Networking :: IPsec - Tunnel Restrictions And Users?

Jun 22, 2011

While I successfully configured an IPsec-VPN (I use a similar tho modified setup like this:[URL].. I am now stuck on the next steps. While I can connect to everything I want, I need to configure "access-groups" and/or "users".

The scenario is similar to this: Lets say Host A, B and C allow SSH-Connections and some weird non-standard UDP-Connection from Host-VPN, and are also accessible on other ports with public IP's (like http).

I now want to limit, that an admin-user has access to all of them, while trainee-admin only can access everything on Host B and C, and CEO only can connect via telnet to Host C - and all users can be roadwarriors

(I made this example up to give you an idea what i'm trying to do - hope it makes sense). Now my question is, if someone can point me towards a direction, as I'm quite clueless at the current moment as to what to try. I know that commercial IPsec-Implementations can do this, but can OpenSWAN/... give me something similar?

View 1 Replies


ADVERTISEMENT

General :: Ssh Tunnel Username With Restrictions?

Mar 25, 2011

i have jsut setup a kvm virtual machine on my server. to connect to the VM from outside of the network i use ssh tunneling. what i would liek to know is if there is any way to create a new user with jsut ssh access. i dont want people to be able to edit files in ~/ or such. jsut need the user to estabilish the connection to the server

View 1 Replies View Related

Security :: How To Set Iptables For IPSec Tunnel?

Jan 7, 2010

I want to setup firewall protection with iptables to support IPSec tunnels. That is, the firewall will drop anything from any host if it is not from an established IPSec tunnel. And it will accept anything (any protocols) if it's from an IPSec tunnel.

That is, I need also to open up ping to make ping work. But if I open up icmp, I cannot prevent pings from hosts that's outside my IPSec tunnels. This defeats my purpose.So if my purpose is to allow "anything" within the tunnel and disallow/drop anything outside the IPSec tunnels, how should I setup the iptables rules?

View 3 Replies View Related

Debian Configuration :: IPSec VPN Tunnel Connection?

Feb 17, 2010

I am getting this error when I try to bring up IPSec Tunnel.Starting connection with command /usr/sbin/ipsec auto --up 'paycode-to-vivacom' ..

104 "paycode-to-vivacom" #7: STATE_MAIN_I1: initiate
003 "paycode-to-vivacom" #7: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
003 "paycode-to-vivacom" #7: ignoring Vendor ID payload [FRAGMENTATION c0000000]

[code]....

View 3 Replies View Related

Fedora :: Delete Restrictions For Users' Passwords

Dec 22, 2009

I have Fedora 10 installed. I want my users to be able to use any password they want. So I edited /etc/pam.d/system-auth, the password section.
Was:

Code:
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password required pam_deny.so
Become:

[Code].....

View 2 Replies View Related

Ubuntu Servers :: IPsec - Limit Users Or Groups

Jun 22, 2011

I successfully configured a VPN using IPSec(Openswan) and xl2ptd. While roughly following this guide (among countless others): [URL]

The VPN-Connection works fine, connecting to it is also a swirl, I can reach all that I want in the network, and also the gateway to the Internet works - everything being routed through that VPN.

Now my problem is actually the next steps, and I didn't succeed finding the right result on any possible search:

a) I want to limit, that the VPN-Connection is only used for distinct connections to hosts, that aren't in a "company subnet", but the IP's are publicly available. (Example: The Target-IP 8.8.8.8 allows per iptables, that only my VPN-Host 1.2.3.4 accesses it via SSH, and thus I only can access that Target-IP via SSH when I'm on the VPN). When actually browsing to the ubuntu-website, I want, that NOT the VPN-Connection is used but rather my normal connection (as a reference: i'm on a Windows-Client - not my choice, btw.)

b) I want to have several such "limitations" grouped, and give users 'access-rights' to certain hosts (Examples: Admin gets access to all on all ports Testers get access to some machines on distinct ports CEO gets access only to the mailserver via POP3 or IMAP

View 1 Replies View Related

Ubuntu Servers :: Restrict Users To Only SSH Tunnel - No Shell?

