Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
Anyway, they both use compatible config files?

Eero
22.3.2016 12.23 ap. "Leon Fauster"  kirjoitti:

> Am 21.03.2016 um 18:17 schrieb Mike - st257 :
> > I second Eero's comment, use a new IPSec daemon.
> >
> > Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> > main developer for the Openswan project before he and others created the
> > Libreswan fork.
> > https://libreswan.org/
> >
> > EL6 has Openswan
> > EL7 has Libreswan
> >
> > Racoon isn't all that fun to work with.
> > If you have the option, ditch it and EL5 and move to a newer platform
> > (preferably EL7 with Libreswan)
>
>
> Libreswan will be in the next EL6 release ...
>
> --
> LF
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Leon Fauster 
Am 21.03.2016 um 18:17 schrieb Mike - st257 :
> I second Eero's comment, use a new IPSec daemon.
> 
> Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> main developer for the Openswan project before he and others created the
> Libreswan fork.
> https://libreswan.org/
> 
> EL6 has Openswan
> EL7 has Libreswan
> 
> Racoon isn't all that fun to work with.
> If you have the option, ditch it and EL5 and move to a newer platform
> (preferably EL7 with Libreswan)


Libreswan will be in the next EL6 release ...

--
LF



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Marcelo Ricardo Leitner 

Well, RHEL actually supports upgrading from 6 to 7 in some use cases.
If you have access, https://access.redhat.com/solutions/21964.
Not sure how that fits for CentOS though..

Em 21-03-2016 15:38, Eero Volotinen escreveu:

err. upgrades?

You mean reinstall? As upgrading between major releases are not supported
in any way on centos / rhel and clones..

--
Eero

2016-03-21 20:33 GMT+02:00 <m.r...@5-cent.us>:


Glenn Pierce wrote:

I asked about upgrading once and got no reply. Does anyone have

experience

of having a hosted centos upgraded on a virtual server. Would you usually
have to pay for a transition instance ?


I pay for my own hosting (5-cent.us) at hostmonster. They've done
upgrades, and they announced it to *me*, and no, I didn't pay anything.
And I'm just a "consumer grade" - something like $6US/month.

I would expect *far* more for commercial hosting.

   mark


-Original Message-
From: "Eero Volotinen" <eero.voloti...@iki.fi>
Sent: ‎21/‎03/‎2016 18:11
To: "CentOS mailing list" <centos@centos.org>
Subject: Re: [CentOS] IPSec multiple VPN setups

Memset.com ? In real world, rhel 5/centos 5 gets only critical security
patches.

Eero
21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti:


Glenn Pierce wrote:

Will ask my boss :) We are hosted on memset so not so easy to update

Thanks


Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
ago? They haven't sent warnings that 5 was hitting eol?

Who are they, please? I want to make sure that if someone asks me about
hosting, I can add that to places they should avoid.

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Always Learning 

On Mon, 2016-03-21 at 18:23 +, Glenn Pierce wrote:

> I asked about upgrading once and got no reply. Does anyone have
>  experience of having a hosted centos upgraded on a virtual server.
>  Would you usually have to pay for a transition instance ?

I have several Centos VPSs in several countries around the world.
Naturally I don't have FTP preferring to use SSH, SCP, non-standard
ports and restricted to specific incoming individual IPs.

All run C 6.7 except one on C 5.11, which I am about to upgrade (its
difficult because so much is on that machine and I don't want any
downtime).

Dump your out-of-date C5. C6 is not very different. Everything I run on
C5 also runs smoothly on C6.



-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Glenn Pierce 
I'm Sur my boss will agree. Looks like I have a multi terra byte postgres move 
to look forward to. 
Thanks evryone

-Original Message-
From: "m.r...@5-cent.us" <m.r...@5-cent.us>
Sent: ‎21/‎03/‎2016 20:03
To: "CentOS mailing list" <centos@centos.org>
Subject: Re: [CentOS] IPSec multiple VPN setups

Glenn Pierce wrote:
> Yes reinstall. I get you have to purchase a new instance for a time to
> move over.

I'd figure that they just move you to an instance that's already running a
newer version of the o/s, giving you time to test for breakage. I really
don't see them charging, except, possibly, for running in parallel during
testing.

   mark
>
> -Original Message-
> From: "Eero Volotinen" <eero.voloti...@iki.fi>
> Sent: ‎21/‎03/‎2016 18:38
> To: "CentOS mailing list" <centos@centos.org>
> Subject: Re: [CentOS] IPSec multiple VPN setups
>
> err. upgrades?
>
> You mean reinstall? As upgrading between major releases are not supported
> in any way on centos / rhel and clones..
>
> --
> Eero
>
> 2016-03-21 20:33 GMT+02:00 <m.r...@5-cent.us>:
>
>> Glenn Pierce wrote:
>> > I asked about upgrading once and got no reply. Does anyone have
>> experience
>> > of having a hosted centos upgraded on a virtual server. Would you
>> usually
>> > have to pay for a transition instance ?
>> >
>> I pay for my own hosting (5-cent.us) at hostmonster. They've done
>> upgrades, and they announced it to *me*, and no, I didn't pay anything.
>> And I'm just a "consumer grade" - something like $6US/month.
>>
>> I would expect *far* more for commercial hosting.
>>
>>   mark
>>
>> > -Original Message-
>> > From: "Eero Volotinen" <eero.voloti...@iki.fi>
>> > Sent: ‎21/‎03/‎2016 18:11
>> > To: "CentOS mailing list" <centos@centos.org>
>> > Subject: Re: [CentOS] IPSec multiple VPN setups
>> >
>> > Memset.com ? In real world, rhel 5/centos 5 gets only critical
>> security
>> > patches.
>> >
>> > Eero
>> > 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti:
>> >
>> >> Glenn Pierce wrote:
>> >> > Will ask my boss :) We are hosted on memset so not so easy to
>> update
>> >> >
>> >> > Thanks
>> >>
>> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6
>> years
>> >> ago? They haven't sent warnings that 5 was hitting eol?
>> >>
>> >> Who are they, please? I want to make sure that if someone asks me
>> about
>> >> hosting, I can add that to places they should avoid.
>> >>
>> >> mark
>> >>
>> >> ___
>> >> CentOS mailing list
>> >> CentOS@centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >>
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> >
>>
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread m . roth 
Glenn Pierce wrote:
> Yes reinstall. I get you have to purchase a new instance for a time to
> move over.

I'd figure that they just move you to an instance that's already running a
newer version of the o/s, giving you time to test for breakage. I really
don't see them charging, except, possibly, for running in parallel during
testing.

   mark
>
> -Original Message-
> From: "Eero Volotinen" <eero.voloti...@iki.fi>
> Sent: ‎21/‎03/‎2016 18:38
> To: "CentOS mailing list" <centos@centos.org>
> Subject: Re: [CentOS] IPSec multiple VPN setups
>
> err. upgrades?
>
> You mean reinstall? As upgrading between major releases are not supported
> in any way on centos / rhel and clones..
>
> --
> Eero
>
> 2016-03-21 20:33 GMT+02:00 <m.r...@5-cent.us>:
>
>> Glenn Pierce wrote:
>> > I asked about upgrading once and got no reply. Does anyone have
>> experience
>> > of having a hosted centos upgraded on a virtual server. Would you
>> usually
>> > have to pay for a transition instance ?
>> >
>> I pay for my own hosting (5-cent.us) at hostmonster. They've done
>> upgrades, and they announced it to *me*, and no, I didn't pay anything.
>> And I'm just a "consumer grade" - something like $6US/month.
>>
>> I would expect *far* more for commercial hosting.
>>
>>   mark
>>
>> > -Original Message-
>> > From: "Eero Volotinen" <eero.voloti...@iki.fi>
>> > Sent: ‎21/‎03/‎2016 18:11
>> > To: "CentOS mailing list" <centos@centos.org>
>> > Subject: Re: [CentOS] IPSec multiple VPN setups
>> >
>> > Memset.com ? In real world, rhel 5/centos 5 gets only critical
>> security
>> > patches.
>> >
>> > Eero
>> > 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti:
>> >
>> >> Glenn Pierce wrote:
>> >> > Will ask my boss :) We are hosted on memset so not so easy to
>> update
>> >> >
>> >> > Thanks
>> >>
>> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6
>> years
>> >> ago? They haven't sent warnings that 5 was hitting eol?
>> >>
>> >> Who are they, please? I want to make sure that if someone asks me
>> about
>> >> hosting, I can add that to places they should avoid.
>> >>
>> >> mark
>> >>
>> >> ___
>> >> CentOS mailing list
>> >> CentOS@centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >>
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> >
>>
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread m . roth 
Eero Volotinen wrote:
> err. upgrades?
>
> You mean reinstall? As upgrading between major releases are not supported
> in any way on centos / rhel and clones..
>
Of course. Now, I haven't looked recently, but I do vaguely remember them
telling me they were moving me to an upgraded system; my website runs perl
CGI, and that's about it, the rest is *all* straight HTML, so I doubt I
would have noticed much.

  mark
> --
> Eero
>
> 2016-03-21 20:33 GMT+02:00 <m.r...@5-cent.us>:
>
>> Glenn Pierce wrote:
>> > I asked about upgrading once and got no reply. Does anyone have
>> experience
>> > of having a hosted centos upgraded on a virtual server. Would you
>> usually
>> > have to pay for a transition instance ?
>> >
>> I pay for my own hosting (5-cent.us) at hostmonster. They've done
>> upgrades, and they announced it to *me*, and no, I didn't pay anything.
>> And I'm just a "consumer grade" - something like $6US/month.
>>
>> I would expect *far* more for commercial hosting.
>>
>>   mark
>>
>> > -Original Message-----
>> > From: "Eero Volotinen" <eero.voloti...@iki.fi>
>> > Sent: ‎21/‎03/‎2016 18:11
>> > To: "CentOS mailing list" <centos@centos.org>
>> > Subject: Re: [CentOS] IPSec multiple VPN setups
>> >
>> > Memset.com ? In real world, rhel 5/centos 5 gets only critical
>> security
>> > patches.
>> >
>> > Eero
>> > 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti:
>> >
>> >> Glenn Pierce wrote:
>> >> > Will ask my boss :) We are hosted on memset so not so easy to
>> update
>> >> >
>> >> > Thanks
>> >>
>> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6
>> years
>> >> ago? They haven't sent warnings that 5 was hitting eol?
>> >>
>> >> Who are they, please? I want to make sure that if someone asks me
>> about
>> >> hosting, I can add that to places they should avoid.
>> >>
>> >> mark
>> >>
>> >> ___
>> >> CentOS mailing list
>> >> CentOS@centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >>
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> >
>>
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Glenn Pierce 
Yes reinstall. I get you have to purchase a new instance for a time to move 
over. 

-Original Message-
From: "Eero Volotinen" <eero.voloti...@iki.fi>
Sent: ‎21/‎03/‎2016 18:38
To: "CentOS mailing list" <centos@centos.org>
Subject: Re: [CentOS] IPSec multiple VPN setups

err. upgrades?

You mean reinstall? As upgrading between major releases are not supported
in any way on centos / rhel and clones..

--
Eero

2016-03-21 20:33 GMT+02:00 <m.r...@5-cent.us>:

> Glenn Pierce wrote:
> > I asked about upgrading once and got no reply. Does anyone have
> experience
> > of having a hosted centos upgraded on a virtual server. Would you usually
> > have to pay for a transition instance ?
> >
> I pay for my own hosting (5-cent.us) at hostmonster. They've done
> upgrades, and they announced it to *me*, and no, I didn't pay anything.
> And I'm just a "consumer grade" - something like $6US/month.
>
> I would expect *far* more for commercial hosting.
>
>   mark
>
> > -Original Message-
> > From: "Eero Volotinen" <eero.voloti...@iki.fi>
> > Sent: ‎21/‎03/‎2016 18:11
> > To: "CentOS mailing list" <centos@centos.org>
> > Subject: Re: [CentOS] IPSec multiple VPN setups
> >
> > Memset.com ? In real world, rhel 5/centos 5 gets only critical security
> > patches.
> >
> > Eero
> > 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti:
> >
> >> Glenn Pierce wrote:
> >> > Will ask my boss :) We are hosted on memset so not so easy to update
> >> >
> >> > Thanks
> >>
> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
> >> ago? They haven't sent warnings that 5 was hitting eol?
> >>
> >> Who are they, please? I want to make sure that if someone asks me about
> >> hosting, I can add that to places they should avoid.
> >>
> >> mark
> >>
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
err. upgrades?

You mean reinstall? As upgrading between major releases are not supported
in any way on centos / rhel and clones..

--
Eero

2016-03-21 20:33 GMT+02:00 <m.r...@5-cent.us>:

> Glenn Pierce wrote:
> > I asked about upgrading once and got no reply. Does anyone have
> experience
> > of having a hosted centos upgraded on a virtual server. Would you usually
> > have to pay for a transition instance ?
> >
> I pay for my own hosting (5-cent.us) at hostmonster. They've done
> upgrades, and they announced it to *me*, and no, I didn't pay anything.
> And I'm just a "consumer grade" - something like $6US/month.
>
> I would expect *far* more for commercial hosting.
>
>   mark
>
> > -Original Message-
> > From: "Eero Volotinen" <eero.voloti...@iki.fi>
> > Sent: ‎21/‎03/‎2016 18:11
> > To: "CentOS mailing list" <centos@centos.org>
> > Subject: Re: [CentOS] IPSec multiple VPN setups
> >
> > Memset.com ? In real world, rhel 5/centos 5 gets only critical security
> > patches.
> >
> > Eero
> > 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti:
> >
> >> Glenn Pierce wrote:
> >> > Will ask my boss :) We are hosted on memset so not so easy to update
> >> >
> >> > Thanks
> >>
> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
> >> ago? They haven't sent warnings that 5 was hitting eol?
> >>
> >> Who are they, please? I want to make sure that if someone asks me about
> >> hosting, I can add that to places they should avoid.
> >>
> >> mark
> >>
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread m . roth 
Glenn Pierce wrote:
> I asked about upgrading once and got no reply. Does anyone have experience
> of having a hosted centos upgraded on a virtual server. Would you usually
> have to pay for a transition instance ?
>
I pay for my own hosting (5-cent.us) at hostmonster. They've done
upgrades, and they announced it to *me*, and no, I didn't pay anything.
And I'm just a "consumer grade" - something like $6US/month.

I would expect *far* more for commercial hosting.

  mark

> -Original Message-
> From: "Eero Volotinen" <eero.voloti...@iki.fi>
> Sent: ‎21/‎03/‎2016 18:11
> To: "CentOS mailing list" <centos@centos.org>
> Subject: Re: [CentOS] IPSec multiple VPN setups
>
> Memset.com ? In real world, rhel 5/centos 5 gets only critical security
> patches.
>
> Eero
> 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti:
>
>> Glenn Pierce wrote:
>> > Will ask my boss :) We are hosted on memset so not so easy to update
>> >
>> > Thanks
>>
>> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
>> ago? They haven't sent warnings that 5 was hitting eol?
>>
>> Who are they, please? I want to make sure that if someone asks me about
>> hosting, I can add that to places they should avoid.
>>
>> mark
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Glenn Pierce 
I asked about upgrading once and got no reply. Does anyone have experience of 
having a hosted centos upgraded on a virtual server. Would you usually have to 
pay for a transition instance ?

-Original Message-
From: "Eero Volotinen" <eero.voloti...@iki.fi>
Sent: ‎21/‎03/‎2016 18:11
To: "CentOS mailing list" <centos@centos.org>
Subject: Re: [CentOS] IPSec multiple VPN setups

Memset.com ? In real world, rhel 5/centos 5 gets only critical security
patches.

Eero
21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti:

> Glenn Pierce wrote:
> > Will ask my boss :) We are hosted on memset so not so easy to update
> >
> > Thanks
>
> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
> ago? They haven't sent warnings that 5 was hitting eol?
>
> Who are they, please? I want to make sure that if someone asks me about
> hosting, I can add that to places they should avoid.
>
> mark
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread m . roth 
Glenn Pierce wrote:
> To be fair its not highly sensitive info we are dealing with.
>
That doesn't matter. Do you drive a car that's leaking oil, and the engine
check light has been on for months, and just put gas in, and not worry
about adding more oil, or going to a mechanic?

   mark

> -Original Message-
> From: "Eero Volotinen" <eero.voloti...@iki.fi>
> Sent: ‎21/‎03/‎2016 17:51
> To: "CentOS mailing list" <centos@centos.org>
> Subject: Re: [CentOS] IPSec multiple VPN setups
>
> Err. Sounds like security nightmare.
> 21.3.2016 7.47 ip. "Glenn Pierce" <glennpie...@gmail.com> kirjoitti:
>
>> Will ask my boss :) We are hosted on memset so not so easy to update
>>
>> Thanks
>>
>> On 21 March 2016 at 17:36, Eero Volotinen <eero.voloti...@iki.fi> wrote:
>> > Centos 5 is still soon end of life. Using it as ipsec gateway is ..
>> >
>> > Eero
>> > 21.3.2016 7.25 ip. "Mike - st257" <silvertip...@gmail.com> kirjoitti:
>> >
>> >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257
>> <silvertip...@gmail.com>
>> >> wrote:
>> >>
>> >> > I second Eero's comment, use a new IPSec daemon.
>> >> >
>> >> > Openswan was forked and became Libreswan. Paul, now a RH employee,
>> was a
>> >> > main developer for the Openswan project before he and others
>> created
>> the
>> >> > Libreswan fork.
>> >> > https://libreswan.org/
>> >> >
>> >> > EL6 has Openswan
>> >> > EL7 has Libreswan
>> >> >
>> >> > Racoon isn't all that fun to work with.
>> >> > If you have the option, ditch it and EL5 and move to a newer
>> platform
>> >> > (preferably EL7 with Libreswan).
>> >> >
>> >>
>> >> There's an RPM spec file (though I've not used it) for building
>> Openswan
>> >> for EL5.
>> >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5
>> >>
>> >> Additionally, here's some info but I advise against the Racoon IPSec
>> >> daemon.
>> >>
>> >>
>> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
>> >> https://wiki.debian.org/IPsec
>> >>
>> >>
>> >> >
>> >> >
>> >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <
>> eero.voloti...@iki.fi>
>> >> > wrote:
>> >> >
>> >> >> Yes you can. Please use newer version of centos and
>> strong/openswan.
>> >> >>
>> >> >> Eero
>> >> >> 21.3.2016 7.05 ip. "Glenn Pierce" <glennpie...@gmail.com>
>> kirjoitti:
>> >> >>
>> >> >> > Hi I hope someone can answer something I'm sure is quite basic.
>> >> >> >
>> >> >> > I am following the instructions at
>> >> >> >
>> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
>> >> >> > On setting up a VPN
>> >> >> >
>> >> >> > The part I am having trouble with is when it show the
>> >> >> > /etc/racoon/racoon.conf file.
>> >> >> > But it doesn't say whay you have to do with this file.
>> >> >> >
>> >> >> > When I bring up my connection
>> >> >> >
>> >> >> > ifup bicester
>> >> >> >
>> >> >> > I get
>> >> >> > RTNETLINK answers: No such device
>> >> >> >
>> >> >> > looking at /var/messages I see
>> >> >> >
>> >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already
>> in
>> >> >> use).
>> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
>> *.*.*.*[500]
>> >> >> > (Address already in use).
>> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
>> *.*.*.*[500]
>> >> >> > (Address already in use).
>> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
>> *.*.*.*[500]
>> >> >> > (Address already in use).
>> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
>> ::1[500]
>>

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Glenn Pierce 
To be fair its not highly sensitive info we are dealing with.

-Original Message-
From: "Eero Volotinen" <eero.voloti...@iki.fi>
Sent: ‎21/‎03/‎2016 17:51
To: "CentOS mailing list" <centos@centos.org>
Subject: Re: [CentOS] IPSec multiple VPN setups

Err. Sounds like security nightmare.
21.3.2016 7.47 ip. "Glenn Pierce" <glennpie...@gmail.com> kirjoitti:

> Will ask my boss :) We are hosted on memset so not so easy to update
>
> Thanks
>
> On 21 March 2016 at 17:36, Eero Volotinen <eero.voloti...@iki.fi> wrote:
> > Centos 5 is still soon end of life. Using it as ipsec gateway is ..
> >
> > Eero
> > 21.3.2016 7.25 ip. "Mike - st257" <silvertip...@gmail.com> kirjoitti:
> >
> >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip...@gmail.com>
> >> wrote:
> >>
> >> > I second Eero's comment, use a new IPSec daemon.
> >> >
> >> > Openswan was forked and became Libreswan. Paul, now a RH employee,
> was a
> >> > main developer for the Openswan project before he and others created
> the
> >> > Libreswan fork.
> >> > https://libreswan.org/
> >> >
> >> > EL6 has Openswan
> >> > EL7 has Libreswan
> >> >
> >> > Racoon isn't all that fun to work with.
> >> > If you have the option, ditch it and EL5 and move to a newer platform
> >> > (preferably EL7 with Libreswan).
> >> >
> >>
> >> There's an RPM spec file (though I've not used it) for building Openswan
> >> for EL5.
> >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5
> >>
> >> Additionally, here's some info but I advise against the Racoon IPSec
> >> daemon.
> >>
> >>
> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
> >> https://wiki.debian.org/IPsec
> >>
> >>
> >> >
> >> >
> >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <
> eero.voloti...@iki.fi>
> >> > wrote:
> >> >
> >> >> Yes you can. Please use newer version of centos and strong/openswan.
> >> >>
> >> >> Eero
> >> >> 21.3.2016 7.05 ip. "Glenn Pierce" <glennpie...@gmail.com> kirjoitti:
> >> >>
> >> >> > Hi I hope someone can answer something I'm sure is quite basic.
> >> >> >
> >> >> > I am following the instructions at
> >> >> >
> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> >> >> > On setting up a VPN
> >> >> >
> >> >> > The part I am having trouble with is when it show the
> >> >> > /etc/racoon/racoon.conf file.
> >> >> > But it doesn't say whay you have to do with this file.
> >> >> >
> >> >> > When I bring up my connection
> >> >> >
> >> >> > ifup bicester
> >> >> >
> >> >> > I get
> >> >> > RTNETLINK answers: No such device
> >> >> >
> >> >> > looking at /var/messages I see
> >> >> >
> >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
> >> >> use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> >> >> > used as isakmp port (fd=25)
> >> >> >
> >> >> > There was an existing setup done long ago.
> >> >> >
> >> >> > How can I setup more than one vpn connection (manually as this is a
> >> >> > headless server)
> >> >> > or is that not possible ?
> >> >> >
> >> >> > Thanks for any pointers
> >> >> > ___
> >> >> > CentOS mailing list
> >> >> > CentOS@centos.org
> >> >> > https://lists.centos.org/mailman/listinfo/centos
> >> >> >
> >> >> ___
> >> >> CentOS mailing list
> >> >> CentOS@centos.org
> >> >> https://lists.centos.org/mailman/listinfo/centos
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > ---~~.~~---
> >> > Mike
> >> > //  SilverTip257  //
> >> >
> >>
> >>
> >>
> >> --
> >> ---~~.~~---
> >> Mike
> >> //  SilverTip257  //
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
Memset.com ? In real world, rhel 5/centos 5 gets only critical security
patches.

Eero
21.3.2016 7.54 ip.  kirjoitti:

> Glenn Pierce wrote:
> > Will ask my boss :) We are hosted on memset so not so easy to update
> >
> > Thanks
>
> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
> ago? They haven't sent warnings that 5 was hitting eol?
>
> Who are they, please? I want to make sure that if someone asks me about
> hosting, I can add that to places they should avoid.
>
> mark
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread m . roth 
Glenn Pierce wrote:
> Will ask my boss :) We are hosted on memset so not so easy to update
>
> Thanks

Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
ago? They haven't sent warnings that 5 was hitting eol?

Who are they, please? I want to make sure that if someone asks me about
hosting, I can add that to places they should avoid.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
Err. Sounds like security nightmare.
21.3.2016 7.47 ip. "Glenn Pierce"  kirjoitti:

> Will ask my boss :) We are hosted on memset so not so easy to update
>
> Thanks
>
> On 21 March 2016 at 17:36, Eero Volotinen  wrote:
> > Centos 5 is still soon end of life. Using it as ipsec gateway is ..
> >
> > Eero
> > 21.3.2016 7.25 ip. "Mike - st257"  kirjoitti:
> >
> >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 
> >> wrote:
> >>
> >> > I second Eero's comment, use a new IPSec daemon.
> >> >
> >> > Openswan was forked and became Libreswan. Paul, now a RH employee,
> was a
> >> > main developer for the Openswan project before he and others created
> the
> >> > Libreswan fork.
> >> > https://libreswan.org/
> >> >
> >> > EL6 has Openswan
> >> > EL7 has Libreswan
> >> >
> >> > Racoon isn't all that fun to work with.
> >> > If you have the option, ditch it and EL5 and move to a newer platform
> >> > (preferably EL7 with Libreswan).
> >> >
> >>
> >> There's an RPM spec file (though I've not used it) for building Openswan
> >> for EL5.
> >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5
> >>
> >> Additionally, here's some info but I advise against the Racoon IPSec
> >> daemon.
> >>
> >>
> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
> >> https://wiki.debian.org/IPsec
> >>
> >>
> >> >
> >> >
> >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <
> eero.voloti...@iki.fi>
> >> > wrote:
> >> >
> >> >> Yes you can. Please use newer version of centos and strong/openswan.
> >> >>
> >> >> Eero
> >> >> 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
> >> >>
> >> >> > Hi I hope someone can answer something I'm sure is quite basic.
> >> >> >
> >> >> > I am following the instructions at
> >> >> >
> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> >> >> > On setting up a VPN
> >> >> >
> >> >> > The part I am having trouble with is when it show the
> >> >> > /etc/racoon/racoon.conf file.
> >> >> > But it doesn't say whay you have to do with this file.
> >> >> >
> >> >> > When I bring up my connection
> >> >> >
> >> >> > ifup bicester
> >> >> >
> >> >> > I get
> >> >> > RTNETLINK answers: No such device
> >> >> >
> >> >> > looking at /var/messages I see
> >> >> >
> >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
> >> >> use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> >> >> > used as isakmp port (fd=25)
> >> >> >
> >> >> > There was an existing setup done long ago.
> >> >> >
> >> >> > How can I setup more than one vpn connection (manually as this is a
> >> >> > headless server)
> >> >> > or is that not possible ?
> >> >> >
> >> >> > Thanks for any pointers
> >> >> > ___
> >> >> > CentOS mailing list
> >> >> > CentOS@centos.org
> >> >> > https://lists.centos.org/mailman/listinfo/centos
> >> >> >
> >> >> ___
> >> >> CentOS mailing list
> >> >> CentOS@centos.org
> >> >> https://lists.centos.org/mailman/listinfo/centos
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > ---~~.~~---
> >> > Mike
> >> > //  SilverTip257  //
> >> >
> >>
> >>
> >>
> >> --
> >> ---~~.~~---
> >> Mike
> >> //  SilverTip257  //
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Glenn Pierce 
Will ask my boss :) We are hosted on memset so not so easy to update

Thanks

On 21 March 2016 at 17:36, Eero Volotinen  wrote:
> Centos 5 is still soon end of life. Using it as ipsec gateway is ..
>
> Eero
> 21.3.2016 7.25 ip. "Mike - st257"  kirjoitti:
>
>> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 
>> wrote:
>>
>> > I second Eero's comment, use a new IPSec daemon.
>> >
>> > Openswan was forked and became Libreswan. Paul, now a RH employee, was a
>> > main developer for the Openswan project before he and others created the
>> > Libreswan fork.
>> > https://libreswan.org/
>> >
>> > EL6 has Openswan
>> > EL7 has Libreswan
>> >
>> > Racoon isn't all that fun to work with.
>> > If you have the option, ditch it and EL5 and move to a newer platform
>> > (preferably EL7 with Libreswan).
>> >
>>
>> There's an RPM spec file (though I've not used it) for building Openswan
>> for EL5.
>> https://github.com/xelerance/Openswan/tree/master/packaging/centos5
>>
>> Additionally, here's some info but I advise against the Racoon IPSec
>> daemon.
>>
>> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
>> https://wiki.debian.org/IPsec
>>
>>
>> >
>> >
>> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen 
>> > wrote:
>> >
>> >> Yes you can. Please use newer version of centos and strong/openswan.
>> >>
>> >> Eero
>> >> 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
>> >>
>> >> > Hi I hope someone can answer something I'm sure is quite basic.
>> >> >
>> >> > I am following the instructions at
>> >> > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
>> >> > On setting up a VPN
>> >> >
>> >> > The part I am having trouble with is when it show the
>> >> > /etc/racoon/racoon.conf file.
>> >> > But it doesn't say whay you have to do with this file.
>> >> >
>> >> > When I bring up my connection
>> >> >
>> >> > ifup bicester
>> >> >
>> >> > I get
>> >> > RTNETLINK answers: No such device
>> >> >
>> >> > looking at /var/messages I see
>> >> >
>> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
>> >> use).
>> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
>> >> > (Address already in use).
>> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
>> >> > (Address already in use).
>> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
>> >> > (Address already in use).
>> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
>> >> > (Address already in use).
>> >> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
>> >> > used as isakmp port (fd=25)
>> >> >
>> >> > There was an existing setup done long ago.
>> >> >
>> >> > How can I setup more than one vpn connection (manually as this is a
>> >> > headless server)
>> >> > or is that not possible ?
>> >> >
>> >> > Thanks for any pointers
>> >> > ___
>> >> > CentOS mailing list
>> >> > CentOS@centos.org
>> >> > https://lists.centos.org/mailman/listinfo/centos
>> >> >
>> >> ___
>> >> CentOS mailing list
>> >> CentOS@centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >>
>> >
>> >
>> >
>> > --
>> > ---~~.~~---
>> > Mike
>> > //  SilverTip257  //
>> >
>>
>>
>>
>> --
>> ---~~.~~---
>> Mike
>> //  SilverTip257  //
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
Centos 5 is still soon end of life. Using it as ipsec gateway is ..

Eero
21.3.2016 7.25 ip. "Mike - st257"  kirjoitti:

> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 
> wrote:
>
> > I second Eero's comment, use a new IPSec daemon.
> >
> > Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> > main developer for the Openswan project before he and others created the
> > Libreswan fork.
> > https://libreswan.org/
> >
> > EL6 has Openswan
> > EL7 has Libreswan
> >
> > Racoon isn't all that fun to work with.
> > If you have the option, ditch it and EL5 and move to a newer platform
> > (preferably EL7 with Libreswan).
> >
>
> There's an RPM spec file (though I've not used it) for building Openswan
> for EL5.
> https://github.com/xelerance/Openswan/tree/master/packaging/centos5
>
> Additionally, here's some info but I advise against the Racoon IPSec
> daemon.
>
> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
> https://wiki.debian.org/IPsec
>
>
> >
> >
> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen 
> > wrote:
> >
> >> Yes you can. Please use newer version of centos and strong/openswan.
> >>
> >> Eero
> >> 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
> >>
> >> > Hi I hope someone can answer something I'm sure is quite basic.
> >> >
> >> > I am following the instructions at
> >> > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> >> > On setting up a VPN
> >> >
> >> > The part I am having trouble with is when it show the
> >> > /etc/racoon/racoon.conf file.
> >> > But it doesn't say whay you have to do with this file.
> >> >
> >> > When I bring up my connection
> >> >
> >> > ifup bicester
> >> >
> >> > I get
> >> > RTNETLINK answers: No such device
> >> >
> >> > looking at /var/messages I see
> >> >
> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
> >> use).
> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> >> > (Address already in use).
> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> >> > (Address already in use).
> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> >> > (Address already in use).
> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> >> > (Address already in use).
> >> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> >> > used as isakmp port (fd=25)
> >> >
> >> > There was an existing setup done long ago.
> >> >
> >> > How can I setup more than one vpn connection (manually as this is a
> >> > headless server)
> >> > or is that not possible ?
> >> >
> >> > Thanks for any pointers
> >> > ___
> >> > CentOS mailing list
> >> > CentOS@centos.org
> >> > https://lists.centos.org/mailman/listinfo/centos
> >> >
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> >
> >
> >
> > --
> > ---~~.~~---
> > Mike
> > //  SilverTip257  //
> >
>
>
>
> --
> ---~~.~~---
> Mike
> //  SilverTip257  //
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Mike - st257 
On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 
wrote:

> I second Eero's comment, use a new IPSec daemon.
>
> Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> main developer for the Openswan project before he and others created the
> Libreswan fork.
> https://libreswan.org/
>
> EL6 has Openswan
> EL7 has Libreswan
>
> Racoon isn't all that fun to work with.
> If you have the option, ditch it and EL5 and move to a newer platform
> (preferably EL7 with Libreswan).
>

There's an RPM spec file (though I've not used it) for building Openswan
for EL5.
https://github.com/xelerance/Openswan/tree/master/packaging/centos5

Additionally, here's some info but I advise against the Racoon IPSec daemon.
https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
https://wiki.debian.org/IPsec


>
>
> On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen 
> wrote:
>
>> Yes you can. Please use newer version of centos and strong/openswan.
>>
>> Eero
>> 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
>>
>> > Hi I hope someone can answer something I'm sure is quite basic.
>> >
>> > I am following the instructions at
>> > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
>> > On setting up a VPN
>> >
>> > The part I am having trouble with is when it show the
>> > /etc/racoon/racoon.conf file.
>> > But it doesn't say whay you have to do with this file.
>> >
>> > When I bring up my connection
>> >
>> > ifup bicester
>> >
>> > I get
>> > RTNETLINK answers: No such device
>> >
>> > looking at /var/messages I see
>> >
>> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
>> use).
>> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
>> > (Address already in use).
>> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
>> > (Address already in use).
>> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
>> > (Address already in use).
>> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
>> > (Address already in use).
>> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
>> > used as isakmp port (fd=25)
>> >
>> > There was an existing setup done long ago.
>> >
>> > How can I setup more than one vpn connection (manually as this is a
>> > headless server)
>> > or is that not possible ?
>> >
>> > Thanks for any pointers
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> >
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
>
>
>
> --
> ---~~.~~---
> Mike
> //  SilverTip257  //
>



-- 
---~~.~~---
Mike
//  SilverTip257  //
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
And centos 5 is really soon end of life.

Eero
21.3.2016 7.18 ip. "Mike - st257"  kirjoitti:

> I second Eero's comment, use a new IPSec daemon.
>
> Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> main developer for the Openswan project before he and others created the
> Libreswan fork.
> https://libreswan.org/
>
> EL6 has Openswan
> EL7 has Libreswan
>
> Racoon isn't all that fun to work with.
> If you have the option, ditch it and EL5 and move to a newer platform
> (preferably EL7 with Libreswan).
>
>
> On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen 
> wrote:
>
> > Yes you can. Please use newer version of centos and strong/openswan.
> >
> > Eero
> > 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
> >
> > > Hi I hope someone can answer something I'm sure is quite basic.
> > >
> > > I am following the instructions at
> > > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> > > On setting up a VPN
> > >
> > > The part I am having trouble with is when it show the
> > > /etc/racoon/racoon.conf file.
> > > But it doesn't say whay you have to do with this file.
> > >
> > > When I bring up my connection
> > >
> > > ifup bicester
> > >
> > > I get
> > > RTNETLINK answers: No such device
> > >
> > > looking at /var/messages I see
> > >
> > > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
> use).
> > > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > > (Address already in use).
> > > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > > (Address already in use).
> > > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > > (Address already in use).
> > > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> > > (Address already in use).
> > > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> > > used as isakmp port (fd=25)
> > >
> > > There was an existing setup done long ago.
> > >
> > > How can I setup more than one vpn connection (manually as this is a
> > > headless server)
> > > or is that not possible ?
> > >
> > > Thanks for any pointers
> > > ___
> > > CentOS mailing list
> > > CentOS@centos.org
> > > https://lists.centos.org/mailman/listinfo/centos
> > >
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
>
> --
> ---~~.~~---
> Mike
> //  SilverTip257  //
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Mike - st257 
I second Eero's comment, use a new IPSec daemon.

Openswan was forked and became Libreswan. Paul, now a RH employee, was a
main developer for the Openswan project before he and others created the
Libreswan fork.
https://libreswan.org/

EL6 has Openswan
EL7 has Libreswan

Racoon isn't all that fun to work with.
If you have the option, ditch it and EL5 and move to a newer platform
(preferably EL7 with Libreswan).


On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen 
wrote:

> Yes you can. Please use newer version of centos and strong/openswan.
>
> Eero
> 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
>
> > Hi I hope someone can answer something I'm sure is quite basic.
> >
> > I am following the instructions at
> > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> > On setting up a VPN
> >
> > The part I am having trouble with is when it show the
> > /etc/racoon/racoon.conf file.
> > But it doesn't say whay you have to do with this file.
> >
> > When I bring up my connection
> >
> > ifup bicester
> >
> > I get
> > RTNETLINK answers: No such device
> >
> > looking at /var/messages I see
> >
> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in use).
> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > (Address already in use).
> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > (Address already in use).
> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > (Address already in use).
> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> > (Address already in use).
> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> > used as isakmp port (fd=25)
> >
> > There was an existing setup done long ago.
> >
> > How can I setup more than one vpn connection (manually as this is a
> > headless server)
> > or is that not possible ?
> >
> > Thanks for any pointers
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



-- 
---~~.~~---
Mike
//  SilverTip257  //
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
Yes you can. Please use newer version of centos and strong/openswan.

Eero
21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:

> Hi I hope someone can answer something I'm sure is quite basic.
>
> I am following the instructions at
> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> On setting up a VPN
>
> The part I am having trouble with is when it show the
> /etc/racoon/racoon.conf file.
> But it doesn't say whay you have to do with this file.
>
> When I bring up my connection
>
> ifup bicester
>
> I get
> RTNETLINK answers: No such device
>
> looking at /var/messages I see
>
> ERROR: failed to bind to address 127.0.0.1[500] (Address already in use).
> Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> (Address already in use).
> Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> (Address already in use).
> Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> (Address already in use).
> Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> (Address already in use).
> Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> used as isakmp port (fd=25)
>
> There was an existing setup done long ago.
>
> How can I setup more than one vpn connection (manually as this is a
> headless server)
> or is that not possible ?
>
> Thanks for any pointers
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos