Hi I hope someone can answer something I'm sure is quite basic.
I am following the instructions at https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html On setting up a VPN
The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file.
When I bring up my connection
ifup bicester
I get RTNETLINK answers: No such device
looking at /var/messages I see
ERROR: failed to bind to address 127.0.0.1[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] (Address already in use). Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] used as isakmp port (fd=25)
There was an existing setup done long ago.
How can I setup more than one vpn connection (manually as this is a headless server) or is that not possible ?
Thanks for any pointers
Yes you can. Please use newer version of centos and strong/openswan.
Eero 21.3.2016 7.05 ip. "Glenn Pierce" glennpierce@gmail.com kirjoitti:
Hi I hope someone can answer something I'm sure is quite basic.
I am following the instructions at https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html On setting up a VPN
The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file.
When I bring up my connection
ifup bicester
I get RTNETLINK answers: No such device
looking at /var/messages I see
ERROR: failed to bind to address 127.0.0.1[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] (Address already in use). Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] used as isakmp port (fd=25)
There was an existing setup done long ago.
How can I setup more than one vpn connection (manually as this is a headless server) or is that not possible ?
Thanks for any pointers _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
I second Eero's comment, use a new IPSec daemon.
Openswan was forked and became Libreswan. Paul, now a RH employee, was a main developer for the Openswan project before he and others created the Libreswan fork. https://libreswan.org/
EL6 has Openswan EL7 has Libreswan
Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform (preferably EL7 with Libreswan).
On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen eero.volotinen@iki.fi wrote:
Yes you can. Please use newer version of centos and strong/openswan.
Eero 21.3.2016 7.05 ip. "Glenn Pierce" glennpierce@gmail.com kirjoitti:
Hi I hope someone can answer something I'm sure is quite basic.
I am following the instructions at https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html On setting up a VPN
The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file.
When I bring up my connection
ifup bicester
I get RTNETLINK answers: No such device
looking at /var/messages I see
ERROR: failed to bind to address 127.0.0.1[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] (Address already in use). Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] used as isakmp port (fd=25)
There was an existing setup done long ago.
How can I setup more than one vpn connection (manually as this is a headless server) or is that not possible ?
Thanks for any pointers _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
And centos 5 is really soon end of life.
Eero 21.3.2016 7.18 ip. "Mike - st257" silvertip257@gmail.com kirjoitti:
I second Eero's comment, use a new IPSec daemon.
Openswan was forked and became Libreswan. Paul, now a RH employee, was a main developer for the Openswan project before he and others created the Libreswan fork. https://libreswan.org/
EL6 has Openswan EL7 has Libreswan
Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform (preferably EL7 with Libreswan).
On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen eero.volotinen@iki.fi wrote:
Yes you can. Please use newer version of centos and strong/openswan.
Eero 21.3.2016 7.05 ip. "Glenn Pierce" glennpierce@gmail.com kirjoitti:
Hi I hope someone can answer something I'm sure is quite basic.
I am following the instructions at https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html On setting up a VPN
The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file.
When I bring up my connection
ifup bicester
I get RTNETLINK answers: No such device
looking at /var/messages I see
ERROR: failed to bind to address 127.0.0.1[500] (Address already in
use).
Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] (Address already in use). Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] used as isakmp port (fd=25)
There was an existing setup done long ago.
How can I setup more than one vpn connection (manually as this is a headless server) or is that not possible ?
Thanks for any pointers _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-- ---~~.~~--- Mike // SilverTip257 // _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 silvertip257@gmail.com wrote:
I second Eero's comment, use a new IPSec daemon.
Openswan was forked and became Libreswan. Paul, now a RH employee, was a main developer for the Openswan project before he and others created the Libreswan fork. https://libreswan.org/
EL6 has Openswan EL7 has Libreswan
Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform (preferably EL7 with Libreswan).
There's an RPM spec file (though I've not used it) for building Openswan for EL5. https://github.com/xelerance/Openswan/tree/master/packaging/centos5
Additionally, here's some info but I advise against the Racoon IPSec daemon. https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html https://wiki.debian.org/IPsec
On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen eero.volotinen@iki.fi wrote:
Yes you can. Please use newer version of centos and strong/openswan.
