Skip to main content
Super User

Questions tagged [ipsec]

Ask Question

IPSec is a method to provide internet security over the layer 3 of the OSI model.

215 questions
Newest Active Bountied Unanswered
1 vote
1 answer
63 views

How can I setup FIREWALLD with IPSEC (StrongSwan) Site-to-Site to make PING work on Debian 12?

I have 3 nodes with public and local IP address, each: Node A: edge router #1 (10.41.1.0/24) Node B: edge router #2 (10.48.2.0/24) Node C: VMS with Debian 12, docker containers and firewalld (ex. 172....
BCT's user avatar
BCT
  • 13
0 votes
0 answers
29 views

PFsense: fake subnet

I have got on IPSec tunnel mapping a remote 172.x/24 network to my local 10.x/16 network. Because I cannot change the configuration on the remote site I need to use this like this (with 10.x/16 ...
LeifSec's user avatar
LeifSec
  • 73
2 votes
1 answer
211 views

How are `vti` and `xfrm` iproute2 interfaces supposed to be configured and used with xfrm states and policies?

XFRM states and policies enable configuring IPsec encryption without a virtual interface. The vti and xfrm interface types, however, I think make it possible to route traffic through a virtual ...
rafiki's user avatar
rafiki
  • 49
0 votes
1 answer
114 views

Allowing incoming ICMP from only a specified source IP

In the predetermined snippet: netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow What would I change exactly to allow ...
James Smith's user avatar
James Smith
  • 11
0 votes
0 answers
191 views

To allow IPsec NAT-T traffic to pass through, why does the firewall still need to permit ESP when it already allows UDP 4500?

I established an IPsec VPN tunnel between two Juniper SRX routers across NAT, with the NAT being performed by the firewall (a Linux server). When attempting to configure the firewall rules to allow ...
phoebe61g's user avatar
phoebe61g
  • 1
0 votes
0 answers
49 views

UDMP Wireguard Server + IPSec Site-to-site

We have a UDMP with a few VLANs : 10.92.10.0/24 , 10.92.41.0/24, 10.92.42.0/24 We have added a Wireguard server, which uses 192.168.4.0/24, and works wonderfully (clients can connect and access ...
Nick Andriopoulos's user avatar
Nick Andriopoulos
  • 156
0 votes
1 answer
22 views

IPSec S2S peer B host cannot receive ICMP reply or access host resources on peer A

I've got an IPSec S2S tunnel setup. The VPN is connected, tunnel established. Here's the network topology: (for reference, I am Peer A) Problem: host A pings host B and gets reply (this is not a ...
autobottodoggo's user avatar
autobottodoggo
  • 589
0 votes
1 answer
76 views

Creating an IP alias for a device on another subnet behind a VPN

I set up a site-to-site VPN with IPsec between two routers. Router 1 (DLink DSR-250V2) controls the 11.11.11.0/24 subnet. Router 2 controls the 192.168.1.0/24 subnet. The tunnel itself works fine. ...
Nafana's user avatar
Nafana
  • 1
0 votes
0 answers
89 views

nftables config for ipsec (strongswan) vpn

If have got a working IPSec connection between a device (raspberry) on remote side (10.X.117.0/24 network) and the local network (10.Y.0.0/16 network). The raspberry has a static 10.X.117.1 IP on its ...
LeifSec's user avatar
LeifSec
  • 73
0 votes
0 answers
134 views

How to chain in cascade two VPNs on macOS?

Given the following VPNs: a WireGuard VPN I've created with a Fritz!Box a Cisco IPSec VPN I'd like to know if it's possible to connect to the Cisco VPN using the IP obtained via the WireGuard VPN. ...
toioski's user avatar
toioski
  • 101
1 vote
3 answers
15k views

How to setup VPN connection from android 13/14 native VPN client to mikrotik routerOS for testing mobile app with backend behind a private network?

I want to test my mobile app on Android 13 with test backend located in private network. Therefore I need to access this network via VPN tunnel. Since L2TP/PPTP VPN connections are not supported on ...
Bart's user avatar
Bart
  • 317
0 votes
0 answers
149 views

set network interface for strongswan

I am using StrongSwan on Raspberry Pi with a LTE token which is handled as eth1. It works fine as long nothing is connected to the ethernet port (eth0). Then StrongSwan wants to use eth0 which fails. ...
LeifSec's user avatar
LeifSec
  • 73
0 votes
1 answer
211 views

IpSec StrongSwan HA config misses / no connection

I am using strongswan on rasberian 12 to connect to PFsense with /etc/ipsec.conf from an external network to an PfSense: config setup conn %default keyexchange=ikev1 conn peer-ipsec.xxx.de-...
LeifSec's user avatar
LeifSec
  • 73
0 votes
0 answers
141 views

IPSEC libreswan interface endpoint does not match left or right

I am using libreswan on raspberry Pi OS 12 to connect to PFsense with /etc/ipsec.conf from an external network config setup conn %default #keyexchange=ikev1 conn peer-ipsec.xxx.de-tunnel-1 ...
LeifSec's user avatar
LeifSec
  • 73
1 vote
0 answers
36 views

Routing specific subnet through a local peer

I have two (almost identical) Ubuntu machines with the local IP of 10.0.0.10 and 10.0.0.20, let's call them TEN and TWENTY respectively. Both have the default gateway of 10.0.0.1. On TEN I have a site-...
0s r Fun's user avatar
0s r Fun
  • 11

15 30 50 per page
1
2 3 4 5
15