Re: [CentOS] IPSec multiple VPN setups
Anyway, they both use compatible config files? Eero 22.3.2016 12.23 ap. "Leon Fauster"kirjoitti: > Am 21.03.2016 um 18:17 schrieb Mike - st257 : > > I second Eero's comment, use a new IPSec daemon. > > > > Openswan was forked and became Libreswan. Paul, now a RH employee, was a > > main developer for the Openswan project before he and others created the > > Libreswan fork. > > https://libreswan.org/ > > > > EL6 has Openswan > > EL7 has Libreswan > > > > Racoon isn't all that fun to work with. > > If you have the option, ditch it and EL5 and move to a newer platform > > (preferably EL7 with Libreswan) > > > Libreswan will be in the next EL6 release ... > > -- > LF > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Am 21.03.2016 um 18:17 schrieb Mike - st257: > I second Eero's comment, use a new IPSec daemon. > > Openswan was forked and became Libreswan. Paul, now a RH employee, was a > main developer for the Openswan project before he and others created the > Libreswan fork. > https://libreswan.org/ > > EL6 has Openswan > EL7 has Libreswan > > Racoon isn't all that fun to work with. > If you have the option, ditch it and EL5 and move to a newer platform > (preferably EL7 with Libreswan) Libreswan will be in the next EL6 release ... -- LF ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Well, RHEL actually supports upgrading from 6 to 7 in some use cases. If you have access, https://access.redhat.com/solutions/21964. Not sure how that fits for CentOS though.. Em 21-03-2016 15:38, Eero Volotinen escreveu: err. upgrades? You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones.. -- Eero 2016-03-21 20:33 GMT+02:00 <m.r...@5-cent.us>: Glenn Pierce wrote: I asked about upgrading once and got no reply. Does anyone have experience of having a hosted centos upgraded on a virtual server. Would you usually have to pay for a transition instance ? I pay for my own hosting (5-cent.us) at hostmonster. They've done upgrades, and they announced it to *me*, and no, I didn't pay anything. And I'm just a "consumer grade" - something like $6US/month. I would expect *far* more for commercial hosting. mark -Original Message- From: "Eero Volotinen" <eero.voloti...@iki.fi> Sent: 21/03/2016 18:11 To: "CentOS mailing list" <centos@centos.org> Subject: Re: [CentOS] IPSec multiple VPN setups Memset.com ? In real world, rhel 5/centos 5 gets only critical security patches. Eero 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti: Glenn Pierce wrote: Will ask my boss :) We are hosted on memset so not so easy to update Thanks Um, wait a minute: you're hosted? And they haven't pushed you to 6 years ago? They haven't sent warnings that 5 was hitting eol? Who are they, please? I want to make sure that if someone asks me about hosting, I can add that to places they should avoid. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
On Mon, 2016-03-21 at 18:23 +, Glenn Pierce wrote: > I asked about upgrading once and got no reply. Does anyone have > experience of having a hosted centos upgraded on a virtual server. > Would you usually have to pay for a transition instance ? I have several Centos VPSs in several countries around the world. Naturally I don't have FTP preferring to use SSH, SCP, non-standard ports and restricted to specific incoming individual IPs. All run C 6.7 except one on C 5.11, which I am about to upgrade (its difficult because so much is on that machine and I don't want any downtime). Dump your out-of-date C5. C6 is not very different. Everything I run on C5 also runs smoothly on C6. -- Regards, Paul. England, EU. England's place is in the European Union. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
I'm Sur my boss will agree. Looks like I have a multi terra byte postgres move to look forward to. Thanks evryone -Original Message- From: "m.r...@5-cent.us" <m.r...@5-cent.us> Sent: 21/03/2016 20:03 To: "CentOS mailing list" <centos@centos.org> Subject: Re: [CentOS] IPSec multiple VPN setups Glenn Pierce wrote: > Yes reinstall. I get you have to purchase a new instance for a time to > move over. I'd figure that they just move you to an instance that's already running a newer version of the o/s, giving you time to test for breakage. I really don't see them charging, except, possibly, for running in parallel during testing. mark > > -Original Message- > From: "Eero Volotinen" <eero.voloti...@iki.fi> > Sent: 21/03/2016 18:38 > To: "CentOS mailing list" <centos@centos.org> > Subject: Re: [CentOS] IPSec multiple VPN setups > > err. upgrades? > > You mean reinstall? As upgrading between major releases are not supported > in any way on centos / rhel and clones.. > > -- > Eero > > 2016-03-21 20:33 GMT+02:00 <m.r...@5-cent.us>: > >> Glenn Pierce wrote: >> > I asked about upgrading once and got no reply. Does anyone have >> experience >> > of having a hosted centos upgraded on a virtual server. Would you >> usually >> > have to pay for a transition instance ? >> > >> I pay for my own hosting (5-cent.us) at hostmonster. They've done >> upgrades, and they announced it to *me*, and no, I didn't pay anything. >> And I'm just a "consumer grade" - something like $6US/month. >> >> I would expect *far* more for commercial hosting. >> >> mark >> >> > -Original Message- >> > From: "Eero Volotinen" <eero.voloti...