Eero 21.3.2016 7.05 ip. "Glenn Pierce" glennpierce@gmail.com kirjoitti:
Hi I hope someone can answer something I'm sure is quite basic.
I am following the instructions at https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html On setting up a VPN
The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file.
When I bring up my connection
ifup bicester
I get RTNETLINK answers: No such device
looking at /var/messages I see
ERROR: failed to bind to address 127.0.0.1[500] (Address already in
use).
Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] (Address already in use). Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] used as isakmp port (fd=25)
There was an existing setup done long ago.
How can I setup more than one vpn connection (manually as this is a headless server) or is that not possible ?
Thanks for any pointers _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-- ---~~.~~--- Mike // SilverTip257 //
Centos 5 is still soon end of life. Using it as ipsec gateway is ..
Eero 21.3.2016 7.25 ip. "Mike - st257" silvertip257@gmail.com kirjoitti:
On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 silvertip257@gmail.com wrote:
I second Eero's comment, use a new IPSec daemon.
Openswan was forked and became Libreswan. Paul, now a RH employee, was a main developer for the Openswan project before he and others created the Libreswan fork. https://libreswan.org/
EL6 has Openswan EL7 has Libreswan
Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform (preferably EL7 with Libreswan).
There's an RPM spec file (though I've not used it) for building Openswan for EL5. https://github.com/xelerance/Openswan/tree/master/packaging/centos5
Additionally, here's some info but I advise against the Racoon IPSec daemon.
https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html https://wiki.debian.org/IPsec
On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen eero.volotinen@iki.fi wrote:
Yes you can. Please use newer version of centos and strong/openswan.
Eero 21.3.2016 7.05 ip. "Glenn Pierce" glennpierce@gmail.com kirjoitti:
Hi I hope someone can answer something I'm sure is quite basic.
I am following the instructions at https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html On setting up a VPN
The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file.
When I bring up my connection
ifup bicester
I get RTNETLINK answers: No such device
looking at /var/messages I see
ERROR: failed to bind to address 127.0.0.1[500] (Address already in
use).
Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] (Address already in use). Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] used as isakmp port (fd=25)
There was an existing setup done long ago.
How can I setup more than one vpn connection (manually as this is a headless server) or is that not possible ?
Thanks for any pointers _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-- ---~~.~~--- Mike // SilverTip257 //
-- ---~~.~~--- Mike // SilverTip257 // _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Will ask my boss :) We are hosted on memset so not so easy to update
Thanks
On 21 March 2016 at 17:36, Eero Volotinen eero.volotinen@iki.fi wrote:
Centos 5 is still soon end of life. Using it as ipsec gateway is ..
Eero 21.3.2016 7.25 ip. "Mike - st257" silvertip257@gmail.com kirjoitti:
On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 silvertip257@gmail.com wrote:
I second Eero's comment, use a new IPSec daemon.
Openswan was forked and became Libreswan. Paul, now a RH employee, was a main developer for the Openswan project before he and others created the Libreswan fork. https://libreswan.org/
EL6 has Openswan EL7 has Libreswan
Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform (preferably EL7 with Libreswan).
There's an RPM spec file (though I've not used it) for building Openswan for EL5. https://github.com/xelerance/Openswan/tree/master/packaging/centos5
Additionally, here's some info but I advise against the Racoon IPSec daemon.
https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html https://wiki.debian.org/IPsec
On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen eero.volotinen@iki.fi wrote:
Yes you can. Please use newer version of centos and strong/openswan.
Eero 21.3.2016 7.05 ip. "Glenn Pierce" glennpierce@gmail.com kirjoitti:
Hi I hope someone can answer something I'm sure is quite basic.
I am following the instructions at https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html On setting up a VPN
The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file.
When I bring up my connection
ifup bicester
I get RTNETLINK answers: No such device
looking at /var/messages I see
ERROR: failed to bind to address 127.0.0.1[500] (Address already in
use).
Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] (Address already in use). Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] used as isakmp port (fd=25)
There was an existing setup done long ago.
How can I setup more than one vpn connection (manually as this is a headless server) or is that not possible ?
Thanks for any pointers _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-- ---~~.~~--- Mike // SilverTip257 //
-- ---~~.~~--- Mike // SilverTip257 // _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce" glennpierce@gmail.com kirjoitti:
Will ask my boss :) We are hosted on memset so not so easy to update
Thanks
On 21 March 2016 at 17:36, Eero Volotinen eero.volotinen@iki.fi wrote:
Centos 5 is still soon end of life. Using it as ipsec gateway is ..
Eero 21.3.2016 7.25 ip. "Mike - st257" silvertip257@gmail.com kirjoitti:
On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 silvertip257@gmail.com wrote:
I second Eero's comment, use a new IPSec daemon.
Openswan was forked and became Libreswan. Paul, now a RH employee,
was a
main developer for the Openswan project before he and others created
the
Libreswan fork. https://libreswan.org/
EL6 has Openswan EL7 has Libreswan
Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform (preferably EL7 with Libreswan).
There's an RPM spec file (though I've not used it) for building Openswan for EL5. https://github.com/xelerance/Openswan/tree/master/packaging/centos5
Additionally, here's some info but I advise against the Racoon IPSec daemon.
https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <
eero.volotinen@iki.fi>
wrote:
Yes you can. Please use newer version of centos and strong/openswan.
Eero 21.3.2016 7.05 ip. "Glenn Pierce" glennpierce@gmail.com kirjoitti:
Hi I hope someone can answer something I'm sure is quite basic.
I am following the instructions at
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
On setting up a VPN
The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file.
When I bring up my connection
ifup bicester
I get RTNETLINK answers: No such device
looking at /var/messages I see
ERROR: failed to bind to address 127.0.0.1[500] (Address already in
use).
Mar 21 17:01:05 racoon: ERROR: failed to bind to address
*.*.*.*[500]
(Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address
*.*.*.*[500]
(Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address
*.*.*.*[500]
(Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] (Address already in use). Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] used as isakmp port (fd=25)
There was an existing setup done long ago.
How can I setup more than one vpn connection (manually as this is a headless server) or is that not possible ?
Thanks for any pointers _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-- ---~~.~~--- Mike // SilverTip257 //
-- ---~~.~~--- Mike // SilverTip257 // _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
To be fair its not highly sensitive info we are dealing with.
-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 17:51 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce" glennpierce@gmail.com kirjoitti:
Will ask my boss :) We are hosted on memset so not so easy to update
Thanks
On 21 March 2016 at 17:36, Eero Volotinen eero.volotinen@iki.fi wrote:
Centos 5 is still soon end of life. Using it as ipsec gateway is ..
Eero 21.3.2016 7.25 ip. "Mike - st257" silvertip257@gmail.com kirjoitti:
On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 silvertip257@gmail.com wrote:
I second Eero's comment, use a new IPSec daemon.
Openswan was forked and became Libreswan. Paul, now a RH employee,
was a
main developer for the Openswan project before he and others created
the
Libreswan fork. https://libreswan.org/
EL6 has Openswan EL7 has Libreswan
Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform (preferably EL7 with Libreswan).
There's an RPM spec file (though I've not used it) for building Openswan for EL5. https://github.com/xelerance/Openswan/tree/master/packaging/centos5
Additionally, here's some info but I advise against the Racoon IPSec daemon.
https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <
eero.volotinen@iki.fi>
wrote:
Yes you can. Please use newer version of centos and strong/openswan.
Eero 21.3.2016 7.05 ip. "Glenn Pierce" glennpierce@gmail.com kirjoitti:
Hi I hope someone can answer something I'm sure is quite basic.
I am following the instructions at
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
On setting up a VPN
The part I am having trouble with is when it show the /etc/racoon/racoon.conf file. But it doesn't say whay you have to do with this file.
When I bring up my connection
ifup bicester
I get RTNETLINK answers: No such device
looking at /var/messages I see
ERROR: failed to bind to address 127.0.0.1[500] (Address already in
use).
Mar 21 17:01:05 racoon: ERROR: failed to bind to address
*.*.*.*[500]
(Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address
*.*.*.*[500]
(Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address
*.*.*.*[500]
(Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] (Address already in use). Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] used as isakmp port (fd=25)
There was an existing setup done long ago.
How can I setup more than one vpn connection (manually as this is a headless server) or is that not possible ?
Thanks for any pointers _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-- ---~~.~~--- Mike // SilverTip257 //
-- ---~~.~~--- Mike // SilverTip257 // _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Glenn Pierce wrote:
To be fair its not highly sensitive info we are dealing with.
That doesn't matter. Do you drive a car that's leaking oil, and the engine check light has been on for months, and just put gas in, and not worry about adding more oil, or going to a mechanic?
mark
-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 17:51 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce" glennpierce@gmail.com kirjoitti:
Will ask my boss :) We are hosted on memset so not so easy to update
Thanks
On 21 March 2016 at 17:36, Eero Volotinen eero.volotinen@iki.fi wrote:
Centos 5 is still soon end of life. Using it as ipsec gateway is ..
Eero 21.3.2016 7.25 ip. "Mike - st257" silvertip257@gmail.com kirjoitti:
On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257
wrote:
I second Eero's comment, use a new IPSec daemon.
Openswan was forked and became Libreswan. Paul, now a RH employee,
was a
main developer for the Openswan project before he and others
created the
Libreswan fork. https://libreswan.org/
EL6 has Openswan EL7 has Libreswan
Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer
platform
(preferably EL7 with Libreswan).
There's an RPM spec file (though I've not used it) for building
Openswan
for EL5. https://github.com/xelerance/Openswan/tree/master/packaging/centos5
Additionally, here's some info but I advise against the Racoon IPSec daemon.
https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <
eero.volotinen@iki.fi>
wrote:
Yes you can. Please use newer version of centos and
strong/openswan.
Eero 21.3.2016 7.05 ip. "Glenn Pierce" glennpierce@gmail.com
kirjoitti:
> Hi I hope someone can answer something I'm sure is quite basic. > > I am following the instructions at >
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> On setting up a VPN > > The part I am having trouble with is when it show the > /etc/racoon/racoon.conf file. > But it doesn't say whay you have to do with this file. > > When I bring up my connection > > ifup bicester > > I get > RTNETLINK answers: No such device > > looking at /var/messages I see > > ERROR: failed to bind to address 127.0.0.1[500] (Address already
in
use). > Mar 21 17:01:05 racoon: ERROR: failed to bind to address
*.*.*.*[500]
> (Address already in use). > Mar 21 17:01:05 racoon: ERROR: failed to bind to address
*.*.*.*[500]
> (Address already in use). > Mar 21 17:01:05 racoon: ERROR: failed to bind to address
*.*.*.*[500]
> (Address already in use). > Mar 21 17:01:05 racoon: ERROR: failed to bind to address
::1[500]
> (Address already in use). > Mar 21 17:01:05 racoon: INFO:
fe80::bcef:4fff:fe66:82ec%eth0[500]
> used as isakmp port (fd=25) > > There was an existing setup done long ago. > > How can I setup more than one vpn connection (manually as this
is a
> headless server) > or is that not possible ? > > Thanks for any pointers > _______________________________________________ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-- ---~~.~~--- Mike // SilverTip257 //
-- ---~~.~~--- Mike // SilverTip257 // _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Glenn Pierce wrote:
Will ask my boss :) We are hosted on memset so not so easy to update
Thanks
Um, wait a minute: you're hosted? And they haven't pushed you to 6 years ago? They haven't sent warnings that 5 was hitting eol?
Who are they, please? I want to make sure that if someone asks me about hosting, I can add that to places they should avoid.
mark
Memset.com ? In real world, rhel 5/centos 5 gets only critical security patches.