Jul 21, 2011

I have an Ubuntu 11.04 instance running on Amazon EC2. I am currently using it as an SSH tunnel/SOCKS proxy. Most of my Net activity is on a Windows 7 machine running PuTTY. This setup is working very well. So well that a few of my friends have expressed interest in accessing it. Question is, how do I share this proxy, without giving away my private key and root access? I would like to limit users to only being able to set up an SSH tunnel/SOCKS proxy, with no shell access. What other security measures would you recommend for such a setup? I googled a bit and saw references to rbash and chroot. I have already changed the SSH port, and set the EC2 firewall to allow inbound SSH only from my ISP's address range. My friends use the same ISP. They would probably be running Windows 7/Vista, and PuTTY too.

View 4 Replies View Related

Networking :: IPsec VPN Connected - But Cannot See Other Side?

Aug 24, 2010

I have an IPsec VPN between 2 Ubuntu 10.04.1 Boxes which is working perfectly. However I cannot get any traffic to route down the VPN link.Interestingly, when checking the routing table, there isn't even a route list for the remote network. This is the same on both sides. Also there isn't an ipsec0 interface listed either.However, when a the command "sudo service ipsec status" is ran, it definately shows the tunnel is up and connected.

View 1 Replies View Related

Networking :: Ipsec Service Can't Start?

Sep 9, 2010

I install openswan on rhel6 and when i execute the command "service ipsec start "

it say:
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
ipsec_setup: Openswan IPsec apparently already active, start aborted

[Code].....

View 1 Replies View Related

Fedora Networking :: Internet Access Restrictions?

May 31, 2011

I have a work network of about 20 boxes most of which are running Windows 7 and one of them is a file server using linux and another is Windows server 2003. Now the local IP is distributed by the router, and no regulation of internet access is done by any of the servers.What I need to do is restrict internet access to select domains, which would probably need DHCP through linux(I think, not really sure), and I need something simple like a 'blabla.conf' file with the allowed websites that I can edit. need to know how to regulate IP addresses through the linux box (all details if possible, I never tried to do that before), and how to restrict internet access also through linux.

View 4 Replies View Related

Networking :: Apply A NAT With Source Restrictions At Iptables?

Jul 22, 2010

I have a computer with two interfaces (eth0 and eth1), eth0 is connected with a local network and eth1 is connected to the internet, also it implements a NAT in the interface eth1. Nevertheless, I'm trying to create spoofed packets with sockets raw in the computer that runs the NAT and send the packets to the interface eth1. The problem is that the NAT is changing the IP source to the real one before send the packets. So, anyone have any idea how can I implements the NAT in eth1 but only apply the NAT to the packets that are from/to eth0? I was thinking in something like (I am really newbie with iptables):

iptables -t nat -A POSTROUTING -o eth1 -i eth0 -j MASQUERADE

Well, it didn't work.

View 1 Replies View Related

Fedora Networking :: Perform A VPN Lan To Lan IPSEC Connection?

Jul 21, 2009

I'm trying to perform a VPN lan to lan IPSEC connection. By my side, I have a server with 2 IP's, i.j.k.l (destined to act as a VPN gateway) and i.j.k.m (the server). I am a newbie. I don't know if this configuration is normal, but it's forced by our partner.

My configuration is:

OS: Fedora release 7 (Moonshine)
OpenSWAN version: Linux Openswan U2.4.7/K2.6.23.17-88.fc7 (netkey)
ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5

[Code]...

View 3 Replies View Related

Ubuntu Networking :: Best Way To Setup IPv6 IPSEC?

Feb 12, 2011

I've been using IPv6 on my local network and through a Hurricane Electric IPv6 tunnel. I've heard that one of the built in features of IPv6 is encryption, both scrambling the data and authenticating where the traffic came from. I've done some searching and heard of SWAN and Racoon, but some of the stuff I found is old and I would like to know what the easiest/best way to set up IPSEC for IPv6 is.

View 3 Replies View Related

Networking :: Allowing IPSec/L2TP In Iptables?

Jun 4, 2010

I had configured IPSEC/L2Tp on my Centos 5.4 gateway machine .For testing i had disabled firewall and Ipsec is working fine.I am able to connect from client etc...Now i want to allow Ipsec and l2tp throught Firewall.here is my Current Working Firewall.Only Openvpn is allowed and is Redirected.

eth0=XXXSTATICIPXXX
eth1=192.168.1.81
OpenVpn IP Range = 172.24.0.16/4
Ipsec Ip Range = 192.168.1.0/24

[Code].....

View 2 Replies View Related

Networking :: EstablishingVPN Connection Using IPSec Services

Jun 4, 2009

i would like to establish a VPN connection which can hold either 'two' hosts..and secondly if that's done i would like to go for more number of users..Can i do it using IPSec services??if yes then how?

View 9 Replies View Related

Networking :: IPTables NAT - Excluding Subnets For IPSec VPN

Feb 27, 2011

I have a Ubuntu 10.10 box which i've developed an IPTables Firewall script and is forwarding my ports correctly. This service also runs Openswan VPN Server with 2 VPN's, which is also working well.

I have come across a small snag with excluding the multiple VPN subnets I have from the NAT on this box.

I have the line in my configuration file:

-A POSTROUTING -o eth1 -s 10.172.1.0/24 -d ! 192.168.5.0/24 -j MASQUERADE

Which when added to IPTables does make the VPN come to life. But I can't seem to get it to add the second subnet. Unfortunately, I can't do a blanket exclusion such as 192.168.0.0/16 because the second VPN is on a Class B subnet address which I cannot change.

View 1 Replies View Related

CentOS 5 Networking :: Ipsec - Get Access To All The Subnets?

Aug 18, 2011

Connecting two networks with ipsec on this manual [URL] The two networks are connected, everything works, the question is as follows: For a gateway to multiple subnets, I have access to only one subnet is listed in / etc/sysconfig/network-scripts/ifcfg-ipsec0 DSTNET = 192.168.2.0/24. How do I get access to all the subnets?

View 2 Replies View Related

Networking :: Possibility To Transport One Or Two VLANs Through A VPN (IPSEC) Link?

Apr 29, 2010

Is there any possibility to transport one or two VLANs through a VPN (IPSEC) link on Linux

View 2 Replies View Related

Networking :: Debian Etch - OpensWan - Zyxel Prestige Ipsec Vpn?

Jan 19, 2010

i need to build an ipsec vpn between a linux debian server and a zyxel prestige, The debian server got 2 ethernets connection one for the internal network and the other one is public with a public ip adress.I need to know what i need for the build the tunnel, could you please let me know what i need? Let me explain i have only to configure openswan or i have to configure the iptables or somethings else too? I found this one do you think this would be work for me? [URL]..Is debian a right distro or should i try someone else?

View 2 Replies View Related

Networking :: Good Tutorial In Order To Learn IPSec Vpn With System?

Dec 17, 2010

I've no experience with IPSec. I've used many times OpenVPN (with static key or certificates x509).
Could anyone suggest me a good tutorial in order to learn IPSec vpn with Linux?

View 1 Replies View Related

Ubuntu Networking :: Setting Up IPSec VPN Server On 8.10 LTS To Work With IPhone Clients?

Apr 3, 2010

I've searched through google, and all I can find are instructions on how to set up a L2TP/IPSec VPN that works with macs and iPhones. I'm NOT trying to set up an L2TP/IPSec VPN. I'm trying to set up a pure-ipsec vpn.

The iPhone IPSec client is a built-in cisco client, I believe. I'm staying away from L2TP and PPTP because I need multicast packets to go through. *edit: wow, i just noticed that the title says "8.10 LTS". Oops! I obviously mean "8.04 LTS". Gah, the lack of sleep got to me.

View 6 Replies View Related

Ubuntu Networking :: Vpnc Traffic Routing - IPSec Target Network?

Nov 16, 2010

I just got vpnc setup to work with my VPN at work and now I am trying to figure out how to limit the traffic that is routed through the VPN while I'm connected to it. I only want traffic going to the local domain to be routed through the VPN.This is what my vpnc config file looks like:

Code:
IPSec gateway publicdomain.example.com
IPSec ID XXXX

[code]....

View 2 Replies View Related

Networking :: Ipsec - Racoon Roadwarrior Client - Main Mode - Hybrid_rsa Authentication?

Jun 28, 2011

My client is on Ubuntu Lucid 10.04, I installed ipsec-tools and racoon from the repositories. The gateway is installed on a CentOS machine. I've configured everything to get a working roadwarrior configuration with authentication_method hybrid_rsa client and server. It's working in aggressive mode, but in main mode I can't get it working. I delivered new CA and certificates several times but I'm still stuck.

It seems that it comes from my client not supporting the certificate sent by the server. The client contains a copy of the CA, whereas server has a private key and a certificate signed by the CA.

[Code]...

View 3 Replies View Related

Networking :: Can't Establish Tunnel For VPN Over SSH?

Jul 20, 2010

I'm trying to create a VPN through SSH but encounter the following:

Code:
[18:42:11]root@bronzhip:/home/casey# sudo ssh -w 0:0 97.**.***.221 -i VPN
channel 0: open failed: administratively prohibited: open failed

[code]....

View 6 Replies View Related

Networking :: How To Set Up Secure Web Tunnel?

Mar 24, 2011

I'm trying to set up a secure web tunnel at home I have an Ubuntu box (desktop), a Mac, and a Windows 7 box. I use all of them for different reasons. I want to be able to route traffic from my browser through my Ubuntu box. I have done this before with proxy servers abroad, but I want to do it using ssh and my box at home so I don't have to pay for a service i.e (Secure Tunnel)etc.

I followed the instructions at http://bit.ly/hAnp6u. However, using my Win7 box, after I set the browser part per the instructions, I get no connection from the browser.

View 1 Replies View Related

Networking :: Multi-hop VNC Tunnel Over SSH

Oct 21, 2010

Is it possible to chain together multiple SSH tunnel hops in a single `ssh -L` command on the client side? I have two gateways I need to get through in order to access a remote host. For a normal SSH client connection, it's simple enough chain this all together by simply appending the additional SSH connection commands to the first one:Code: ssh gateway.1 ssh gateway.2 ssh remote.host.

View 6 Replies View Related

Fedora Networking :: Can't Establish A Ssh Tunnel

Jun 20, 2010

I have a headless server, running Fedora 13. I want to make a ssh tunnel to that server from laptop that is also running Fedora 13. Logging into that server over ssh works well, X11 forwarding also works, but I can't establish a ssh tunnel.

At the moment I was trying to connect two small python tcp sample programs, that communicate through port 8000. Running them both on my laptop works well.

What I am trying to do is that I am making two seperate ssh connections to my server, let's say it's address is myserver.com.

1) I make a 'standard' ssh connection to it

Code:

And run the server program

2) I open another terminal window and make the tunnel

Code:

3) I open 3rd terminal window and try to run the client program, that is trying to connect to localhost:8000.

If I understand it correctly, the client should now connect to localhost:8000, ssh would discover that and send that data to myserver.com port 8000. Then the server program on myserver.com is listening on that port and should get that data and send "hello world" string back to the client. Then the client should get that, print it to stdout and exit.

Unfortunatly all what it does is that it just hangs for about ten seconds and then says "connection lost" (timeout?)

I have tried other programs, they also timout.

By passing the -v argument to ssh it outputs:

Code:

When I try to connect the client it prints four more lines:

Code:

So as you see, it says that the connection times out..Also can anybody tell what the "Unspecified GSS failure." means? The possible break in attempt is caused by connecting to the server using the myserver.com address while being in the same local network with the server. If I connect using server's local ip address (ie. 192.168.1.xxx), the message dissappears.

View 5 Replies View Related

Ubuntu Networking :: Create SSL Tunnel Over Ssh?

Oct 3, 2010

I Need to make an SSL tunnel over SSH, I need to create exactly an SSL tunnel,I have a situation like that, I heared it is possible,but don't know how to create an SSL tunnel over SSH i am having putty installed on my pc,So i think i can use putty for this purpose, But i don't know how to do this.

View 1 Replies View Related

Ubuntu Networking :: How To Create SSH Tunnel

Aug 3, 2011

I wanted to create an ssh tunnel but I do not know what commands to run .. my environment is as follows:
LAN Internet Office LAN
Home PC <-> Linux firewall <-> http server..

According to the above what I figure is that I have an internal web server at my job and I need to create a tunnel to access the web server from my PC in my home. I know I can do a port forwarding with the firewall but I don't want to publish this web server to Internet. My home PC and both servers (firewall and web) are ubuntu. My idea is create a ssh tunnel that forward port 8080 on localhost in my home pc, to the firewall (obviously with public ip), and the the firewall forward to port 80 on office web server at my job. Note that the firewall accepts ssh connections to port 22, same for web server...

View 2 Replies View Related

Networking :: Create Tunnel Between 2 Different Networks

Jun 8, 2010

i need possible direction on setting up a tunnel between 2 different network. The tunnel will be used by devices from the 2 different network to communicate with each other (for eg DevA and DevB).

DevA <-> Linux A <=====================> Linux B <-> DevB

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved