[strongSwan] Route based VPN Strongswan IPsec tunnel
Hi, Are there any steps to set up route based VPN using Strongswan IPsec tunnel? Thanks in Advance. Best Regards, Kaushal
[strongSwan] Difference between phase 1 and phase 2 IPsec VPN
Hi, I will appreciate if some one can help me the difference between phase 1 and phase 2 IPsec VPN. Best Regards, Kaushal
Re: [strongSwan] Route based VPN in Linux
o > Process: 6659 ExecStart=/usr/sbin/bird (code=exited, status=0/SUCCESS) > Main PID: 6660 (bird) >CGroup: /system.slice/bird.service >└─6660 /usr/sbin/bird > Apr 12 07:48:44 ip-172-31-15-8.ap-southeast-1.compute.internal > systemd[1]: Starting BIRD Internet Routing Daemon... > Apr 12 07:48:44 ip-172-31-15-8.ap-southeast-1.compute.internal > systemd[1]: Started BIRD Internet Routing Daemon. > Apr 12 07:48:44 ip-172-31-15-8.ap-southeast-1.compute.internal > bird[6660]: Started > [root@ip-172-31-15-8 ~]# birdc > BIRD 1.6.4 ready. > bird> show status > BIRD 1.6.4 > Router ID is 10.0.1.2 > Current server time is 2018-04-12 07:49:13 > Last reboot on 2018-04-12 07:48:43 > Last reconfiguration on 2018-04-12 07:48:43 > Daemon is up and running > bird> show interfaces > lo up (index=1) > MultiAccess AdminUp LinkUp Loopback Ignored MTU=65536 > 127.0.0.1/8 (Primary, scope host) > eth0 up (index=2) > MultiAccess Broadcast Multicast AdminUp LinkUp MTU=9001 > 172.31.15.8/20 (Primary, scope site) > ip_vti0 DOWN (index=3) > MultiAccess AdminDown LinkDown MTU=1480 > vti01 up (index=7) > PtP Multicast AdminUp LinkUp MTU=8981 > 10.0.1.1/24 (Primary, scope site) > bird> show protocols > name prototablestate since info > kernel1 Kernel master up 07:48:43 > device1 Device master up 07:48:43 > testbgp BGP master start 07:48:43Idle > bird> show protocols all > name prototablestate since info > kernel1 Kernel master up 07:48:44 > Preference: 10 > Input filter: ACCEPT > Output filter: ACCEPT > Routes: 1 imported, 0 exported, 1 preferred > Route change stats: received rejected filteredignored > accepted > Import updates: 1 0 0 0 > 1 > Import withdraws:0 0--- 0 > 0 > Export updates: 1 1 0--- > 0 > Export withdraws:0--------- > 0 > device1 Device master up 07:48:44 > Preference: 240 > Input filter: ACCEPT > Output filter: REJECT > Routes: 0 imported, 0 exported, 0 preferred > Route change stats: received rejected filteredignored > accepted > Import updates: 0 0 0 0 > 0 > Import withdraws:0 0--- 0 > 0 > Export updates: 0 0 0--- > 0 > Export withdraws:0--------- > 0 > testbgp BGP master start 07:48:44Idle > Preference: 160 > Input filter: ACCEPT > Output filter: (unnamed) > Routes: 0 imported, 0 exported, 0 preferred > Route change stats: received rejected filteredignored > accepted > Import updates: 0 0 0 0 > 0 > Import withdraws:0 0--- 0 > 0 > Export updates: 0 0 0--- > 0 > Export withdraws:0--------- > 0 > BGP state: Idle > Neighbor address: 10.1.2.2 > Neighbor AS: 65003 > bird> > [root@ip-172-31-15-8 ~]# Please let me know if the above configurations are correct and is the right approach to setup redundant route based VPN using VTI. I have couple of followup questions like how do i test failover between the two IPSec VPN servers using VTI and how do i test BIRD Daemon using BGP as i have configured BIRD on both the servers for the network architecture shown in https://i.imgur.com/dLFovre.png Thanks in Advance and your help will be really appreciated. I look forward to hearing from you. Best Regards, Kaushal On Tue, Apr 17, 2018 at 12:40 AM, Andrii Petrenko <apl...@gmail.com> wrote: > https://wiki.strongswan.org/projects/strongswan/wiki/RouteBasedVPN > > --- > Andrii Petrenko > apl...@gmail.com > > On Apr 16, 2018, at 11:26, Kaushal Shriyan <kaushalshri...@gmail.com> > wrote: > > Hi, > > I will appreciate if anyone can point me to a doc to setup Route based VPN > in Linux using VTI > Thanks in Advance. > > I look forward to hearing from you. > > Best Regards, > > Kaushal > > >
[strongSwan] Route based VPN in Linux
Hi, I will appreciate if anyone can point me to a doc to setup Route based VPN in Linux using VTI Thanks in Advance. I look forward to hearing from you. Best Regards, Kaushal
Re: [strongSwan] IPsec on ubuntu linux server 8.04
On Sat, Jan 15, 2011 at 5:58 AM, Andreas Steffen andreas.stef...@strongswan.org wrote: Hi Kaushal, what do you mean by peeking into the logs? Executing ipsec statusall? If yes then this is a well-known bug with some older Linux 2.6 kernels which I up to now thought only to occur with RedHat or CentOS distributions. Regards Andreas Hi Andreas Thanks for the quick reply. I have updated the openswan package on Ubuntu Linux Server 8.04 (Hardy) to the latest version. The issue still persists root@:~#dpkg -l '*ipsec*' Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-==-==- ii ipsec-tools1:0.6.7-1.1ubuntu1.2 IPsec tools for Linux root@:~# dpkg -l '*openswan*' Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-==-==- ii openswan 1:2.6.32~1git20110113 Internet Key Exchange daemon un openswan-doc none (no description available) un openswan-modules-dkms none (no description available) un openswan-modules-sourcenone (no description available) root@:~#lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 8.04 Release:8.04 Codename: hardy root@:~#cat /proc/version Linux version 2.6.24-16-server (buildd@yellow) (gcc version 4.2.3 (Ubuntu 4.2.3-2ubuntu7)) #1 SMP Thu Apr 10 13:15:38 UTC 2008 root@:~# I can send you /var/log/ipsec.log and the output of ipsec barf through pastebin service. Please also let me know if you need any other information or logs. Please suggest/guide Thanks Kaushal ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
[strongSwan] IPsec on ubuntu linux server 8.04
Hi I have issue with ipsec where the client LAN IP disconnects and i need to reinitiate the ipsec config and then it works fine after that I am not able to understand why it disconnects after peeking into the logs Shall i pastebin the ipsec.log file ? Please suggest/guide Thanks Kaushal ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
Re: [strongSwan] IPsec on ubuntu linux server 8.04
On Wed, Jan 12, 2011 at 11:43 AM, Kaushal Shriyan kaushalshri...@gmail.comwrote: Hi I have issue with ipsec where the client LAN IP disconnects and i need to reinitiate the ipsec config and then it works fine after that I am not able to understand why it disconnects after peeking into the logs Shall i pastebin the ipsec.log file ? Please suggest/guide Thanks Kaushal Hi Please suggest me about the earlier post to this Mailing List. Thanks Kaushal ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users