@iki.fi> >> > Sent: 21/03/2016 18:11 >> > To: "CentOS mailing list" <centos@centos.org> >> > Subject: Re: [CentOS] IPSec multiple VPN setups >> > >> > Memset.com ? In real world, rhel 5/centos 5 gets only critical >> security >> > patches. >> > >> > Eero >> > 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti: >> > >> >> Glenn Pierce wrote: >> >> > Will ask my boss :) We are hosted on memset so not so easy to >> update >> >> > >> >> > Thanks >> >> >> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6 >> years >> >> ago? They haven't sent warnings that 5 was hitting eol? >> >> >> >> Who are they, please? I want to make sure that if someone asks me >> about >> >> hosting, I can add that to places they should avoid. >> >> >> >> mark >> >> >> >> ___ >> >> CentOS mailing list >> >> CentOS@centos.org >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> > >> >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Glenn Pierce wrote: > Yes reinstall. I get you have to purchase a new instance for a time to > move over. I'd figure that they just move you to an instance that's already running a newer version of the o/s, giving you time to test for breakage. I really don't see them charging, except, possibly, for running in parallel during testing. mark > > -Original Message- > From: "Eero Volotinen" <eero.voloti...@iki.fi> > Sent: 21/03/2016 18:38 > To: "CentOS mailing list" <centos@centos.org> > Subject: Re: [CentOS] IPSec multiple VPN setups > > err. upgrades? > > You mean reinstall? As upgrading between major releases are not supported > in any way on centos / rhel and clones.. > > -- > Eero > > 2016-03-21 20:33 GMT+02:00 <m.r...@5-cent.us>: > >> Glenn Pierce wrote: >> > I asked about upgrading once and got no reply. Does anyone have >> experience >> > of having a hosted centos upgraded on a virtual server. Would you >> usually >> > have to pay for a transition instance ? >> > >> I pay for my own hosting (5-cent.us) at hostmonster. They've done >> upgrades, and they announced it to *me*, and no, I didn't pay anything. >> And I'm just a "consumer grade" - something like $6US/month. >> >> I would expect *far* more for commercial hosting. >> >> mark >> >> > -Original Message- >> > From: "Eero Volotinen" <eero.voloti...@iki.fi> >> > Sent: 21/03/2016 18:11 >> > To: "CentOS mailing list" <centos@centos.org> >> > Subject: Re: [CentOS] IPSec multiple VPN setups >> > >> > Memset.com ? In real world, rhel 5/centos 5 gets only critical >> security >> > patches. >> > >> > Eero >> > 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti: >> > >> >> Glenn Pierce wrote: >> >> > Will ask my boss :) We are hosted on memset so not so easy to >> update >> >> > >> >> > Thanks >> >> >> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6 >> years >> >> ago? They haven't sent warnings that 5 was hitting eol? >> >> >> >> Who are they, please? I want to make sure that if someone asks me >> about >> >> hosting, I can add that to places they should avoid. >> >> >> >> mark >> >> >> >> ___ >> >> CentOS mailing list >> >> CentOS@centos.org >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> > >> >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Eero Volotinen wrote: > err. upgrades? > > You mean reinstall? As upgrading between major releases are not supported > in any way on centos / rhel and clones.. > Of course. Now, I haven't looked recently, but I do vaguely remember them telling me they were moving me to an upgraded system; my website runs perl CGI, and that's about it, the rest is *all* straight HTML, so I doubt I would have noticed much. mark > -- > Eero > > 2016-03-21 20:33 GMT+02:00 <m.r...@5-cent.us>: > >> Glenn Pierce wrote: >> > I asked about upgrading once and got no reply. Does anyone have >> experience >> > of having a hosted centos upgraded on a virtual server. Would you >> usually >> > have to pay for a transition instance ? >> > >> I pay for my own hosting (5-cent.us) at hostmonster. They've done >> upgrades, and they announced it to *me*, and no, I didn't pay anything. >> And I'm just a "consumer grade" - something like $6US/month. >> >> I would expect *far* more for commercial hosting. >> >> mark >> >> > -Original Message----- >> > From: "Eero Volotinen" <eero.voloti...@iki.fi> >> > Sent: 21/03/2016 18:11 >> > To: "CentOS mailing list" <centos@centos.org> >> > Subject: Re: [CentOS] IPSec multiple VPN setups >> > >> > Memset.com ? In real world, rhel 5/centos 5 gets only critical >> security >> > patches. >> > >> > Eero >> > 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti: >> > >> >> Glenn Pierce wrote: >> >> > Will ask my boss :) We are hosted on memset so not so easy to >> update >> >> > >> >> > Thanks >> >> >> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6 >> years >> >> ago? They haven't sent warnings that 5 was hitting eol? >> >> >> >> Who are they, please? I want to make sure that if someone asks me >> about >> >> hosting, I can add that to places they should avoid. >> >> >> >> mark >> >> >> >> ___ >> >> CentOS mailing list >> >> CentOS@centos.org >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> > >> >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Yes reinstall. I get you have to purchase a new instance for a time to move over. -Original Message- From: "Eero Volotinen" <eero.voloti...