I am getting this error when I try to bring up IPSec Tunnel.Starting connection with command /usr/sbin/ipsec auto --up 'paycode-to-vivacom' ..
104 "paycode-to-vivacom" #7: STATE_MAIN_I1: initiate
003 "paycode-to-vivacom" #7: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
003 "paycode-to-vivacom" #7: ignoring Vendor ID payload [FRAGMENTATION c0000000]
[code]....
I want to setup firewall protection with iptables to support IPSec tunnels. That is, the firewall will drop anything from any host if it is not from an established IPSec tunnel. And it will accept anything (any protocols) if it's from an IPSec tunnel.
That is, I need also to open up ping to make ping work. But if I open up icmp, I cannot prevent pings from hosts that's outside my IPSec tunnels. This defeats my purpose.So if my purpose is to allow "anything" within the tunnel and disallow/drop anything outside the IPSec tunnels, how should I setup the iptables rules?
While I successfully configured an IPsec-VPN (I use a similar tho modified setup like this:[URL].. I am now stuck on the next steps. While I can connect to everything I want, I need to configure "access-groups" and/or "users".
The scenario is similar to this: Lets say Host A, B and C allow SSH-Connections and some weird non-standard UDP-Connection from Host-VPN, and are also accessible on other ports with public IP's (like http).
I now want to limit, that an admin-user has access to all of them, while trainee-admin only can access everything on Host B and C, and CEO only can connect via telnet to Host C - and all users can be roadwarriors
(I made this example up to give you an idea what i'm trying to do - hope it makes sense). Now my question is, if someone can point me towards a direction, as I'm quite clueless at the current moment as to what to try. I know that commercial IPsec-Implementations can do this, but can OpenSWAN/... give me something similar?
Unfortunately I have followed a misleading guide to set ssh and scp in order not to supply password everytime and...I messed up my ssh/scp settings as it does not work anymore.Well, in my attempt:
I moved to
Code: Select allcd ~/.ssh
then I created a rsa key
Code: Select allssh-keygen -t rsa
without giving any passphrase.Then
Code: Select allcat id_rsa.pub >> authorized_keys
chmod 600 authorized_keys
Then I tried tunnelling and...it didn't work. So, ok, I tried to recover previous settings erasing all the items in the folder ~/ .ssh/. After I tried copying a file with the "usual" command that used to work before (i.e. scp file user-id@server) and...I've found out it does not work anymore!
I get this error message:
ssh_exchange_identification: Connection closed by remote host
We have an Apache Subversion (http) server for hosting our codes, and, for the 3 next month, we are behind a DSL connection (max upload 100 kB/s).
When a remote co-worker try to download a new fresh copy of our projects on his computer directly over http, the transfer goes fine : with a bandwidth monitor (gnome-system-monitor or bwm-ng) we can see that the server is trying to send ~95kB/s and the connection remains usable for others task in parallel (just a bit slower, which is normal).
But : when the remote co-worker is connected through SSH to this server, and uses tunneling to communicate with Apache Subversion, the server is sending more than 200kB/s : the connection is not usable for other tasks during the transfer as with ~102kB/s actually transferred through the DSL Line, it's completely congested and more than fifty percents of the packets are lost.
I think that I understand why : TCP/IP auto-detects the max amount of successfully transmitted bytes per second, and try not send more than this maximum value.
When the Apache server is connected to the local instance of openssh-server through localhost, packets are transmitted successfully between them. Only after, openssh-server try to send it to the client (and should retry if it's not successfull) but during that time, Apache is already giving the next one... giving this saturation effect (Apache is not aware of the saturation, or at least, not enough)
I installed the PPTP Client [URL] and can successfully connect to my VPN (creates interface ppp0). The problem is, I'm trying to tunnel all of my traffic on my system through the connection. I've seen conflicting howtos and scripts including pptpclient's documentation (the ip-up and ip-down scripts don't work). How does one simply (even if I type it manually) tunnel the traffic?
