IPSec Multiple VPN Setups

Home » CentOS » IPSec Multiple VPN Setups
CentOS 22 Comments

Hi I hope someone can answer something I’m sure is quite basic.

I am following the instructions at https://www.CentOS.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html On setting up a VPN

The part I am having trouble with is when it show the
/etc/racoon/racoon.conf file. But it doesn’t say whay you have to do with this file.

When I bring up my connection

ifup bicester

I get RTNETLINK answers: No such device

looking at /var/messages I see

ERROR: failed to bind to address 127.0.0.1[500] (Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500]
(Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500]
(Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address *.*.*.*[500]
(Address already in use). Mar 21 17:01:05 racoon: ERROR: failed to bind to address ::1[500]
(Address already in use). Mar 21 17:01:05 racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
used as isakmp port (fd%)

There was an existing setup done long ago.

How can I setup more than one vpn connection (manually as this is a headless server)
or is that not possible ?

Thanks for any pointers

22 thoughts on - IPSec Multiple VPN Setups

  • Yes you can. Please use newer version of CentOS and strong/openswan.

    Eero
    21.3.2016 7.05 ip. “Glenn Pierce” kirjoitti:

  • I second Eero’s comment, use a new IPSec daemon.

    Openswan was forked and became Libreswan. Paul, now a RH employee, was a main developer for the Openswan project before he and others created the Libreswan fork. https://libreswan.org/

    EL6 has Openswan EL7 has Libreswan

    Racoon isn’t all that fun to work with. If you have the option, ditch it and EL5 and move to a newer platform
    (preferably EL7 with Libreswan).

  • And CentOS 5 is really soon end of life.

    Eero
    21.3.2016 7.18 ip. “Mike – st257” kirjoitti:

  • CentOS 5 is still soon end of life. Using it as ipsec gateway is ..

    Eero
    21.3.2016 7.25 ip. “Mike – st257” kirjoitti:

  • Glenn Pierce wrote:

    Um, wait a minute: you’re hosted? And they haven’t pushed you to 6 years ago? They haven’t sent warnings that 5 was hitting eol?

    Who are they, please? I want to make sure that if someone asks me about hosting, I can add that to places they should avoid.

    mark

  • Memset.com ? In real world, rhel 5/CentOS 5 gets only critical security patches.

    Eero
    21.3.2016 7.54 ip. kirjoitti:

  • Glenn Pierce wrote:
    check light has been on for months, and just put gas in, and not worry about adding more oil, or going to a mechanic?

    mark

  • I asked about upgrading once and got no reply. Does anyone have experience of having a hosted CentOS upgraded on a virtual server. Would you usually have to pay for a transition instance ?

    —–Original Message—–
    From: “Eero Volotinen”
    Sent: ‎21/‎03/‎2016 18:11
    To: “CentOS mailing list”
    Subject: Re: [CentOS] IPSec multiple VPN setups

    Memset.com ? In real world, rhel 5/CentOS 5 gets only critical security patches.

    Eero
    21.3.2016 7.54 ip. kirjoitti:

    CentOS mailing list CentOS@CentOS.org https://lists.CentOS.org/mailman/listinfo/CentOS

  • Glenn Pierce wrote:
    upgrades, and they announced it to *me*, and no, I didn’t pay anything. And I’m just a “consumer grade” – something like $6US/month.

    I would expect *far* more for commercial hosting.

    mark

  • Yes reinstall. I get you have to purchase a new instance for a time to move over.

    —–Original Message—–
    From: “Eero Volotinen”
    Sent: ‎21/‎03/‎2016 18:38
    To: “CentOS mailing list”
    Subject: Re: [CentOS] IPSec multiple VPN setups

    err. upgrades?

    You mean reinstall? As upgrading between major releases are not supported in any way on CentOS / rhel and clones..


    Eero

    2016-03-21 20:33 GMT+02:00 :

    CentOS mailing list CentOS@CentOS.org https://lists.CentOS.org/mailman/listinfo/CentOS

  • Eero Volotinen wrote:
    telling me they were moving me to an upgraded system; my website runs perl CGI, and that’s about it, the rest is *all* straight HTML, so I doubt I
    would have noticed much.

    mark

  • Glenn Pierce wrote:

    I’d figure that they just move you to an instance that’s already running a newer version of the o/s, giving you time to test for breakage. I really don’t see them charging, except, possibly, for running in parallel during testing.

    mark

  • I’m Sur my boss will agree. Looks like I have a multi terra byte postgres move to look forward to. Thanks evryone

    —–Original Message—–
    From: “m.roth@5-cent.us”
    Sent: ‎21/‎03/‎2016 20:03
    To: “CentOS mailing list”
    Subject: Re: [CentOS] IPSec multiple VPN setups

    Glenn Pierce wrote:

    I’d figure that they just move you to an instance that’s already running a newer version of the o/s, giving you time to test for breakage. I really don’t see them charging, except, possibly, for running in parallel during testing.

    mark

  • I have several CentOS VPSs in several countries around the world. Naturally I don’t have FTP preferring to use SSH, SCP, non-standard ports and restricted to specific incoming individual IPs.

    All run C 6.7 except one on C 5.11, which I am about to upgrade (its difficult because so much is on that machine and I don’t want any downtime).

    Dump your out-of-date C5. C6 is not very different. Everything I run on C5 also runs smoothly on C6.

  • Am 21.03.2016 um 18:17 schrieb Mike – st257 :

    Libreswan will be in the next EL6 release …

  • Anyway, they both use compatible config files?

    Eero
    22.3.2016 12.23 ap. “Leon Fauster” kirjoitti: