Questions tagged [ipsec]
IPSec is a method to provide internet security over the layer 3 of the OSI model.
215
questions
1
vote
1
answer
63
views
How can I setup FIREWALLD with IPSEC (StrongSwan) Site-to-Site to make PING work on Debian 12?
I have 3 nodes with public and local IP address, each:
Node A: edge router #1 (10.41.1.0/24)
Node B: edge router #2 (10.48.2.0/24)
Node C: VMS with Debian 12, docker containers and firewalld (ex. 172....
0
votes
0
answers
29
views
PFsense: fake subnet
I have got on IPSec tunnel mapping a remote 172.x/24 network to my local 10.x/16 network.
Because I cannot change the configuration on the remote site I need to use this like this (with 10.x/16 ...
2
votes
1
answer
211
views
How are `vti` and `xfrm` iproute2 interfaces supposed to be configured and used with xfrm states and policies?
XFRM states and policies enable configuring IPsec encryption without a virtual interface. The vti and xfrm interface types, however, I think make it possible to route traffic through a virtual ...
0
votes
1
answer
114
views
Allowing incoming ICMP from only a specified source IP
In the predetermined snippet:
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request"
protocol=icmpv4:8,any dir=in action=allow
What would I change exactly to allow ...
0
votes
0
answers
191
views
To allow IPsec NAT-T traffic to pass through, why does the firewall still need to permit ESP when it already allows UDP 4500?
I established an IPsec VPN tunnel between two Juniper SRX routers across NAT, with the NAT being performed by the firewall (a Linux server). When attempting to configure the firewall rules to allow ...
0
votes
0
answers
49
views
UDMP Wireguard Server + IPSec Site-to-site
We have a UDMP with a few VLANs : 10.92.10.0/24 , 10.92.41.0/24, 10.92.42.0/24
We have added a Wireguard server, which uses 192.168.4.0/24, and works wonderfully (clients can connect and access ...
0
votes
1
answer
22
views
IPSec S2S peer B host cannot receive ICMP reply or access host resources on peer A
I've got an IPSec S2S tunnel setup. The VPN is connected, tunnel established.
Here's the network topology:
(for reference, I am Peer A)
Problem:
host A pings host B and gets reply (this is not a ...
0
votes
1
answer
76
views
Creating an IP alias for a device on another subnet behind a VPN
I set up a site-to-site VPN with IPsec between two routers.
Router 1 (DLink DSR-250V2) controls the 11.11.11.0/24 subnet.
Router 2 controls the 192.168.1.0/24 subnet.
The tunnel itself works fine. ...
0
votes
0
answers
89
views
nftables config for ipsec (strongswan) vpn
If have got a working IPSec connection between a device (raspberry) on remote side (10.X.117.0/24 network) and the local network (10.Y.0.0/16 network).
The raspberry has a static 10.X.117.1 IP on its ...
0
votes
0
answers
134
views
How to chain in cascade two VPNs on macOS?
Given the following VPNs:
a WireGuard VPN I've created with a Fritz!Box
a Cisco IPSec VPN
I'd like to know if it's possible to connect to the Cisco VPN using the IP obtained via the WireGuard VPN. ...
1
vote
3
answers
15k
views
How to setup VPN connection from android 13/14 native VPN client to mikrotik routerOS for testing mobile app with backend behind a private network?
I want to test my mobile app on Android 13 with test backend located in private network. Therefore I need to access this network via VPN tunnel.
Since L2TP/PPTP VPN connections are not supported on ...
0
votes
0
answers
149
views
set network interface for strongswan
I am using StrongSwan on Raspberry Pi with a LTE token which is handled as eth1. It works fine as long nothing is connected to the ethernet port (eth0).
Then StrongSwan wants to use eth0 which fails.
...
0
votes
1
answer
211
views
IpSec StrongSwan HA config misses / no connection
I am using strongswan on rasberian 12 to connect to PFsense with /etc/ipsec.conf from an external network to an PfSense:
config setup
conn %default
keyexchange=ikev1
conn peer-ipsec.xxx.de-...
0
votes
0
answers
141
views
IPSEC libreswan interface endpoint does not match left or right
I am using libreswan on raspberry Pi OS 12 to connect to PFsense with /etc/ipsec.conf
from an external network
config setup
conn %default
#keyexchange=ikev1
conn peer-ipsec.xxx.de-tunnel-1
...
1
vote
0
answers
36
views
Routing specific subnet through a local peer
I have two (almost identical) Ubuntu machines with the local IP of 10.0.0.10 and 10.0.0.20, let's call them TEN and TWENTY respectively. Both have the default gateway of 10.0.0.1.
On TEN I have a site-...