now a user running Ubuntu 16.04 + Gnome tries to connect to the VPN.
> The VPN client (on Linux
Hello
We use a L2TP over IPsec VPN running on OpenBSD 6.1, which was setup
by prior sysadmins. They are no longer at the company.
Now a user running Ubuntu 16.04 + Gnome tries to connect to the VPN.
The VPN client (on Linux side) was configured with NetworkManager.
The connection fails. In /var
Hi Philipp,
Thank you - this was exactly what I was missing. I have now gotten it to
work by excluding hmac-sha2-256 (and therefore falling back to hmac-sha1),
which strongly suggests my Nexus 6P (all patched) doesn't implement
hmac-sha2-256 correctly.
The irony is that the manpage of
Am 19.03.2017 15:36 schrieb Jurjen Oskam:
So, to validate that I'm indeed hitting this bug (and also as a
workaround)
I tried to set up the OpenBSD side to not use SHA2. I haven't been able
to
get this running yet: isakmpd always seems to offer HMAC_SHA2_256.
It's not offering that - but
Hi,
I'm trying to set up my OpenBSD 6.0 box as an L2TP/IPsec server for my
Android phone to connect to. It appears that recent Android versions have a
bug that can prevent it to successfully use HMAC_SHA2_256 for its built-in
L2TP/IPsec VPN client. (Whether the bug occurs seems to depend
***
Sent: Thursday, August 4, 2016 1:57 PM
To: Sebastian Wain <sebastian.w...@nektra.com>
Cc: OpenBSD misc <misc@openbsd.org>
Subject: Re: How to configure OpenBSD L2TP/IPSEC VPN to work with Windows
10?
ike passive esp transport proto udp from egress to 0.0.0.0/0 port 1701 \
ma
>
> Thanks,
> Sebastian
>
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> R0me0 ***
> Sent: Thursday, August 4, 2016 1:57 PM
> To: Sebastian Wain <sebastian.w...@nektra.com>
> Cc: OpenBSD misc <misc@openb
ike passive esp transport proto udp from egress to 0.0.0.0/0 port 1701 \
main auth hmac-sha1 enc 3des group modp2048 \
quick auth hmac-sha1 enc 3des psk "YOURSECRET"
You are welcome
(:
2016-08-04 13:15 GMT-03:00 Sebastian Wain :
> I can't figure out
I can't figure out how to make an OpenBSD VPN work. I followed the guide at
[1] to set up
a VPN, modified the network interface there to tun0 instead of pppoe0, and
didn't
configure the pf.conf. When I tried to connect from Win10 using the
"L2TP/IPsec with pre-shared key" VPN type I see the issues
Hi,
I'm wondering if anyone has had any experience with VPN and Android 4.4??
I used to use OpenVPN with versions 4.1 through 4.3 however, 4.4
apparently broke the tun interface so the app doesn't work now.
As I need vpn access I configured ipsec and npppd however, I keep
getting these errors
There is a post of my findings in the archives. Android 2.3 worked fine
with iked and npppd
Hello,
I am new to the concept of IPSec VPNs and although there are many tutorials
to set one up with isakmp (8), I find there is less resources on setting up
one with the newer iked.
Can someone give me the main steps required to set up an IPSec VPN with
iked? I understand this is still under
to set up an IPSec VPN with
iked? I understand this is still under development, but what are its
limitations? Would it work with Android phones and Windows 8.1?
I generated some keys using the examples in the iked presentation, I wrote
a very simple and nonrestrictive iked.conf and launched iked
On Mon, Nov 25, 2013 at 1:21 PM, Stuart Henderson s...@spacehopper.orgwrote:
For Android phones the standard way to do VPNs is l2tp-over-ipsec (IKE).
You can do this with npppd and isakmpd (iked is for IKEv2 which is not
compatible with IKE).
Apparently someone made an Android app to support
Hi,
My IPsec roadwarrior setup on my laptop broke with one of the latest
snapshots because some outgoing connections are routed wrongly with a
source ip of 127.0.0.1.
On the roadwarrior laptop I use a dummy lo1 interface to which I assign
the internal VPN IP of the laptop.
wlan has the
On Tue, 2 Jul 2013 10:26:40 +0200
Christopher Zimmermann chr...@openbsd.org wrote:
Hi,
My IPsec roadwarrior setup on my laptop broke with one of the latest
snapshots because some outgoing connections are routed wrongly with a
source ip of 127.0.0.1.
