[CentOS] IPSec multiple VPN setups
Eero Volotinen
eero.volotinen at iki.fi
Mon Mar 21 17:51:29 UTC 2016
Err. Sounds like security nightmare.
21.3.2016 7.47 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti:
> Will ask my boss :) We are hosted on memset so not so easy to update
>
> Thanks
>
> On 21 March 2016 at 17:36, Eero Volotinen <eero.volotinen at iki.fi> wrote:
> > Centos 5 is still soon end of life. Using it as ipsec gateway is ..
> >
> > Eero
> > 21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com> kirjoitti:
> >
> >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip257 at gmail.com>
> >> wrote:
> >>
> >> > I second Eero's comment, use a new IPSec daemon.
> >> >
> >> > Openswan was forked and became Libreswan. Paul, now a RH employee,
> was a
> >> > main developer for the Openswan project before he and others created
> the
> >> > Libreswan fork.
> >> > https://libreswan.org/
> >> >
> >> > EL6 has Openswan
> >> > EL7 has Libreswan
> >> >
> >> > Racoon isn't all that fun to work with.
> >> > If you have the option, ditch it and EL5 and move to a newer platform
> >> > (preferably EL7 with Libreswan).
> >> >
> >>
> >> There's an RPM spec file (though I've not used it) for building Openswan
> >> for EL5.
> >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5
> >>
> >> Additionally, here's some info but I advise against the Racoon IPSec
> >> daemon.
> >>
> >>
> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
> >> https://wiki.debian.org/IPsec
> >>
> >>
> >> >
> >> >
> >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <
> eero.volotinen at iki.fi>
> >> > wrote:
> >> >
> >> >> Yes you can. Please use newer version of centos and strong/openswan.
> >> >>
> >> >> Eero
> >> >> 21.3.2016 7.05 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti:
> >> >>
> >> >> > Hi I hope someone can answer something I'm sure is quite basic.
> >> >> >
> >> >> > I am following the instructions at
> >> >> >
> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> >> >> > On setting up a VPN
> >> >> >
> >> >> > The part I am having trouble with is when it show the
> >> >> > /etc/racoon/racoon.conf file.
> >> >> > But it doesn't say whay you have to do with this file.
> >> >> >
> >> >> > When I bring up my connection
> >> >> >
> >> >> > ifup bicester
> >> >> >
> >> >> > I get
> >> >> > RTNETLINK answers: No such device
> >> >> >
> >> >> > looking at /var/messages I see
> >> >> >
> >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
> >> >> use).
> >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> >> >> > used as isakmp port (fd=25)
> >> >> >
> >> >> > There was an existing setup done long ago.
> >> >> >
> >> >> > How can I setup more than one vpn connection (manually as this is a
> >> >> > headless server)
> >> >> > or is that not possible ?
> >> >> >
> >> >> > Thanks for any pointers
> >> >> > _______________________________________________
> >> >> > CentOS mailing list
> >> >> > CentOS at centos.org
> >> >> > https://lists.centos.org/mailman/listinfo/centos
> >> >> >
> >> >> _______________________________________________
> >> >> CentOS mailing list
> >> >> CentOS at centos.org
> >> >> https://lists.centos.org/mailman/listinfo/centos
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > ---~~.~~---
> >> > Mike
> >> > // SilverTip257 //
> >> >
> >>
> >>
> >>
> >> --
> >> ---~~.~~---
> >> Mike
> >> // SilverTip257 //
> >> _______________________________________________
> >> CentOS mailing list
> >> CentOS at centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
More information about the CentOS
mailing list