@iki.fi> Sent: 21/03/2016 18:38 To: "CentOS mailing list" <centos@centos.org> Subject: Re: [CentOS] IPSec multiple VPN setups err. upgrades? You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones.. -- Eero 2016-03-21 20:33 GMT+02:00 <m.r...@5-cent.us>: > Glenn Pierce wrote: > > I asked about upgrading once and got no reply. Does anyone have > experience > > of having a hosted centos upgraded on a virtual server. Would you usually > > have to pay for a transition instance ? > > > I pay for my own hosting (5-cent.us) at hostmonster. They've done > upgrades, and they announced it to *me*, and no, I didn't pay anything. > And I'm just a "consumer grade" - something like $6US/month. > > I would expect *far* more for commercial hosting. > > mark > > > -Original Message- > > From: "Eero Volotinen" <eero.voloti...@iki.fi> > > Sent: 21/03/2016 18:11 > > To: "CentOS mailing list" <centos@centos.org> > > Subject: Re: [CentOS] IPSec multiple VPN setups > > > > Memset.com ? In real world, rhel 5/centos 5 gets only critical security > > patches. > > > > Eero > > 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti: > > > >> Glenn Pierce wrote: > >> > Will ask my boss :) We are hosted on memset so not so easy to update > >> > > >> > Thanks > >> > >> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years > >> ago? They haven't sent warnings that 5 was hitting eol? > >> > >> Who are they, please? I want to make sure that if someone asks me about > >> hosting, I can add that to places they should avoid. > >> > >> mark > >> > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
err. upgrades? You mean reinstall? As upgrading between major releases are not supported in any way on centos / rhel and clones.. -- Eero 2016-03-21 20:33 GMT+02:00 <m.r...@5-cent.us>: > Glenn Pierce wrote: > > I asked about upgrading once and got no reply. Does anyone have > experience > > of having a hosted centos upgraded on a virtual server. Would you usually > > have to pay for a transition instance ? > > > I pay for my own hosting (5-cent.us) at hostmonster. They've done > upgrades, and they announced it to *me*, and no, I didn't pay anything. > And I'm just a "consumer grade" - something like $6US/month. > > I would expect *far* more for commercial hosting. > > mark > > > -Original Message- > > From: "Eero Volotinen" <eero.voloti...@iki.fi> > > Sent: 21/03/2016 18:11 > > To: "CentOS mailing list" <centos@centos.org> > > Subject: Re: [CentOS] IPSec multiple VPN setups > > > > Memset.com ? In real world, rhel 5/centos 5 gets only critical security > > patches. > > > > Eero > > 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti: > > > >> Glenn Pierce wrote: > >> > Will ask my boss :) We are hosted on memset so not so easy to update > >> > > >> > Thanks > >> > >> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years > >> ago? They haven't sent warnings that 5 was hitting eol? > >> > >> Who are they, please? I want to make sure that if someone asks me about > >> hosting, I can add that to places they should avoid. > >> > >> mark > >> > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Glenn Pierce wrote: > I asked about upgrading once and got no reply. Does anyone have experience > of having a hosted centos upgraded on a virtual server. Would you usually > have to pay for a transition instance ? > I pay for my own hosting (5-cent.us) at hostmonster. They've done upgrades, and they announced it to *me*, and no, I didn't pay anything. And I'm just a "consumer grade" - something like $6US/month. I would expect *far* more for commercial hosting. mark > -Original Message- > From: "Eero Volotinen" <eero.voloti...@iki.fi> > Sent: 21/03/2016 18:11 > To: "CentOS mailing list" <centos@centos.org> > Subject: Re: [CentOS] IPSec multiple VPN setups > > Memset.com ? In real world, rhel 5/centos 5 gets only critical security > patches. > > Eero > 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti: > >> Glenn Pierce wrote: >> > Will ask my boss :) We are hosted on memset so not so easy to update >> > >> > Thanks >> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years >> ago? They haven't sent warnings that 5 was hitting eol? >> >> Who are they, please? I want to make sure that if someone asks me about >> hosting, I can add that to places they should avoid. >> >> mark >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
I asked about upgrading once and got no reply. Does anyone have experience of having a hosted centos upgraded on a virtual server. Would you usually have to pay for a transition instance ? -Original Message- From: "Eero Volotinen" <eero.voloti...@iki.fi> Sent: 21/03/2016 18:11 To: "CentOS mailing list" <centos@centos.org> Subject: Re: [CentOS] IPSec multiple VPN setups Memset.com ? In real world, rhel 5/centos 5 gets only critical security patches. Eero 21.3.2016 7.54 ip. <m.r...@5-cent.us> kirjoitti: > Glenn Pierce wrote: > > Will ask my boss :) We are hosted on memset so not so easy to update > > > > Thanks > > Um, wait a minute: you're hosted? And they haven't pushed you to 6 years > ago? They haven't sent warnings that 5 was hitting eol? > > Who are they, please? I want to make sure that if someone asks me about > hosting, I can add that to places they should avoid. > > mark > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Glenn Pierce wrote: > To be fair its not highly sensitive info we are dealing with. > That doesn't matter. Do you drive a car that's leaking oil, and the engine check light has been on for months, and just put gas in, and not worry about adding more oil, or going to a mechanic? mark > -Original Message- > From: "Eero Volotinen" <eero.voloti...@iki.fi> > Sent: 21/03/2016 17:51 > To: "CentOS mailing list" <centos@centos.org> > Subject: Re: [CentOS] IPSec multiple VPN setups > > Err. Sounds like security nightmare. > 21.3.2016 7.47 ip. "Glenn Pierce" <glennpie...@gmail.com> kirjoitti: > >> Will ask my boss :) We are hosted on memset so not so easy to update >> >> Thanks >> >> On 21 March 2016 at 17:36, Eero Volotinen <eero.voloti...@iki.fi> wrote: >> > Centos 5 is still soon end of life. Using it as ipsec gateway is .. >> > >> > Eero >> > 21.3.2016 7.25 ip. "Mike - st257" <silvertip...@gmail.com> kirjoitti: >> > >> >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 >> <silvertip...@gmail.com> >> >> wrote: >> >> >> >> > I second Eero's comment, use a new IPSec daemon. >> >> > >> >> > Openswan was forked and became Libreswan. Paul, now a RH employee, >> was a >> >> > main developer for the Openswan project before he and others >> created >> the >> >> > Libreswan fork. >> >> > https://libreswan.org/ >> >> > >> >> > EL6 has Openswan >> >> > EL7 has Libreswan >> >> > >> >> > Racoon isn't all that fun to work with. >> >> > If you have the option, ditch it and EL5 and move to a newer >> platform >> >> > (preferably EL7 with Libreswan). >> >> > >> >> >> >> There's an RPM spec file (though I've not used it) for building >> Openswan >> >> for EL5. >> >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5 >> >> >> >> Additionally, here's some info but I advise against the Racoon IPSec >> >> daemon. >> >> >> >> >> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html >> >> https://wiki.debian.org/IPsec >> >> >> >> >> >> > >> >> > >> >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen < >> eero.voloti...@iki.fi> >> >> > wrote: >> >> > >> >> >> Yes you can. Please use newer version of centos and >> strong/openswan. >> >> >> >> >> >> Eero >> >> >> 21.3.2016 7.05 ip. "Glenn Pierce" <glennpie...@gmail.com> >> kirjoitti: >> >> >> >> >> >> > Hi I hope someone can answer something I'm sure is quite basic. >> >> >> > >> >> >> > I am following the instructions at >> >> >> > >> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html >> >> >> > On setting up a VPN >> >> >> > >> >> >> > The part I am having trouble with is when it show the >> >> >> > /etc/racoon/racoon.conf file. >> >> >> > But it doesn't say whay you have to do with this file. >> >> >> > >> >> >> > When I bring up my connection >> >> >> > >> >> >> > ifup bicester >> >> >> > >> >> >> > I get >> >> >> > RTNETLINK answers: No such device >> >> >> > >> >> >> > looking at /var/messages I see >> >> >> > >> >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already >> in >> >> >> use). >> >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address >> *.*.*.*[500] >> >> >> > (Address already in use). >> >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address >> *.*.*.*[500] >> >> >> > (Address already in use). >> >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address >> *.*.*.*[500] >> >> >> > (Address already in use). >> >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address >> ::1[500] >>
Re: [CentOS] IPSec multiple VPN setups
To be fair its not highly sensitive info we are dealing with. -Original Message- From: "Eero Volotinen" <eero.voloti...@iki.fi> Sent: 21/03/2016 17:51 To: "CentOS mailing list" <centos@centos.org> Subject: Re: [CentOS] IPSec multiple VPN setups Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce" <glennpie...@gmail.com> kirjoitti: > Will ask my boss :) We are hosted on memset so not so easy to update > > Thanks > > On 21 March 2016 at 17:36, Eero Volotinen <eero.voloti...@iki.fi> wrote: > > Centos 5 is still soon end of life. Using it as ipsec gateway is .. > > > > Eero > > 21.3.2016 7.25 ip. "Mike - st257" <silvertip...@gmail.com> kirjoitti: > > > >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 <silvertip...@gmail.com> > >> wrote: > >> > >> > I second Eero's comment, use a new IPSec daemon. > >> > > >> > Openswan was forked and became Libreswan. Paul, now a RH employee, > was a > >> > main developer for the Openswan project before he and others created > the > >> > Libreswan fork. > >> > https://libreswan.org/ > >> > > >> > EL6 has Openswan > >> > EL7 has Libreswan > >> > > >> > Racoon isn't all that fun to work with. > >> > If you have the option, ditch it and EL5 and move to a newer platform > >> > (preferably EL7 with Libreswan). > >> > > >> > >> There's an RPM spec file (though I've not used it) for building Openswan > >> for EL5. > >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5 > >> > >> Additionally, here's some info but I advise against the Racoon IPSec > >> daemon. > >> > >> > https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html > >> https://wiki.debian.org/IPsec > >> > >> > >> > > >> > > >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen < > eero.voloti...@iki.fi> > >> > wrote: > >> > > >> >> Yes you can. Please use newer version of centos and strong/openswan. > >> >> > >> >> Eero > >> >> 21.3.2016 7.05 ip. "Glenn Pierce" <glennpie...@gmail.com> kirjoitti: > >> >> > >> >> > Hi I hope someone can answer something I'm sure is quite basic. > >> >> > > >> >> > I am following the instructions at > >> >> > > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html > >> >> > On setting up a VPN > >> >> > > >> >> > The part I am having trouble with is when it show the > >> >> > /etc/racoon/racoon.conf file. > >> >> > But it doesn't say whay you have to do with this file. > >> >> > > >> >> > When I bring up my connection > >> >> > > >> >> > ifup bicester > >> >> > > >> >> > I get > >> >> > RTNETLINK answers: No such device > >> >> > > >> >> > looking at /var/messages I see > >> >> > > >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in > >> >> use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] > >> >> > used as isakmp port (fd=25) > >> >> > > >> >> > There was an existing setup done long ago. > >> >> > > >> >> > How can I setup more than one vpn connection (manually as this is a > >> >> > headless server) > >> >> > or is that not possible ? > >> >> > > >> >> > Thanks for any pointers > >> >> > ___ > >> >> > CentOS mailing list > >> >> > CentOS@centos.org > >> >> > https://lists.centos.org/mailman/listinfo/centos > >> >> > > >> >> ___ > >> >> CentOS mailing list > >> >> CentOS@centos.org > >> >> https://lists.centos.org/mailman/listinfo/centos > >> >> > >> > > >> > > >> > > >> > -- > >> > ---~~.~~--- > >> > Mike > >> > // SilverTip257 // > >> > > >> > >> > >> > >> -- > >> ---~~.~~--- > >> Mike > >> // SilverTip257 // > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Memset.com ? In real world, rhel 5/centos 5 gets only critical security patches. Eero 21.3.2016 7.54 ip.kirjoitti: > Glenn Pierce wrote: > > Will ask my boss :) We are hosted on memset so not so easy to update > > > > Thanks > > Um, wait a minute: you're hosted? And they haven't pushed you to 6 years > ago? They haven't sent warnings that 5 was hitting eol? > > Who are they, please? I want to make sure that if someone asks me about > hosting, I can add that to places they should avoid. > > mark > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Glenn Pierce wrote: > Will ask my boss :) We are hosted on memset so not so easy to update > > Thanks Um, wait a minute: you're hosted? And they haven't pushed you to 6 years ago? They haven't sent warnings that 5 was hitting eol? Who are they, please? I want to make sure that if someone asks me about hosting, I can add that to places they should avoid. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Err. Sounds like security nightmare. 21.3.2016 7.47 ip. "Glenn Pierce"kirjoitti: > Will ask my boss :) We are hosted on memset so not so easy to update > > Thanks > > On 21 March 2016 at 17:36, Eero Volotinen wrote: > > Centos 5 is still soon end of life. Using it as ipsec gateway is .. > > > > Eero > > 21.3.2016 7.25 ip. "Mike - st257" kirjoitti: > > > >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 > >> wrote: > >> > >> > I second Eero's comment, use a new IPSec daemon. > >> > > >> > Openswan was forked and became Libreswan. Paul, now a RH employee, > was a > >> > main developer for the Openswan project before he and others created > the > >> > Libreswan fork. > >> > https://libreswan.org/ > >> > > >> > EL6 has Openswan > >> > EL7 has Libreswan > >> > > >> > Racoon isn't all that fun to work with. > >> > If you have the option, ditch it and EL5 and move to a newer platform > >> > (preferably EL7 with Libreswan). > >> > > >> > >> There's an RPM spec file (though I've not used it) for building Openswan > >> for EL5. > >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5 > >> > >> Additionally, here's some info but I advise against the Racoon IPSec > >> daemon. > >> > >> > https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html > >> https://wiki.debian.org/IPsec > >> > >> > >> > > >> > > >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen < > eero.voloti...@iki.fi> > >> > wrote: > >> > > >> >> Yes you can. Please use newer version of centos and strong/openswan. > >> >> > >> >> Eero > >> >> 21.3.2016 7.05 ip. "Glenn Pierce" kirjoitti: > >> >> > >> >> > Hi I hope someone can answer something I'm sure is quite basic. > >> >> > > >> >> > I am following the instructions at > >> >> > > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html > >> >> > On setting up a VPN > >> >> > > >> >> > The part I am having trouble with is when it show the > >> >> > /etc/racoon/racoon.conf file. > >> >> > But it doesn't say whay you have to do with this file. > >> >> > > >> >> > When I bring up my connection > >> >> > > >> >> > ifup bicester > >> >> > > >> >> > I get > >> >> > RTNETLINK answers: No such device > >> >> > > >> >> > looking at /var/messages I see > >> >> > > >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in > >> >> use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address > *.*.*.*[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] > >> >> > (Address already in use). > >> >> > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] > >> >> > used as isakmp port (fd=25) > >> >> > > >> >> > There was an existing setup done long ago. > >> >> > > >> >> > How can I setup more than one vpn connection (manually as this is a > >> >> > headless server) > >> >> > or is that not possible ? > >> >> > > >> >> > Thanks for any pointers > >> >> > ___ > >> >> > CentOS mailing list > >> >> > CentOS@centos.org > >> >> > https://lists.centos.org/mailman/listinfo/centos > >> >> > > >> >> ___ > >> >> CentOS mailing list > >> >> CentOS@centos.org > >> >> https://lists.centos.org/mailman/listinfo/centos > >> >> > >> > > >> > > >> > > >> > -- > >> > ---~~.~~--- > >> > Mike > >> > // SilverTip257 // > >> > > >> > >> > >> > >> -- > >> ---~~.~~--- > >> Mike > >> // SilverTip257 // > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Will ask my boss :) We are hosted on memset so not so easy to update Thanks On 21 March 2016 at 17:36, Eero Volotinenwrote: > Centos 5 is still soon end of life. Using it as ipsec gateway is .. > > Eero > 21.3.2016 7.25 ip. "Mike - st257" kirjoitti: > >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 >> wrote: >> >> > I second Eero's comment, use a new IPSec daemon. >> > >> > Openswan was forked and became Libreswan. Paul, now a RH employee, was a >> > main developer for the Openswan project before he and others created the >> > Libreswan fork. >> > https://libreswan.org/ >> > >> > EL6 has Openswan >> > EL7 has Libreswan >> > >> > Racoon isn't all that fun to work with. >> > If you have the option, ditch it and EL5 and move to a newer platform >> > (preferably EL7 with Libreswan). >> > >> >> There's an RPM spec file (though I've not used it) for building Openswan >> for EL5. >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5 >> >> Additionally, here's some info but I advise against the Racoon IPSec >> daemon. >> >> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html >> https://wiki.debian.org/IPsec >> >> >> > >> > >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen >> > wrote: >> > >> >> Yes you can. Please use newer version of centos and strong/openswan. >> >> >> >> Eero >> >> 21.3.2016 7.05 ip. "Glenn Pierce" kirjoitti: >> >> >> >> > Hi I hope someone can answer something I'm sure is quite basic. >> >> > >> >> > I am following the instructions at >> >> > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html >> >> > On setting up a VPN >> >> > >> >> > The part I am having trouble with is when it show the >> >> > /etc/racoon/racoon.conf file. >> >> > But it doesn't say whay you have to do with this file. >> >> > >> >> > When I bring up my connection >> >> > >> >> > ifup bicester >> >> > >> >> > I get >> >> > RTNETLINK answers: No such device >> >> > >> >> > looking at /var/messages I see >> >> > >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in >> >> use). >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] >> >> > (Address already in use). >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] >> >> > (Address already in use). >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] >> >> > (Address already in use). >> >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] >> >> > (Address already in use). >> >> > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] >> >> > used as isakmp port (fd=25) >> >> > >> >> > There was an existing setup done long ago. >> >> > >> >> > How can I setup more than one vpn connection (manually as this is a >> >> > headless server) >> >> > or is that not possible ? >> >> > >> >> > Thanks for any pointers >> >> > ___ >> >> > CentOS mailing list >> >> > CentOS@centos.org >> >> > https://lists.centos.org/mailman/listinfo/centos >> >> > >> >> ___ >> >> CentOS mailing list >> >> CentOS@centos.org >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> > >> > >> > >> > -- >> > ---~~.~~--- >> > Mike >> > // SilverTip257 // >> > >> >> >> >> -- >> ---~~.~~--- >> Mike >> // SilverTip257 // >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Centos 5 is still soon end of life. Using it as ipsec gateway is .. Eero 21.3.2016 7.25 ip. "Mike - st257"kirjoitti: > On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 > wrote: > > > I second Eero's comment, use a new IPSec daemon. > > > > Openswan was forked and became Libreswan. Paul, now a RH employee, was a > > main developer for the Openswan project before he and others created the > > Libreswan fork. > > https://libreswan.org/ > > > > EL6 has Openswan > > EL7 has Libreswan > > > > Racoon isn't all that fun to work with. > > If you have the option, ditch it and EL5 and move to a newer platform > > (preferably EL7 with Libreswan). > > > > There's an RPM spec file (though I've not used it) for building Openswan > for EL5. > https://github.com/xelerance/Openswan/tree/master/packaging/centos5 > > Additionally, here's some info but I advise against the Racoon IPSec > daemon. > > https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html > https://wiki.debian.org/IPsec > > > > > > > > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen > > wrote: > > > >> Yes you can. Please use newer version of centos and strong/openswan. > >> > >> Eero > >> 21.3.2016 7.05 ip. "Glenn Pierce" kirjoitti: > >> > >> > Hi I hope someone can answer something I'm sure is quite basic. > >> > > >> > I am following the instructions at > >> > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html > >> > On setting up a VPN > >> > > >> > The part I am having trouble with is when it show the > >> > /etc/racoon/racoon.conf file. > >> > But it doesn't say whay you have to do with this file. > >> > > >> > When I bring up my connection > >> > > >> > ifup bicester > >> > > >> > I get > >> > RTNETLINK answers: No such device > >> > > >> > looking at /var/messages I see > >> > > >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in > >> use). > >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] > >> > (Address already in use). > >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] > >> > (Address already in use). > >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] > >> > (Address already in use). > >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] > >> > (Address already in use). > >> > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] > >> > used as isakmp port (fd=25) > >> > > >> > There was an existing setup done long ago. > >> > > >> > How can I setup more than one vpn connection (manually as this is a > >> > headless server) > >> > or is that not possible ? > >> > > >> > Thanks for any pointers > >> > ___ > >> > CentOS mailing list > >> > CentOS@centos.org > >> > https://lists.centos.org/mailman/listinfo/centos > >> > > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > > > > > > > -- > > ---~~.~~--- > > Mike > > // SilverTip257 // > > > > > > -- > ---~~.~~--- > Mike > // SilverTip257 // > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257wrote: > I second Eero's comment, use a new IPSec daemon. > > Openswan was forked and became Libreswan. Paul, now a RH employee, was a > main developer for the Openswan project before he and others created the > Libreswan fork. > https://libreswan.org/ > > EL6 has Openswan > EL7 has Libreswan > > Racoon isn't all that fun to work with. > If you have the option, ditch it and EL5 and move to a newer platform > (preferably EL7 with Libreswan). > There's an RPM spec file (though I've not used it) for building Openswan for EL5. https://github.com/xelerance/Openswan/tree/master/packaging/centos5 Additionally, here's some info but I advise against the Racoon IPSec daemon. https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html https://wiki.debian.org/IPsec > > > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen > wrote: > >> Yes you can. Please use newer version of centos and strong/openswan. >> >> Eero >> 21.3.2016 7.05 ip. "Glenn Pierce" kirjoitti: >> >> > Hi I hope someone can answer something I'm sure is quite basic. >> > >> > I am following the instructions at >> > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html >> > On setting up a VPN >> > >> > The part I am having trouble with is when it show the >> > /etc/racoon/racoon.conf file. >> > But it doesn't say whay you have to do with this file. >> > >> > When I bring up my connection >> > >> > ifup bicester >> > >> > I get >> > RTNETLINK answers: No such device >> > >> > looking at /var/messages I see >> > >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in >> use). >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] >> > (Address already in use). >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] >> > (Address already in use). >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] >> > (Address already in use). >> > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] >> > (Address already in use). >> > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] >> > used as isakmp port (fd=25) >> > >> > There was an existing setup done long ago. >> > >> > How can I setup more than one vpn connection (manually as this is a >> > headless server) >> > or is that not possible ? >> > >> > Thanks for any pointers >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> > >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > > > -- > ---~~.~~--- > Mike > // SilverTip257 // > -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
And centos 5 is really soon end of life. Eero 21.3.2016 7.18 ip. "Mike - st257"kirjoitti: > I second Eero's comment, use a new IPSec daemon. > > Openswan was forked and became Libreswan. Paul, now a RH employee, was a > main developer for the Openswan project before he and others created the > Libreswan fork. > https://libreswan.org/ > > EL6 has Openswan > EL7 has Libreswan > > Racoon isn't all that fun to work with. > If you have the option, ditch it and EL5 and move to a newer platform > (preferably EL7 with Libreswan). > > > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen > wrote: > > > Yes you can. Please use newer version of centos and strong/openswan. > > > > Eero > > 21.3.2016 7.05 ip. "Glenn Pierce" kirjoitti: > > > > > Hi I hope someone can answer something I'm sure is quite basic. > > > > > > I am following the instructions at > > > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html > > > On setting up a VPN > > > > > > The part I am having trouble with is when it show the > > > /etc/racoon/racoon.conf file. > > > But it doesn't say whay you have to do with this file. > > > > > > When I bring up my connection > > > > > > ifup bicester > > > > > > I get > > > RTNETLINK answers: No such device > > > > > > looking at /var/messages I see > > > > > > ERROR: failed to bind to address 127.0.0.1[500] (Address already in > use). > > > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] > > > (Address already in use). > > > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] > > > (Address already in use). > > > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] > > > (Address already in use). > > > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] > > > (Address already in use). > > > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] > > > used as isakmp port (fd=25) > > > > > > There was an existing setup done long ago. > > > > > > How can I setup more than one vpn connection (manually as this is a > > > headless server) > > > or is that not possible ? > > > > > > Thanks for any pointers > > > ___ > > > CentOS mailing list > > > CentOS@centos.org > > > https://lists.centos.org/mailman/listinfo/centos > > > > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > > > > -- > ---~~.~~--- > Mike > // SilverTip257 // > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
I second Eero's comment, use a new IPSec daemon. Openswan was forked and became Libreswan. Paul, now a RH employee, was a main developer for the Openswan project before he and others created the Libreswan fork. https://libreswan.org/ EL6 has Openswan EL7 has Libreswan Racoon isn't all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform (preferably EL7 with Libreswan). On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinenwrote: > Yes you can. Please use newer version of centos and strong/openswan. > > Eero > 21.3.2016 7.05 ip. "Glenn Pierce" kirjoitti: > > > Hi I hope someone can answer something I'm sure is quite basic. > > > > I am following the instructions at > > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html > > On setting up a VPN > > > > The part I am having trouble with is when it show the > > /etc/racoon/racoon.conf file. > > But it doesn't say whay you have to do with this file. > > > > When I bring up my connection > > > > ifup bicester > > > > I get > > RTNETLINK answers: No such device > > > > looking at /var/messages I see > > > > ERROR: failed to bind to address 127.0.0.1[500] (Address already in use). > > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] > > (Address already in use). > > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] > > (Address already in use). > > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] > > (Address already in use). > > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] > > (Address already in use). > > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] > > used as isakmp port (fd=25) > > > > There was an existing setup done long ago. > > > > How can I setup more than one vpn connection (manually as this is a > > headless server) > > or is that not possible ? > > > > Thanks for any pointers > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] IPSec multiple VPN setups
Yes you can. Please use newer version of centos and strong/openswan. Eero 21.3.2016 7.05 ip. "Glenn Pierce"kirjoitti: > Hi I hope someone can answer something I'm sure is quite basic. > > I am following the instructions at > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html > On setting up a VPN > > The part I am having trouble with is when it show the > /etc/racoon/racoon.conf file. > But it doesn't say whay you have to do with this file. > > When I bring up my connection > > ifup bicester > > I get > RTNETLINK answers: No such device > > looking at /var/messages I see > > ERROR: failed to bind to address 127.0.0.1[500] (Address already in use). > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] > (Address already in use). > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] > (Address already in use). > Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500] > (Address already in use). > Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500] > (Address already in use). > Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500] > used as isakmp port (fd=25) > > There was an existing setup done long ago. > > How can I setup more than one vpn connection (manually as this is a > headless server) > or is that not possible ? > > Thanks for any pointers > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos