Differences

This shows you the differences between two versions of the page.

--- network_stuff:vpn_troubleshooting [2020/05/27 16:12] – jotasandoku
+++ network_stuff:vpn_troubleshooting [2023/11/02 14:38] (current) – external edit 127.0.0.1
@@ Line 70: / Line 70: @@
-----
-**OPENVPN SERVER RASPBERRY PI**
-[[https://dzone.com/articles/how-to-setup-an-openvpn-server-on-a-raspberry-pi]]\\
-  curl -L https://install.pivpn.io | bash
-  # set it as static, you shoud have configured the dhcp reservation and port forwarding in the gw before this!
-  pivpn add nopass # to create profiles. IMPORTANT: in the .ovpn you have the static pub ip, Replece it with the DNS entry!
-  #
-  /var/log/openvpn-status.log       # just 3-4 lines with status
-  /var/log/openvpn.log
-  /etc/openvpn/server.conf
-  # all fields nicely explained here : https://github.com/OpenVPN/openvpn/blob/master/sample/sample-config-files/server.conf
@@ Line 146: / Line 134: @@
 LIBRESWAN STRONGSWAN NOTES:
-  * [[https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Concepts/libreswan.htm]]
+  * [[https://docs.cloud.mycompany2.com/en-us/iaas/Content/Network/Concepts/libreswan.htm]]
   * [[https://dc77312.wordpress.com/2019/01/08/libreswan-ipsec-vpn-on-centos-7-and-windows-10/]]
   * pluto is is an IKE ("IPsec Key Exchange") daemon
@@ Line 154: / Line 142: @@
   systemctl enable ipsec
   systemctl start ipsec
+  # Use this to add and bring up the tunnel and see the exchange!
+  ipsec auto --add mycompany2-tunnel-1
+  ipsec auto --up mycompany2-tunnel-1
   * In the vnic: "tick skip Source/Dest Checks"
@@ Line 159: / Line 152: @@
   # https://libreswan.org/man/ipsec.conf.5.html
-  conn oracle-tunnel-1
+  conn mycompany2-tunnel-1
        left=10.156.0.23
        # leftid=193.123.39.207 # This is the public IP (nat-t)
@@ Line 171: / Line 164: @@
        vti-routing=no
        ikev2=insist # To use IKEv2, change to ikev2=insist
-       ike=aes_cbc256-sha2_384;modp1536     # "cipher-hash;modpgroup,.."IKE encryption/authentication algorithm to be used for the connection (phase 1 aka ISAKMP SA).
+       ike=aes_cbc256-sha2_384;modp1536     # "cipher-hash;modpgroup,.."IKE encryption/authentication algorithm (and dh-modpgroup) to be used for the connection (phase 1 aka ISAKMP SA).
        phase2alg=aes_gcm256;modp1536  # (alias esp) . Algorithms that will be offered/accepted for a phase2 negotiatio (~transform set) .format for ESP is ENC-AUTH followed by one optional PFSgroup. For instance, "3des-md5" or "aes256-sha1;modp2048" or "aes-sha1,aes-md5". When specifying multiple algorithms, specify the PFSgroup last, e.g. "3des-md5,aes256-sha1;modp2048".
        encapsulation=yes
@@ Line 181: / Line 174: @@
   my-pub-ip x-end-pub-ip : PSK "a64-charslongrandomstringgeneratedwithpwgenoropensslorothertool"
+----
+CLASSY IPSEC-VPN TROUBLESHOOT:
+  * [[http://www.twine-networks.com/blog/posts/5-troubleshooting-ipsec-log-messages]]
+  * [[https://www.blackhole-networks.com/IKE_Modes/ikev1-quick.html]]

dokucama

User Tools

Site Tools

Differences

Page Tools