Questions tagged [racoon]

24 questions
6
votes
1 answer

ASA site-to-site IPSec vpn to linux ipsec-tools endpoints stops working after a random period of time

We swapped to ASA's over the weekend, and we replaced our VPN infrastructure which was previously based on openvpn and are now using IPSec between our ASA 5520's and our other sites that have linux (CentOS) routers. The VPNs connect just fine, but…
Peter Grace
  • 3,446
  • 1
  • 26
  • 42
4
votes
4 answers

pfsense 2.0.2 racoon(ipsec vpn) unreliable

I'm having issues with racoon (ipsec VPN) on pFSense 2.0.2 (and 2.0.1). According to racoon all my tunnels are up (I have about 130 of them), but over time more and more of them won't pass traffic through. If I restart racoon the tunnels start…
cpuguy83
  • 202
  • 2
  • 7
4
votes
2 answers

iOS/Mac-Compatible IPSec VPN Server on Ubuntu

I pay for a VPS from a Xen VPS host and the load on it is fairly light, so I'd like to run a VPN off of it. The configuration I'm shooting for is "roadwarrior"-style, as I'd like to use it to secure connections from my iPhone and Mac when I'm not at…
Carter Allen
  • 93
  • 1
  • 8
3
votes
1 answer

Poor IPsec over GRE performances

I have set up an IPsec over GRE connection with a remote host, both are NetBSD 6.1 based. The "client" is connected to the Internet through a 400Mbps fiber connection. The "server" is located on a 10Gbps network. Both machines have 1Gbps NICs which…
iMil
  • 251
  • 1
  • 9
3
votes
0 answers

Having trouble installing Racoon and Strongswan on the same system

I have two applications that I need to run, one uses Racoon for establishing IPSec tunnels and the other uses Strongswan. Therefore, I need both Racoon and Strongswan installed simultaneously on my Ubuntu 12.04 box. However, when I install…
exxodus7
  • 95
  • 1
  • 8
3
votes
2 answers

ipsec vpn with racoon drops traffic on phase 1 renegotiation

We are running racoon on Linux connecting to a Checkpoint firewall. The connection comes up fine, but we see an interruption to traffic every 24 hours, corresponding to Phase 1 regenogiation. Our setup is as follows: Local side racoon from…
JamesW
  • 29
  • 1
  • 3
3
votes
2 answers

Racoon on Linux - Initial packet loss

I have configured two Linux boxes so they automatically use a transport-level IPSec connection whenever they need to communicate. The configuration is based on Racoon with X509 authentication and the bundle_complex option set to on, as well as…
E.Benoît
  • 135
  • 5
2
votes
0 answers

What could cause racoonctl to show a Phase2 count higher than the number of ports racoon is listening on?

In my setup I have some EC2 instances in different regions linked by GRE tunnels, using ISAKMP via racoon. This setup is inherited, so bear with me if I fumble with terminology. Sometimes I get weird output from racoonctl -ll show-sa isakmp (pardon…
2rs2ts
  • 325
  • 3
  • 11
2
votes
0 answers

FreeBSD L2TP/IPsec not routing traffic to vpn server

I have configured a VPN server on my FreeBSD server, it all seems to be running, but the VPN traffic is not routing through to the local VPN server and I cannot figure out as to why. So my question is, what is wrong with my current setup? Note…
crooksey
  • 121
  • 1
  • 6
2
votes
1 answer

VPN with xl2tpd and racoon - how to NAT traffic out of non-default IP address

I have a server running Debian which has networking like this: eth0 - has public IP address 1.2.3.4 eth1 - has public IP address 1.2.3.5 I'm trying to set up a VPN on the server which I can connect to from my Android phone. I followed the…
David North
  • 762
  • 1
  • 5
  • 12
2
votes
1 answer

Using a roadwarrior ipsec client as a gateway

Scenario: INTERNET --- VPN-Server <----> ROUTER <----> Roadwarrior <----> Subnet 132.1.1.1 192.168.2.1 192.168.2.50 176.168.10.0/24 | INTERNET …
scitech
  • 21
  • 2
2
votes
0 answers

IPSec VPN login failing with certificate authentication

I am working on an IPSec VPN solution allowing iPhones / iPads to connect to a Linux server running Gentoo. I have been able to get the VPN functioning as expected using PSK authentication (PSK + Login + Password), but I am having trouble getting…
1
vote
0 answers

Network outage when machine on internal ipsec secured net crashes

We have 3 machines (Debian Jessie), each having 2 network interfaces. One interface is connected to the internet, the other to an internal net which is encrypted via ipsec/racoon. One of the machines is starting to fail, and whenever it crashes the…
user302950
  • 11
  • 1
1
vote
1 answer

IpSec/Racoon: Packets go to wrong tunnel

I use Debian and Racoon to connect to a Cisco VPN Gateway. We have got two tunnels between the same endpoints. Somehow and sometimes, packets go to the wrong tunnel. This is the log message from the remote Cisco system: Aug 13 17:55:01 XXXXX…
Matthias Wuttke
  • 123
  • 1
  • 9
1
vote
0 answers

racoon pure IPSEC VPN, best way to give vpn server an IP address on the VPN?

We are testing a VPN server for DR. We have a rackspace cloud instance, with a pure IPSEC VPN server running in racoon, serving "road warrior" clients. We have some NAT going on on the server to route externally: -A POSTROUTING -s 172.31.31.0/24 -o…
simon
  • 714
  • 7
  • 20
1
2