I was wrong in assuming a recent change
On Tue, 2 Jul 2013 10:26:40 +0200
Christopher Zimmermann chr...@openbsd.org wrote:
Hi,
My IPsec roadwarrior setup on my laptop broke with one of the latest
snapshots because some outgoing connections are routed wrongly with a
source ip of 127.0.0.1.
I found the according line in the
Hi,
I have setted up a simple IPSec VPN using the following instructions:
http://www.symantec.com/connect/articles/zero-ipsec-4-minutes
and have noticed that not only my internal networks get routed through the VPN
but also the external IP address of both firewalls. I would like the external
On Mon, Oct 1, 2012 at 5:55 PM, Russell Garrison
russell.garri...@gmail.com wrote:
Is iPerf running threaded? What about dd to null and a loopback listener?
Beware: only -current (since Tue Sep 25) net/iperf port has threading enabled.
ciao,
David
On 2 October 2012 08:57, David Coppa dco...@gmail.com wrote:
On Mon, Oct 1, 2012 at 5:55 PM, Russell Garrison
russell.garri...@gmail.com wrote:
Is iPerf running threaded? What about dd to null and a loopback listener?
Beware: only -current (since Tue Sep 25) net/iperf port has threading
On Tue, Oct 02, 2012 at 09:59:05AM +0200, Christiano F. Haesbaert wrote:
Why not using tcpbench where you can actually specify the parameters
and know what is going on :).
Play with buffer sizes and you'll see a big difference, using -u will
give you the actual PPS.
I agree with this.
On Tue, Oct 2, 2012 at 9:59 AM, Christiano F. Haesbaert
haesba...@haesbaert.org wrote:
Why not using tcpbench where you can actually specify the parameters
and know what is going on :).
Play with buffer sizes and you'll see a big difference, using -u will
give you the actual PPS.
I agree, I
I just reran the test again. I still receive about 600Mbps using iPerf
however using
client
# dd if=/dev/zero bs=1000 count=100 | nc -v 172.16.2.2 12345
server
# nc -v -l 12345 /dev/null
I get numbers around 350Mbps. I tend to think iPerf is more reliable in
this situation.
Any ideas
On Mon, Oct 01, 2012 at 11:20:06AM -0400, Jim Miller wrote:
I just reran the test again. I still receive about 600Mbps using iPerf
however using
client
# dd if=/dev/zero bs=1000 count=100 | nc -v 172.16.2.2 12345
server
# nc -v -l 12345 /dev/null
I get numbers around 350Mbps.
Perhaps the pipe size causes degradations, I seem to recall getting better
results on benchmarks without pipes.
Den 1 okt 2012 18:07 skrev Otto Moerbeek o...@drijf.net:
On Mon, Oct 01, 2012 at 11:20:06AM -0400, Jim Miller wrote:
I just reran the test again. I still receive about 600Mbps
Thus said Jim Miller on Mon, 01 Oct 2012 11:20:06 EDT:
# dd if=/dev/zero bs=1000 count=100 | nc -v 172.16.2.2 12345
What if you try a different bs?
$ dd if=/dev/zero bs=1000 count=100 /dev/null
100+0 records in
100+0 records out
10 bytes transferred in 1.102 secs
On Thu, Sep 27, 2012 at 05:30:38PM -0400, Jim Miller wrote:
Hi,
I'm trying to determine if the performance I'm seeing between two
OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize
there are quite a few variables to consider and I'm sure I've not
toggled each one but I
On Thu, Sep 27, 2012 at 11:30 PM, Jim Miller jmil...@sri-inc.com wrote:
Hi,
I'm trying to determine if the performance I'm seeing between two
OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize
there are quite a few variables to consider and I'm sure I've not
toggled each
On Fri, Sep 28, 2012 at 11:45 AM, Otto Moerbeek o...@drijf.net wrote:
On Thu, Sep 27, 2012 at 05:30:38PM -0400, Jim Miller wrote:
Hi,
I'm trying to determine if the performance I'm seeing between two
OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize
there are quite
On 2012 Sep 27 (Thu) at 17:30:38 -0400 (-0400), Jim Miller wrote:
:Hardware Configuration:
:- (2) identical SuperMicro systems with quad core E31220 w/ AES-NI enabled
:
:cpu0: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class)
:3.10 GHz
:cpu0:
AM, Otto Moerbeek o...@drijf.net wrote:
On Thu, Sep 27, 2012 at 05:30:38PM -0400, Jim Miller wrote:
Hi,
I'm trying to determine if the performance I'm seeing between two
OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize
there are quite a few variables to consider and I'm
, Otto Moerbeek o...@drijf.net wrote:
On Thu, Sep 27, 2012 at 05:30:38PM -0400, Jim Miller wrote:
Hi,
I'm trying to determine if the performance I'm seeing between two
OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize
there are quite a few variables to consider
between two
OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize
there are quite a few variables to consider and I'm sure I've not
toggled each one but I could use a sanity check regardless.
Question:
With the configuration below when I disable ipsec I can route traffic
Jim Miller jmil...@sri-inc.com wrote:
The test I'm using is this
Host A:
# nc -v -l 12345 | /dev/null
Host B:
# dd if=/dev/zero bs=1000 count=1 | nc -v host a 12345
I increased the count a bit:
10 bytes transferred in 53.265 secs (18773882 bytes/sec)
That's with AES-256-GCM
So I just realized another serious flaw in my testing. I was using a
Mac Air w/ USB 100Mb ethernet adapter for one of the hosts behind the
OpenBSD VPN devices. And it must have been limiting the speed more than
I thought.
So using another Mac w/ 1Gb ethernet adapter to a Linux box w/ 1Gb eth I
Hi,
On 28.9.2012 22:09, Jim Miller wrote:
So using another Mac w/ 1Gb ethernet adapter to a Linux box w/ 1Gb eth I
was able to achieve approx. 600Mbps performance through the test setup
(via iperf and my dd method).
600Mbps via ipsec between two Intel E31220 ?
Yes. Let me double check everything again on Monday. Keep in mind that
all devices had 1Gb ethernet interfaces and everything was directly
cabled. No pf rules either. w/o ipsec I could get 900mbps through the
openbsd boxes.
Now you've got me thinking I need to recheck everything.
-Jim
On
600Mbps seems about right, I tested a pair of E5649-based boxes to
550Mbps last year (with aes-128-gcm):
http://marc.info/?l=openbsd-miscm=134033767126930
You'll probably get slightly more than 600 with with multiple TCP
streams.
Assuming PF was enabled for your test (the default
Hi,
I'm trying to determine if the performance I'm seeing between two
OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize
there are quite a few variables to consider and I'm sure I've not
toggled each one but I could use a sanity check regardless.
Question
On 2012-06-01, Sarah Caswell s.casw...@protocol6.com wrote:
Hi all,
I am currently using vpnc to connect to a client site (which has an CISCO ASA
firewall/vpn endpoint)
This setup works, but everytime I use vpnc from my server it breaks other
networking, especially the openvpn tunnels I
Hi all,
I am currently using vpnc to connect to a client site (which has an CISCO ASA
firewall/vpn endpoint)
This setup works, but everytime I use vpnc from my server it breaks other
networking, especially the openvpn tunnels I maintain to other sites.
I'd prefer to use the built-in IPSEC
.com
To: misc@openbsd.org
Subject: IPSEC newbie looking to replace vpnc with Openbsd built-in IPSEC
vpn
Hi all,
I am currently using vpnc to connect to a client site (which has an CISCO
ASA firewall/vpn endpoint)
This setup works, but everytime I use vpnc from my server it breaks other
Hi,
i've two openbsd firewalls running
1x OpenBSD 4.9 (amd64) in our office
1x OpenBSD 5.0 (amd64) in our co location.
we have a vpn set up between both locations via /etc/ipsec.conf
isakmpd is setup to not read any konfiguration files:
=== /etc/rc.conf.local ===
isakmpd_flags=-4 -K -v
===
See -stable fixes to 4.9. Otherwise consider upgrading 4.9-5.0.
-Steve S.
-Steve S.
-Original Message-
From: Georg Buschbeck [open...@thomas-daily.de]
Received: Tuesday, 20 Dec 2011, 2:35am
To: misc@openbsd.org [misc@openbsd.org]
Subject: IPSec VPN dropping packets from time to time
*hmmm*
i did a test using ipsec vpn colouring aka. tagging
ipsec.conf offers the option to tag the vpn traffic for further PF filtering
using these tags i can instruct PF to use different public NAT addresses
(outgoing to internet) for each VPN
but when you have overlapping subnets behind the VPNs
On Fri, May 27 2011 at 07:16, Oeschger Patrick wrote:
*hmmm*
*hmmm*,
i did a test using ipsec vpn colouring aka. tagging
ipsec.conf offers the option to tag the vpn traffic for further PF filtering
using these tags i can instruct PF to use different public NAT addresses
(outgoing to internet
Hello @misc
I seem to still be having some problems but I have made progress. The branch
office cannot get out to the internet at large which I think may be a NAT
problem. At least, when changing the default route on the branch office, I
don't lose connectivity to it. On the branch office,
Matt S P?P8QP5Q:
Hello @misc:
I am up against a stumper. I have a Site-to-Site IPSEC VPN working beautifully.
However, I would like the remote site to route all of its traffic through the
VPN. After googling, I seemed to come up with a suggestion to do a route change
-net 0.0.0.0/0
On Tue, 2011-04-12 at 19:53 -0700, Matt S wrote:
Hello @misc:
I am up against a stumper. I have a Site-to-Site IPSEC VPN working
beautifully.
However, I would like the remote site to route all of its traffic through
the
VPN. After googling, I seemed to come up with a suggestion
against a stumper. I have a Site-to-Site IPSEC VPN working
beautifully.
However, I would like the remote site to route all of its traffic through
the
VPN. After googling, I seemed to come up with a suggestion to do a route
change
-net 0.0.0.0/0 gateway which didn't work well. I
On 12 April 2011 23:53, Matt S maschwa...@yahoo.com wrote:
Hello @misc:
I am up against a stumper. I have a Site-to-Site IPSEC VPN working
beautifully.
However, I would like the remote site to route all of its traffic through
the
VPN. After googling, I seemed to come up with a suggestion
-to-Site IPSEC VPN working
beautifully.
However, I would like the remote site to route all of its traffic through the
VPN. After googling, I seemed to come up with a suggestion to do a route
change
-net 0.0.0.0/0 gateway which didn't work well. I think it might have to do
with NAT. The main
S wrote:
Hello @misc:
I am up against a stumper. I have a Site-to-Site IPSEC VPN working
beautifully.
However, I would like the remote site to route all of its traffic
through the
VPN. After googling, I seemed to come up with a suggestion to do a
route change
-net 0.0.0.0/0
0 -
4 em0
matthew-schwartz.c 52:54:00:27:26:22 UHLc 00 -
4 lo0
BASE-ADDRESS.MCAST localhost URS00 33160
8 lo0
On Tue, 2011-04-12 at 19:53 -0700, Matt S wrote:
Hello @misc:
I am up against a stumper. I have a Site-to-Site IPSEC
matthew-schwartz.c 52:54:00:27:26:22 UHLc 00 -
4 lo0
BASE-ADDRESS.MCAST localhost URS00 33160
8 lo0
On Tue, 2011-04-12 at 19:53 -0700, Matt S wrote:
Hello @misc:
I am up against a stumper. I have a Site-to-Site IPSEC VPN working
Hello @misc:
I am up against a stumper. I have a Site-to-Site IPSEC VPN working
beautifully.
However, I would like the remote site to route all of its traffic through the
VPN. After googling, I seemed to come up with a suggestion to do a route
change
-net 0.0.0.0/0 gateway which didn't
On 2011-04-07, Andrew Klettke aklet...@opticfusion.net wrote:
We have a working IPSec VPN between two 4.8 endpoints. One of them is at
a remote location, and the other at the main office. The remote location
has its own external, routable IP (to establish the VPN), and an
internal subnet
tunnel on those 2 IP. You could
route anything over GRE tunnel. Beware of encapsulation overhead, cause
it is tunnel in tunnel.
2. Use OpenVPN instead of IPSec. It is far less painful.
I.
On Thu, 2011-04-07 at 16:51 -0700, Andrew Klettke wrote:
We have a working IPSec VPN between two 4.8 endpoints
IPSec and then build GRE tunnel on those 2 IP. You could
route anything over GRE tunnel. Beware of encapsulation overhead, cause
it is tunnel in tunnel.
2. Use OpenVPN instead of IPSec. It is far less painful.
I.
On Thu, 2011-04-07 at 16:51 -0700, Andrew Klettke wrote:
We have a working IPSec
We have a working IPSec VPN between two 4.8 endpoints. One of them is at
a remote location, and the other at the main office. The remote location
has its own external, routable IP (to establish the VPN), and an
internal subnet behind it. The main office has its own external IP,
though which
On 2010/11/27 23:47, Andrea Parazzini wrote:
On Fri, 26 Nov 2010 12:58:09 + (UTC), Stuart Henderson
s...@spacehopper.org wrote:
isakmpd.policy(5), and have some aspirin ready for the inevitable
headache.
Stuart is right.
I tried to play with isakmpd.policy and it's rather
On Thu, 11/25/10, Andrea Parazzini a.parazz...@sirtisistemi.net wrote:
Hi,
we have a vpn connection with a customer.
The remote peer is not under our management.
Our box is an OpenBSD 4.7 i386.
We have configured the vpn as follows:
/etc/rc.conf.local
ipsec=YES
isakmpd_flags=-K -v
than you realize
-damon
--- On Thu, 11/25/10, Andrea Parazzini a.parazz...@sirtisistemi.net
wrote:
From: Andrea Parazzini a.parazz...@sirtisistemi.net
Subject: ipsec vpn unexpected flow
To: misc@openbsd.org
Date: Thursday, November 25, 2010, 2:40 PM
Hi,
we have a vpn connection
On 2010-11-25, Andrea Parazzini a.parazz...@sirtisistemi.net wrote:
As you can see there is a flow that is not configured on our box.
It is probably configured on the remote peer.
Is a normal behavior?
Yes. This is especially fun when you end up accidentally routing
all traffic from a
On Fri, 26 Nov 2010 12:58:09 + (UTC), Stuart Henderson
s...@spacehopper.org wrote:
On 2010-11-25, Andrea Parazzini a.parazz...@sirtisistemi.net wrote:
As you can see there is a flow that is not configured on our box.
It is probably configured on the remote peer.
Is a normal behavior?
Hi,
we have a vpn connection with a customer.
The remote peer is not under our management.
Our box is an OpenBSD 4.7 i386.
We have configured the vpn as follows:
/etc/rc.conf.local
ipsec=YES
isakmpd_flags=-K -v
/etc/ipsec.conf
ike active esp tunnel \
from 10.1.0.0/16 (0.0.0.0/0) to
...@sirtisistemi.net
Subject: ipsec vpn unexpected flow
To: misc@openbsd.org
Date: Thursday, November 25, 2010, 2:40 PM
Hi,
we have a vpn connection with a customer.
The remote peer is not under our management.
Our box is an OpenBSD 4.7 i386.
We have configured the vpn as follows:
/etc/rc.conf.local
ipsec=YES
traffic in
the
tunnel?3. is nat allowed in the tunnel? 4. you may have let in more
networks
than you realize
-damon
--- On Thu, 11/25/10, Andrea Parazzini a.parazz...@sirtisistemi.net
wrote:
From: Andrea Parazzini a.parazz...@sirtisistemi.net
Subject: ipsec vpn unexpected flow
To: misc
wrote:
From: Andrea Parazzini a.parazz...@sirtisistemi.net
Subject: ipsec vpn unexpected flow
To: misc@openbsd.org
Date: Thursday, November 25, 2010, 2:40 PM
Hi,
we have a vpn connection with a customer.
The remote peer is not under our management.
Our box is an OpenBSD 4.7
1.- IPSEC VPN Load Balancer connections it's make that posible ?
2.- somebody have benchmark or something to reference CPU consuption
of vpn tunel
--
Jorge Andris Medina Oliva.
Hello
I am wondering if anyone whom uses OpenBSD as an IPSEC VPN concentrator
could provide an example configuration. I am planning on using OpenBSD 4.7
to achieve this and I need to be able to support multiple road warrior users
who will have dynamic IP addresses. If possible, I would also
Hi,
I ve done theses tests :
inter...@work (OpenBSD PF)(ip fixe) (dynamic ip) Home (A mac)
I mounted vpn on mac to Work with third software : VPN Tracker
VPN is OK, i can ping my openbsd gateway and ping my Windows 7 Workstation.
But i cant access any ressource except pings. Why ? Enc0 is
Dear all,
I find no explicit mention of how to encapsulate and decapsulate IPsec
protected packets in tunnel mode.
Are we supposed to use gre0 or gif0 interface to add routes?
I am able to create SAs using automatic keying with isakmpd and 1 line
in ipsec.conf.
But I am unable to connect two
Dear all,
I find no explicit mention of how to encapsulate and decapsulate IPsec
protected packets in tunnel mode.
Are we supposed to use gre0 or gif0 interface to add routes?
I am able to create SAs using automatic keying with isakmpd and 1 line
in ipsec.conf.
But I am unable to
On 2010-03-30, Girish Venkatachalam girishvenkatacha...@gmail.com wrote:
Dear all,
I find no explicit mention of how to encapsulate and decapsulate IPsec
protected packets in tunnel mode.
Are we supposed to use gre0 or gif0 interface to add routes?
I am able to create SAs using automatic
describe your configuration, the output from the relevant
commands (e.g. sudo ipsecctl -sa, netstat -n), what if any changes
you've made to PF rules to accommodate the vpn, how you're testing,
etc, perhaps someone can help.
I always thought that pf should have nothing to do with IPsec VPN
It works, i remove my enc0 from set skip on {lo enc0 } like told Mitja.
Thank's to Mitja.
I'm trying to do vpn ipsec with nat. (I can do fully some test @ work with
have sdsl with 5 ip address)
To resume i want to do ipsec vpn between Site A (192.168.0.0/24) and Site B
(192.168.0.0/24). They have same network address.
So i ve done done with this good article :
http://undeadly.org/cgi
Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
Of
open...@e-solutions.re
Sent: Friday, March 12, 2010 4:34 PM
To: misc@openbsd.org
Subject: Ipsec VPN and NAT
I'm trying to do vpn ipsec with nat. (I can do fully some test @ work
with
have sdsl with 5 ip
Hello, we have to connect factory using ipsec vpn and nat.
The factory server (windows 2003) will send his backup
to our NAS using FTP,so : Site A and Site B (factory)
Site A , OpenBSD 4.5 -RELEASE, used like firewall (and ftpproxy)
Ip address (provided by IAP): 11.11.11.11(Egress), IP
Hell All,
I am trying to connect to my University's VPN System, with little luck,
I am not sure how to even begin, though I have found Undeadly articles
on IPSec in Under 4 Minutes, as well as some various tutorials and
documents on connecting OpenBSD Servers to other Servers and gateways.
I
-Urspr|ngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Im Auftrag von Aaron W. Hsu
Gesendet: Montag, 22. September 2008 20:04
An: misc@openbsd.org
Betreff: OpenBSD Road Warrior connecting to L2TP/IPSec VPN?
Hell All,
I am trying to connect to my University's
This config works for me:
OpenBSD 4.3 as GW and Debian Linux with OpenSWAN as client, and
the package ike is installed under Linux, too.
OpenBSD:
ike esp from any to 172.16.1.98 quick auth hmac-sha1 enc aes
group modp1024 psk IMTEHLINUXCLIENT
Linux:
/etc/ipsec.conf
version 2.0
cono,g setup
Dirk Mast wrote:
This config works for me:
Hi,
OpenBSD 4.3 as GW and Debian Linux with OpenSWAN as client, and
the package ike is installed under Linux, too.
The openswan package is not sufficient to get a working IPsec between
Linux and OpenBSD ?
OpenBSD:
ike esp from any to
Laurent CARON wrote:
Dirk Mast wrote:
This config works for me:
Hi,
OpenBSD 4.3 as GW and Debian Linux with OpenSWAN as client, and
the package ike is installed under Linux, too.
The openswan package is not sufficient to get a working IPsec between
Linux and OpenBSD ?
OpenBSD:
Dirk Mast wrote:
Linux /etc/ipsec.conf:
version 2.0
config setup
... (snip)
Hi,
I finally managed to get it up and working (without IKE).
OpenBSD:
/etc/ipsec.conf:
ike esp from 10.50.0.0/24 to 192.168.9.0/24 peer PUBLIC_LINUX quick \
auth hmac-sha1 enc aes group modp1024 psk
Hi,
I'm basically trying to setup a VPN between a linux box (debian) and an
OpenBSD one.
I'd like to use a PSK for that VPN.
Here are the config files:
Linux box:
conn jak-ha
left=PUBLICIP_OF_LINUX_BOX
leftsubnet=192.168.9.0/24
right=PUBLIC_IP_OF_BSD_BOX
Hi!
I'm basically trying to setup a VPN between a linux box (debian) and an
OpenBSD one.
I am not a seasoned IPSec user but i tried out couple of configurations
and one of them was Debian with Racoon and OpenBSD's native isakmpd.
I based my experimentation on article which is about
It may also be worth noting that Debian has OpenBSD's isakmpd packaged,
'apt-get install isakmpd'. I've had success using isakmpd on Debian to
create VPN's between OpenBSD and Debian gateways.
John
On Mon, Aug 25, 2008 at 03:52:42PM +0300, Imre Oolberg wrote:
Hi!
I'm basically trying to
John Jackson wrote:
It may also be worth noting that Debian has OpenBSD's isakmpd packaged,
'apt-get install isakmpd'. I've had success using isakmpd on Debian to
create VPN's between OpenBSD and Debian gateways.
Since i'm using OpenSwan on 99% of my servers, i'd like to be able to
integrate
John Jackson wrote:
It may also be worth noting that Debian has OpenBSD's isakmpd packaged,
'apt-get install isakmpd'. I've had success using isakmpd on Debian to
create VPN's between OpenBSD and Debian gateways.
Here is where I'm now:
Openswan's side:
conn lncjakarta-lncha
On Mon, Aug 25, 2008 at 09:50:08PM +0200, Laurent CARON wrote:
John Jackson wrote:
It may also be worth noting that Debian has OpenBSD's isakmpd packaged,
'apt-get install isakmpd'. I've had success using isakmpd on Debian to
create VPN's between OpenBSD and Debian gateways.
Here is
On Fri, Aug 22, 2008 at 03:11:16PM +0200, Claus Larsen wrote:
Well I did get a bit futher with the problem, it seems it was cause by a
firewall blocking some of the traffic.
So new problem now.
Using the Greenbow vpn client.
It says Phase 2 algoritm problem.
From the isakmpd output I
Have a problem getting a vpn tunnel up between a zyxel vpn gw and my openbsd
4.3 system.
/etc/ipsec.conf
ike passive from any to any \
main auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc 3des group none \
psk openbsdrules
Below follows output from cmd:
isakmpd -d -DA=99 -K
: Re: Site-to-site IPSec VPN between OpenBSD and Cisco PIX 515E
From which machine do I have to do ping -I A.B.C.D E.F.G.H
pf has default config and allows everything
forwarding is enabled
What does netstat -rn -f encap look like?
~bas
Christoph Leser wrote:
you could try
ping -I A.B.C.D
So by the way .. the problem was link with pf.conf..
In fact there is something i did not put on my last mail, it is the fact
i'am using
TWO adsl pppoe link on the same PC. i'm doing load balancing for the web
access
it's working like a charm
So there is TWO tun interfaces : tun0 link
New thread .. after some new test..
And stiill the same ... shit !
Here is the LAn/WAn network
192.168.0/24(lan)--Netgear DG 834 (adsl + NAT + ipsec +ip fix A)
|
---WEB---
)
Once we know whether the packets really leave openBSD, we can do further
analysis.
-Urspr|ngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag
von jcr
Gesendet: Dienstag, 27. November 2007 12:10
An: misc@openbsd.org
Betreff: ipsec vpn netgear DG834 : openbsd
Gesendet: Dienstag, 27. November 2007 12:10
An: misc@openbsd.org
Betreff: ipsec vpn netgear DG834 : openbsd 4.2 (new thread)
New thread .. after some new test..
And stiill the same ... shit !
Here is the LAn/WAn network
192.168.0/24(lan)--Netgear DG 834 (adsl + NAT + ipsec +ip fix
Ok .
here i go
i have red the misc list upside/down and right to left , but i can't
find a solution to my problhme
Here is the LAn/WAn network
192.168.0/24(lan)--Netgear DG 834 (adsl + NAT + ipsec +ip fix A)
|
1 - 100 of 178 matches
Mail list logo