[CentOS] IPSec multiple VPN setups

m.roth at 5-cent.us m.roth at 5-cent.us
Mon Mar 21 18:21:36 UTC 2016


Glenn Pierce wrote:
> To be fair its not highly sensitive info we are dealing with.
>
That doesn't matter. Do you drive a car that's leaking oil, and the engine
check light has been on for months, and just put gas in, and not worry
about adding more oil, or going to a mechanic?

       mark

> -----Original Message-----
> From: "Eero Volotinen" <eero.volotinen at iki.fi>
> Sent: ‎21/‎03/‎2016 17:51
> To: "CentOS mailing list" <centos at centos.org>
> Subject: Re: [CentOS] IPSec multiple VPN setups
>
> Err. Sounds like security nightmare.
> 21.3.2016 7.47 ip. "Glenn Pierce" <glennpierce at gmail.com> kirjoitti:
>
>> Will ask my boss :) We are hosted on memset so not so easy to update
>>
>> Thanks
>>
>> On 21 March 2016 at 17:36, Eero Volotinen <eero.volotinen at iki.fi> wrote:
>> > Centos 5 is still soon end of life. Using it as ipsec gateway is ..
>> >
>> > Eero
>> > 21.3.2016 7.25 ip. "Mike - st257" <silvertip257 at gmail.com> kirjoitti:
>> >
>> >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257
>> <silvertip257 at gmail.com>
>> >> wrote:
>> >>
>> >> > I second Eero's comment, use a new IPSec daemon.
>> >> >
>> >> > Openswan was forked and became Libreswan. Paul, now a RH employee,
>> was a
>> >> > main developer for the Openswan project before he and others
>> created
>> the
>> >> > Libreswan fork.
>> >> > https://libreswan.org/
>> >> >
>> >> > EL6 has Openswan
>> >> > EL7 has Libreswan
>> >> >
>> >> > Racoon isn't all that fun to work with.
>> >> > If you have the option, ditch it and EL5 and move to a newer
>> platform
>> >> > (preferably EL7 with Libreswan).
>> >> >
>> >>
>> >> There's an RPM spec file (though I've not used it) for building
>> Openswan
>> >> for EL5.
>> >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5
>> >>
>> >> Additionally, here's some info but I advise against the Racoon IPSec
>> >> daemon.
>> >>
>> >>
>> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
>> >> https://wiki.debian.org/IPsec
>> >>
>> >>
>> >> >
>> >> >
>> >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <
>> eero.volotinen at iki.fi>
>> >> > wrote:
>> >> >
>> >> >> Yes you can. Please use newer version of centos and
>> strong/openswan.
>> >> >>
>> >> >> Eero
>> >> >> 21.3.2016 7.05 ip. "Glenn Pierce" <glennpierce at gmail.com>
>> kirjoitti:
>> >> >>
>> >> >> > Hi I hope someone can answer something I'm sure is quite basic.
>> >> >> >
>> >> >> > I am following the instructions at
>> >> >> >
>> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
>> >> >> > On setting up a VPN
>> >> >> >
>> >> >> > The part I am having trouble with is when it show the
>> >> >> > /etc/racoon/racoon.conf file.
>> >> >> > But it doesn't say whay you have to do with this file.
>> >> >> >
>> >> >> > When I bring up my connection
>> >> >> >
>> >> >> > ifup bicester
>> >> >> >
>> >> >> > I get
>> >> >> > RTNETLINK answers: No such device
>> >> >> >
>> >> >> > looking at /var/messages I see
>> >> >> >
>> >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already
>> in
>> >> >> use).
>> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
>> *.*.*.*[500]
>> >> >> > (Address already in use).
>> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
>> *.*.*.*[500]
>> >> >> > (Address already in use).
>> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
>> *.*.*.*[500]
>> >> >> > (Address already in use).
>> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
>> ::1[500]
>> >> >> > (Address already in use).
>> >> >> > Mar 21 17:01:05  racoon: INFO:
>> fe80::bcef:4fff:fe66:82ec%eth0[500]
>> >> >> > used as isakmp port (fd=25)
>> >> >> >
>> >> >> > There was an existing setup done long ago.
>> >> >> >
>> >> >> > How can I setup more than one vpn connection (manually as this
>> is a
>> >> >> > headless server)
>> >> >> > or is that not possible ?
>> >> >> >
>> >> >> > Thanks for any pointers
>> >> >> > _______________________________________________
>> >> >> > CentOS mailing list
>> >> >> > CentOS at centos.org
>> >> >> > https://lists.centos.org/mailman/listinfo/centos
>> >> >> >
>> >> >> _______________________________________________
>> >> >> CentOS mailing list
>> >> >> CentOS at centos.org
>> >> >> https://lists.centos.org/mailman/listinfo/centos
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > ---~~.~~---
>> >> > Mike
>> >> > //  SilverTip257  //
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> ---~~.~~---
>> >> Mike
>> >> //  SilverTip257  //
>> >> _______________________________________________
>> >> CentOS mailing list
>> >> CentOS at centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >>
>> > _______________________________________________
>> > CentOS mailing list
>> > CentOS at centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>





More information about the CentOS mailing list