System Info:
OS: Debian Squeeze, Kernel 2.6.32-5-686
GUI: Gnome (standard one from netisnt unstable install)
Main interface: eth1
PPTP interface: ppp0
My Debian server is used by people to set up ssh-tunnels for use as a local proxy ( on their remote machines).Since only the tunnel is setup, and no shell is used, I can't use "who" to see which users have an active ssh-tunnel on my server, but I would like to have an idea about who is active etc. I think I should be able to determine this from the auth.log file, but then I would have to use some script to determine what connection is still active. Is there an easy way to see what users have active ssh-tunnels on my Debian server at any given moment?
View 3 Replies View RelatedI currently run openVPN on my Debian box that provides secure ipv4 routing from my laptop to my VPS in a different country (and from there the internet via this box). This works fine. However, id like to sort out ipv6 through this VPN as well as IPV4 and not overly sure how to do it. The remote server itself has native ipv6 configured on device eth0 and it works (ping6, traceroutes all fine,incoming to web servers etc) nicely on dual stack.
How would i go about modifying the config (both client and server if needed) to enable openVPN to act as a tunnel broker to enable the laptop to use the ipv6 through the server as well as the old v4? (the internet connection laptop end will not/does not have native ipv6 from the ISP. Currently im using he-net tunnel broker but id like to run myself through my existing openVPN). VPN config details: Its using UDP, port 1194, creates a TUN interface, redirect-gateway etc and the rest is normal config. Edit:- if it matters the clients are all running windows so i cant use sh scripts to set up stuff client end.
I'm trying to perform a VPN lan to lan IPSEC connection. By my side, I have a server with 2 IP's, i.j.k.l (destined to act as a VPN gateway) and i.j.k.m (the server). I am a newbie. I don't know if this configuration is normal, but it's forced by our partner.
My configuration is:
OS: Fedora release 7 (Moonshine)
OpenSWAN version: Linux Openswan U2.4.7/K2.6.23.17-88.fc7 (netkey)
ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
[Code]...
i would like to establish a VPN connection which can hold either 'two' hosts..and secondly if that's done i would like to go for more number of users..Can i do it using IPSec services??if yes then how?
View 9 Replies View Related1 linksys router: gets the net from PPPOE and give the network DHCP. The router IP is 192.168.1.1. 1 windows laptop that work wireless and wired. 1 debian desktop that work wired and not working wireless. THe problem with the debian desktop is like this: I have a TP-Link TL-WN321G installed and found by lsusb command. I make a wireless connection WPA Personal (just like the router settings) it says i am connected to the wl network but no internet connection. the route command give me this:
[code]....
I tryed with wicd who said that the connection is WEP (and it's not, it is setup to WPA on the router and the network-manager conncetion) and when i try to connect i get bad password. I tryed with network-manager uninstalled and no chance.
The situation: The office has a WiFi network on one DSL line, which is used for our VoIP call center, and a wired network for our internal network and the majority of web surfing/traffic . Part of the office must be temperature controlled/monitored - we have a rather nice digital thermometer which is WiFi enabled.I have a Debian Wheezy box with a WiFi card and ethernet connection
What I'm trying to accomplish:Connect wifi enabled thermometer to WiFi network so it can automatically send temp updates (currently I have to do it manually via USB)Have the Wheezy box accept the downloaded file then send it to a back up server in the wired network
Side things that may be useful : Prefer to use wired connection for internet and apt and suchWiFi connection will really just be used for connecting to the thermometer
This [URL] .... topic got me thinking that there might be a way to bring the two networks together, but I don't know if that will wreak havoc on things. I know, the Windows and Mac OS don't like having ethernet and wifi at the same time, might Linux be better for this?
v&n had this to offer in the prior thread [URL] .... which I'll be doing more research on.
Machine A is located behind client firewall. The machine runs telnetd. This is Linux machine with Python 2.5.4 installed. I do not know the IP addy of the router and firewall is not open incoming. outgoing firewall is open.
Machine B (Windows machine) is a server with well known IP address. I can install any programs I want on either machine.
The idea is that I want Machine A to open a socket to machine B. Then I want to hold that socket and use to run a telnet session from Machine B to Machine A telnetd server.
I've got problem with configuration of 6to4 tunnel. I do it like they do here using iproute2 HTML Code: [URL] And still I can't ping ipv6.google.com: I' ve got Destination unreachable: Address unreachable
View 1 Replies View RelatedMy Debian Jessie system started to bug after a separate /usr partition being full. After redimensioning and various packages reinstalls I fall on this:
systemctl --user status Failed to get D-Bus connection: Erreur inconnue -1
i need to build an ipsec vpn between a linux debian server and a zyxel prestige, The debian server got 2 ethernets connection one for the internal network and the other one is public with a public ip adress.I need to know what i need for the build the tunnel, could you please let me know what i need? Let me explain i have only to configure openswan or i have to configure the iptables or somethings else too? I found this one do you think this would be work for me? [URL]..Is debian a right distro or should i try someone else?
View 2 Replies View RelatedI am struggling to find out how to start the connection to my VPN on boot?
View 1 Replies View RelatedMy network configuration is in a weird situation, that I always need to run dhclient manually each time after a network connection is established. When my computer connects to a router, sometimes it won't get a valid IP, and it uses an automatically generated fake Internet IP. In this situation, it won't connect to the Internet at all. Sometimes it get a valid local network IP, but still cannot connect to WAN, and could only connect to my router's address (both through ping and through router's management webpage). In both situation, it can be solved by a simple dhclient run.
This is my /etc/network/interfaces file:
Code: Select all# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
iface wlan0 inet dhcp
and this is my /etc/NetworkManager/NetworkManager.conf:
Code: Select all[main]
plugins=ifupdown,keyfile
dhcp=dhclient
#no-auto-default=FE:50:52:BE:46:4C,
I use Debian Jessie 8.2 and I am using a 3G connection using this modem => [URL] ....
The 3G connection works fine, except after 24 hours the connection drops and I cannot reconnect. If I reboot the computer, the connection will work again.
My guess is that my ISP gives me a new IP address after 24 hours and somehow my system cannot handle it.
How can I reconnect my 3G connection without rebooting?
I have already tried the following commands:
Code: Select allsudo service network-manager restart
Code: Select alldhclient -r eth0
dhclient eth0
Code: Select allsystemctl restart ModemManager
Results of journalctl and grepping my connection name (SFR)
Code: Select allsept. 22 17:58:19 ark1 NetworkManager[512]: <info> Policy set 'SFR Web / Prepaid 1' (eth0) as default for IPv4 routing and DNS.
sept. 23 18:17:07 ark1 NetworkManager[9446]: <info> new connection /etc/NetworkManager/system-connections/SFR Web * Prepaid 1
sept. 23 18:17:08 ark1 NetworkManager[9446]: <info> Auto-activating connection 'SFR Web / Prepaid 1'.
[Code] ....
As you can see sept 22 at time 17:58 is when the computer started up. And roughly 24 hours after it failed to reconnect.
Also I should mention that there is a script to run the command:
Code: Select allsudo service network-manager restart
if the computer cannot ping a server, ie if the connection is lost.
More journalctl info when the system tries to reconnect:
Code: Select allsept. 23 23:52:53 ark1 NetworkManager[9446]: <info> Auto-activating connection 'SFR'.
sept. 23 23:52:53 ark1 NetworkManager[9446]: <info> Activation (ttyUSB0) starting connection 'SFR'
sept. 23 23:52:53 ark1 NetworkManager[9446]: <info> Activation (ttyUSB0) Stage 1 of 5 (Device Prepare) scheduled...
sept. 23 23:52:53 ark1 NetworkManager[9446]: <info> Activation (ttyUSB0) Stage 1 of 5 (Device Prepare) started...
[Code] ....
I rebooted my vServer (Debian 8) and it doesn't came back up. Well, I used the rescue console on my server and the server seems to be running fine, except the network was broken. So I tried 'ifconfig' but nothing came up. So I tried to enable my interface with 'ifconfig venet0 up', and now it appears in my ifconfig list
Code: Select allroot@i67svof:/var/www# ifconfig
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:557 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:36463 (35.6 KiB) TX bytes:0 (0.0 B)
My HWaddr doesn't look that well :) 'ip addr' prints this result:
Code: Select allroot@i67svof:/var/www# ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
These are the last lines in /var/log/syslog:
Code: Select allroot@i67svof:/var/www# tail /var/log/syslog
Feb 20 11:34:16 i67svof systemd[1]: Stopping memcached daemon...
Feb 20 11:34:16 i67svof systemd[1]: Stopping Network Name Resolution...
Feb 20 11:34:16 i67svof systemd[1]: Stopping Regular background program processing daemon...
Feb 20 11:34:16 i67svof systemd[1]: Stopping Login Prompts.
[Code] .....
And finally my network config in /etc/network/interfaces
Code: Select all# Auto generated lo interface
auto lo
iface lo inet loopback
# Auto generated venet0 interface
auto venet0
[Code] .....
I have been tol that for debugging purposes it is often useful to have a serial connection to a computer. I have some diskless workstations thats freezes during boot. I guess X has someting to do with this, but I'm not sure. Since the workstations are diskless, syslog is not stored locally so I cant se what is happening after the NiC stops working. When the worstation freezes, screen is going black, all lights on the keyboard turns on, lights on NiC is going black. It is not possible to ping the workstation.
View 1 Replies View RelatedI have configured a RaLink wireless card to connecto to an 802.1x network. I connect by selecting the network, and the i give the credentials(username/password). How do i configure Debian to automatically connect to this network when a session begins?
View 2 Replies View RelatedI have installed GNU/Linux Debian on my computer (desktop) and i have ubuntu installed on my laptop. Now I want to start the ssh connection between both the computers. I want to make Debian as server and Ubuntu as client. Please can you guide me with this (installation and setup). Also the key values of the configuration file (ssh_config & sshd_config) are expected.
View 10 Replies View RelatedAlright, I was playing with the VPN capabilities in KDE4 on Squeeze AMD64 on my personal laptop (see my signature) and found it very easy to create a VPN connection and connect, but that's it. I made a VPN tunnel to one of my client locations as a test, but could use rdesktop to get into the server. Then I realized I couldn't ping the server either. I also lost all ability to browse the web and everything while the VPN was up. Upon checking ifconfig as root, I saw that it created "ppp0" and hat it had pulled an IP from the client network, but all of my networking capabilities were gone. What gives? What is it that I am missing?
View 4 Replies View RelatedWhen I click on Network Manager client in the Gnome Panel -> vpn connections -> configure vpn, the add button is not enabled.
View 5 Replies View RelatedAbout an hour ago i did an update on my Debian Squeeze. After the update was completed my LAN connection stopped working.. now i have to connect my computer to my router with a usb cable instead with my ethernet cable.. also, on the network connection, on the wired network section it says that the device(ethernet) has not been managed..
View 1 Replies View RelatedHow to enable wifi? I downloaded and installed Debian 6.00 and as I couldn't get online with my Tenda USB Wireless Adapter. I downloaded Debian 6.00 again, this time the CD Net Install version with Firmware included. However, the added firmware version of Debian does not find my wireless either. My wireless adopter is shown as Bus 001 Device 003: ID 148f:3072 Ralink Technology, Corp. RT3072 Wireless Adapter. There is a Network Icon in the Panel which when clicked shows "Create New Wireless Network". I have put in my ISP related network and my password and rebooted, but all I get is the message on my desktop:
"The Network Connection has been disconnected."
That isn't very polite, is it? Who has disconnected it and why remains a mystery to everyone except the culprit(s). I think I must have missed a basic step in the Wifi Enabling process. I checked the Use Permissions and everything is fine there, as User I have permissions to use modems and do networking and so forth. Also I should like to try "modprobe" but I see the package isn't in Synaptic Package Manager.
In one of my customers, the new internet connection have no public IPV4(using GCNAT), only public IPV6.
And there are various services that require external access, like, vpn (openvpn), a java/web system, ssh, rdp(windows).
fileServer(by vpn).
All is running ok in IPV4.Maybe, the solution is a NAT 6to4. We know this is the future, no more public IPV4.
After upgrading to Debian 8, I'm having a bit of trouble with systemd, since I'm not used to it (seeing as it was all init when I started). I tried to use a tutorial to create a new service and one step in it was to run
Code: Select allsystemctl enable xxx.service
Unfortunately, every time I run systemctl - even without parameters - I get this error:
Code: Select allFailed to get D-Bus connection: Operation not permitted
I bought a bluetooth pen, I connect it via USB, my bluetooth connection is active but I can't find other therminals, and my debian machine it isn't visible to other terminals.
It seems that my bluetooth connection works, but it can't pair other terminals. I want to connect bluetooth speaker, but it seems impossible.