Eero 21.3.2016 7.54 ip. m.roth@5-cent.us kirjoitti:
Glenn Pierce wrote:
Will ask my boss :) We are hosted on memset so not so easy to update
Thanks
Um, wait a minute: you're hosted? And they haven't pushed you to 6 years ago? They haven't sent warnings that 5 was hitting eol?
Who are they, please? I want to make sure that if someone asks me about hosting, I can add that to places they should avoid.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
I asked about upgrading once and got no reply. Does anyone have experience of having a hosted centos upgraded on a virtual server. Would you usually have to pay for a transition instance ?
-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 18:11 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
Memset.com ? In real world, rhel 5/centos 5 gets only critical security patches.
Eero 21.3.2016 7.54 ip. m.roth@5-cent.us kirjoitti:
Glenn Pierce wrote:
Will ask my boss :) We are hosted on memset so not so easy to update
Thanks
Um, wait a minute: you're hosted? And they haven't pushed you to 6 years ago? They haven't sent warnings that 5 was hitting eol?
Who are they, please? I want to make sure that if someone asks me about hosting, I can add that to places they should avoid.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Glenn Pierce wrote:
I asked about upgrading once and got no reply. Does anyone have experience of having a hosted centos upgraded on a virtual server. Would you usually have to pay for a transition instance ?
I pay for my own hosting (5-cent.us) at hostmonster. They've done upgrades, and they announced it to *me*, and no, I didn't pay anything. And I'm just a "consumer grade" - something like $6US/month.
I would expect *far* more for commercial hosting.
mark
-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 18:11 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
Memset.com ? In real world, rhel 5/centos 5 gets only critical security patches.
Eero 21.3.2016 7.54 ip. m.roth@5-cent.us kirjoitti:
Glenn Pierce wrote:
Will ask my boss :) We are hosted on memset so not so easy to update
Thanks
Um, wait a minute: you're hosted? And they haven't pushed you to 6 years ago? They haven't sent warnings that 5 was hitting eol?
Who are they, please? I want to make sure that if someone asks me about hosting, I can add that to places they should avoid.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
err. upgrades?
You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones..
-- Eero
2016-03-21 20:33 GMT+02:00 m.roth@5-cent.us:
Glenn Pierce wrote:
I asked about upgrading once and got no reply. Does anyone have
experience
of having a hosted centos upgraded on a virtual server. Would you usually have to pay for a transition instance ?
I pay for my own hosting (5-cent.us) at hostmonster. They've done upgrades, and they announced it to *me*, and no, I didn't pay anything. And I'm just a "consumer grade" - something like $6US/month.
I would expect *far* more for commercial hosting.
mark-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 18:11 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
Memset.com ? In real world, rhel 5/centos 5 gets only critical security patches.
Eero 21.3.2016 7.54 ip. m.roth@5-cent.us kirjoitti:
Glenn Pierce wrote:
Will ask my boss :) We are hosted on memset so not so easy to update
Thanks
Um, wait a minute: you're hosted? And they haven't pushed you to 6 years ago? They haven't sent warnings that 5 was hitting eol?
Who are they, please? I want to make sure that if someone asks me about hosting, I can add that to places they should avoid.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Yes reinstall. I get you have to purchase a new instance for a time to move over.
-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 18:38 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
err. upgrades?
You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones..
-- Eero
2016-03-21 20:33 GMT+02:00 m.roth@5-cent.us:
Glenn Pierce wrote:
I asked about upgrading once and got no reply. Does anyone have
experience
of having a hosted centos upgraded on a virtual server. Would you usually have to pay for a transition instance ?
I pay for my own hosting (5-cent.us) at hostmonster. They've done upgrades, and they announced it to *me*, and no, I didn't pay anything. And I'm just a "consumer grade" - something like $6US/month.
I would expect *far* more for commercial hosting.
mark-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 18:11 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
Memset.com ? In real world, rhel 5/centos 5 gets only critical security patches.
Eero 21.3.2016 7.54 ip. m.roth@5-cent.us kirjoitti:
Glenn Pierce wrote:
Will ask my boss :) We are hosted on memset so not so easy to update
Thanks
Um, wait a minute: you're hosted? And they haven't pushed you to 6 years ago? They haven't sent warnings that 5 was hitting eol?
Who are they, please? I want to make sure that if someone asks me about hosting, I can add that to places they should avoid.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Glenn Pierce wrote:
Yes reinstall. I get you have to purchase a new instance for a time to move over.
I'd figure that they just move you to an instance that's already running a newer version of the o/s, giving you time to test for breakage. I really don't see them charging, except, possibly, for running in parallel during testing.
mark
-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 18:38 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
err. upgrades?
You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones..
-- Eero
2016-03-21 20:33 GMT+02:00 m.roth@5-cent.us:
Glenn Pierce wrote:
I asked about upgrading once and got no reply. Does anyone have
experience
of having a hosted centos upgraded on a virtual server. Would you
usually
have to pay for a transition instance ?
I pay for my own hosting (5-cent.us) at hostmonster. They've done upgrades, and they announced it to *me*, and no, I didn't pay anything. And I'm just a "consumer grade" - something like $6US/month.
I would expect *far* more for commercial hosting.
mark-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 18:11 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
Memset.com ? In real world, rhel 5/centos 5 gets only critical
security
patches.
Eero 21.3.2016 7.54 ip. m.roth@5-cent.us kirjoitti:
Glenn Pierce wrote:
Will ask my boss :) We are hosted on memset so not so easy to
update
Thanks
Um, wait a minute: you're hosted? And they haven't pushed you to 6
years
ago? They haven't sent warnings that 5 was hitting eol?
Who are they, please? I want to make sure that if someone asks me
about
hosting, I can add that to places they should avoid.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
I'm Sur my boss will agree. Looks like I have a multi terra byte postgres move to look forward to. Thanks evryone
-----Original Message----- From: "m.roth@5-cent.us" m.roth@5-cent.us Sent: 21/03/2016 20:03 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
Glenn Pierce wrote:
Yes reinstall. I get you have to purchase a new instance for a time to move over.
I'd figure that they just move you to an instance that's already running a newer version of the o/s, giving you time to test for breakage. I really don't see them charging, except, possibly, for running in parallel during testing.
mark
-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 18:38 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
err. upgrades?
You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones..
-- Eero
2016-03-21 20:33 GMT+02:00 m.roth@5-cent.us:
Glenn Pierce wrote:
I asked about upgrading once and got no reply. Does anyone have
experience
of having a hosted centos upgraded on a virtual server. Would you
usually
have to pay for a transition instance ?
I pay for my own hosting (5-cent.us) at hostmonster. They've done upgrades, and they announced it to *me*, and no, I didn't pay anything. And I'm just a "consumer grade" - something like $6US/month.
I would expect *far* more for commercial hosting.
mark-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 18:11 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
Memset.com ? In real world, rhel 5/centos 5 gets only critical
security
patches.
Eero 21.3.2016 7.54 ip. m.roth@5-cent.us kirjoitti:
Glenn Pierce wrote:
Will ask my boss :) We are hosted on memset so not so easy to
update
Thanks
Um, wait a minute: you're hosted? And they haven't pushed you to 6
years
ago? They haven't sent warnings that 5 was hitting eol?
Who are they, please? I want to make sure that if someone asks me
about
hosting, I can add that to places they should avoid.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Eero Volotinen wrote:
err. upgrades?
You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones..
Of course. Now, I haven't looked recently, but I do vaguely remember them telling me they were moving me to an upgraded system; my website runs perl CGI, and that's about it, the rest is *all* straight HTML, so I doubt I would have noticed much.
mark
-- Eero
2016-03-21 20:33 GMT+02:00 m.roth@5-cent.us:
Glenn Pierce wrote:
I asked about upgrading once and got no reply. Does anyone have
experience
of having a hosted centos upgraded on a virtual server. Would you
usually
have to pay for a transition instance ?
I pay for my own hosting (5-cent.us) at hostmonster. They've done upgrades, and they announced it to *me*, and no, I didn't pay anything. And I'm just a "consumer grade" - something like $6US/month.
I would expect *far* more for commercial hosting.
mark-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 18:11 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
Memset.com ? In real world, rhel 5/centos 5 gets only critical
security
patches.
Eero 21.3.2016 7.54 ip. m.roth@5-cent.us kirjoitti:
Glenn Pierce wrote:
Will ask my boss :) We are hosted on memset so not so easy to
update
Thanks
Um, wait a minute: you're hosted? And they haven't pushed you to 6
years
ago? They haven't sent warnings that 5 was hitting eol?
Who are they, please? I want to make sure that if someone asks me
about
hosting, I can add that to places they should avoid.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Well, RHEL actually supports upgrading from 6 to 7 in some use cases. If you have access, https://access.redhat.com/solutions/21964. Not sure how that fits for CentOS though..
Em 21-03-2016 15:38, Eero Volotinen escreveu:
err. upgrades?
You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones..
-- Eero
2016-03-21 20:33 GMT+02:00 m.roth@5-cent.us:
Glenn Pierce wrote:
I asked about upgrading once and got no reply. Does anyone have
experience
of having a hosted centos upgraded on a virtual server. Would you usually have to pay for a transition instance ?
I pay for my own hosting (5-cent.us) at hostmonster. They've done upgrades, and they announced it to *me*, and no, I didn't pay anything. And I'm just a "consumer grade" - something like $6US/month.
I would expect *far* more for commercial hosting.
mark-----Original Message----- From: "Eero Volotinen" eero.volotinen@iki.fi Sent: 21/03/2016 18:11 To: "CentOS mailing list" centos@centos.org Subject: Re: [CentOS] IPSec multiple VPN setups
Memset.com ? In real world, rhel 5/centos 5 gets only critical security patches.
Eero 21.3.2016 7.54 ip. m.roth@5-cent.us kirjoitti:
Glenn Pierce wrote:
Will ask my boss :) We are hosted on memset so not so easy to update
Thanks
Um, wait a minute: you're hosted? And they haven't pushed you to 6 years ago? They haven't sent warnings that 5 was hitting eol?
Who are they, please? I want to make sure that if someone asks me about hosting, I can add that to places they should avoid.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Mon, 2016-03-21 at 18:23 +0000, Glenn Pierce wrote:
I asked about upgrading once and got no reply. Does anyone have experience of having a hosted centos upgraded on a virtual server. Would you usually have to pay for a transition instance ?
I have several Centos VPSs in several countries around the world. Naturally I don't have FTP preferring to use SSH, SCP, non-standard ports and restricted to specific incoming individual IPs.
All run C 6.7 except one on C 5.11, which I am about to upgrade (its difficult because so much is on that machine and I don't want any downtime).
Dump your out-of-date C5. C6 is not very different. Everything I run on C5 also runs smoothly on C6.
Am 21.03.2016 um 18:17 schrieb Mike - st257 silvertip257@gmail.com:
I second Eero's comment, use a new IPSec daemon.
Openswan was forked and became Libreswan. Paul, now a RH employee, was a main developer for the Openswan project before he and others created the Libreswan fork. https://libreswan.org/
EL6 has Openswan EL7 has Libreswan
Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform (preferably EL7 with Libreswan)
Libreswan will be in the next EL6 release ...
-- LF
Anyway, they both use compatible config files?
Eero 22.3.2016 12.23 ap. "Leon Fauster" leonfauster@googlemail.com kirjoitti:
Am 21.03.2016 um 18:17 schrieb Mike - st257 silvertip257@gmail.com:
I second Eero's comment, use a new IPSec daemon.
Openswan was forked and became Libreswan. Paul, now a RH employee, was a main developer for the Openswan project before he and others created the Libreswan fork. https://libreswan.org/
EL6 has Openswan EL7 has Libreswan
Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform (preferably EL7 with Libreswan)
Libreswan will be in the next EL6 release ...
-- LF
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-
Always Learning -
Eero Volotinen -
Glenn Pierce -
Leon Fauster -
m.roth@5-cent.us -
Marcelo Ricardo Leitner -
Mike - st257