cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • About ohv_

Re: VPN to Linux IPsec

by in Security / SD-WAN
‎02-05-2019 02:44 PM
‎02-05-2019 02:44 PM
can you post your config? I never wasnt able to ping any side. ... View more

Re: VPN to Linux IPsec

by in Security / SD-WAN
‎12-07-2017 04:53 PM
‎12-07-2017 04:53 PM
IT is the machine. its a DNS machine. I have it connected to a PaloAlto box (my home) cant connect and pass traffic to the MX.   Its not a router to pass traffic to a intern segment, its the box it self connecting to the VPN for local/remote access via the VPN.    https://documentation.meraki.com/MX-Z/Client_VPN/Client_VPN_OS_Configuration#Linux     ... View more

Re: VPN to Linux IPsec

by in Security / SD-WAN
‎12-07-2017 04:44 PM
‎12-07-2017 04:44 PM
This isnt a router, its a box/vm with services.    the goal is to connect to the machine via the VPN not on the public facing interface with a /30 ... View more

Re: VPN to Linux IPsec

by in Security / SD-WAN
‎12-07-2017 04:29 PM
‎12-07-2017 04:29 PM
Sorry- Only 1 public IP address, no LAN segment.    I was referring to the ip for the internal side (left)   leftsubnet=10.99.10.0/24 leftid=138.197.xx.xx leftfirewall=yes leftsourceip=10.99.10.2 ... View more

Re: VPN to Linux IPsec

by in Security / SD-WAN
‎12-07-2017 02:23 PM
‎12-07-2017 02:23 PM
nothing is in ifconfig or ip link   I can add the address via 'ifconfig eth0:0 10.99.10.2 netmask 255.255.255.0' still nada. ... View more

Re: VPN to Linux IPsec

by in Security / SD-WAN
‎12-07-2017 01:26 PM
‎12-07-2017 01:26 PM
@PhilipDAth any ideas on this one? ... View more

Re: Security Vulnerability (MX64W) regarding lighttpd v1.4.39 (CVE-2016-100...

by in Security / SD-WAN
‎12-05-2017 04:00 PM
‎12-05-2017 04:00 PM
Being the page doesn't do any cgi or proxy I dont see any issues. ... View more

Re: Psion Handheld do not work

by in Wireless LAN
‎12-05-2017 02:49 PM
‎12-05-2017 02:49 PM
Can I get the model number? I had some issues with some POS handhelds connecting to the wifi, need to allow legacy a/b to connect.  ... View more

Re: VPN to Linux IPsec

by in Security / SD-WAN
‎12-05-2017 11:46 AM
‎12-05-2017 11:46 AM
Single interface eth0, I originally just did a /30 but all the guides I was following was a /24   My goal is just to access the digitalocean box on the internal connection ... View more

Re: VPN to Linux IPsec

by in Security / SD-WAN
‎12-05-2017 11:40 AM
‎12-05-2017 11:40 AM
Unfortunately I am getting the same result, this is the first time connecting a Linux box via ipsec so Im sorta reading docs to sort this one out.     ifconfig eth0:0 10.99.10.2 netmask 255.255.255.0 ip route add table 220 192.168.88.0/24 dev eth0   Ive tried adding to the route table... adding a IP address to eth0, firewall up/down/sideways etc. ... View more

Re: VPN to Linux IPsec

by in Security / SD-WAN
‎12-05-2017 11:21 AM
‎12-05-2017 11:21 AM
I have the following in there   net.ipv4.ip_forward = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0   I will try your config now ... View more

VPN to Linux IPsec

by in Security / SD-WAN
‎12-05-2017 11:03 AM
‎12-05-2017 11:03 AM
I am having a real hard time getting a Centos server passing traffic. I can see the phase1, support says they see phase2.   Something im missing? Anyone can help out with this? In dashboard I see the 3rd party vpn 'green; however can not pass traffic.     Dec 5 10:50:10 Non-Meraki / Client VPN negotiation msg: Port pool depleted Dec 5 10:50:10 Non-Meraki / Client VPN negotiation msg: isakmp_cfg_config.port_pool == NULL Dec 05 10:35:54 172.250.xx.xx logger: <134>1 1512498954.876248811 Warden_Norton events Site-to-site VPN: initiate new phase 1 negotiation: 172.250.xx.xx[500]<=>138.197.xx.xx[500] Dec 05 10:35:54 172.250.xx.xx logger: <134>1 1512498954.916584505 Warden_Norton events Site-to-site VPN: ISAKMP-SA established 172.250.xx.xx[4500]-138.197.xx.xx[4500] spi:c01173e9csd7ff643aa:c45a9c5dasdsad7e68018a [root@dns-ca1 ~]# strongswan statusall meraki-vpn Status of IKE charon daemon (strongSwan 5.5.3, Linux 3.10.0-693.5.2.el7.x86_64, x86_64): uptime: 11 days, since Nov 24 03:47:52 2017 malloc: sbrk 1622016, mmap 0, used 502864, free 1119152 worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 3 loaded plugins: charon aes des rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp curve25519 xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp unity Listening IP addresses: 138.197.xx.xx Connections: meraki-vpn: 138.197.xx.xx...172.250.xx.xx IKEv1 meraki-vpn: local: [138.197.xx.xx] uses pre-shared key authentication meraki-vpn: remote: [172.250.xx.xx] uses pre-shared key authentication meraki-vpn: child: 10.99.10.0/24 === 192.168.88.0/24 10.255.255.0/24 192.168.89.0/24 TUNNEL Security Associations (1 up, 0 connecting): meraki-vpn[1]: ESTABLISHED 47 seconds ago, 138.197.xx.xx[138.197.xx.xx]...172.250.xx.xx[172.250.xx.xx] meraki-vpn[1]: IKEv1 SPIs: c01173ejj97hff643aa_i c45a9c5d7e68jhf018a_r*, pre-shared key reauthentication in 7 hours meraki-vpn[1]: IKE proposal: 3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 [root@dns-ca1 ~]# [root@dns-ca1 ~]# cat /etc/ipsec.conf config setup # strictcrlpolicy=yes # uniqueids = no conn %default ikelifetime=28800s keylife=60m rekeymargin=3m keyingtries=1 keyexchange=ikev1 authby=secret conn meraki-vpn aggressive=no mobike=yes left=138.197.xx.xx leftsubnet=10.99.10.0/24 leftid=138.197.xx.xx leftfirewall=yes leftsourceip=10.99.10.2 right=172.250.xx.xx rightsubnet=192.168.88.0/24,10.255.255.0/24,192.168.89.0/24 # rightsubnet=192.168.88.0/24 rightid=172.250.xx.xx auto=add type=tunnel ike=3des-md5-modp1024,3des-sha1-modp1024! esp=3des-md5,3des-sha1 [root@dns-ca1 ~]# [root@dns-ca1 ~]# ip -s xfrm policy src 10.99.10.0/24 dst 192.168.88.0/24 uid 0 dir out action allow index 65 priority 375423 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-12-05 18:50:10 use - tmpl src 138.197.xx.xx dst 172.250.xx.xx proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel level required share any enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff src 192.168.88.0/24 dst 10.99.10.0/24 uid 0 dir fwd action allow index 82 priority 375423 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-12-05 18:50:10 use - tmpl src 172.250.xx.xx dst 138.197.xx.xx proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel level required share any enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff src 192.168.88.0/24 dst 10.99.10.0/24 uid 0 dir in action allow index 72 priority 375423 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-12-05 18:50:10 use - tmpl src 172.250.xx.xx dst 138.197.xx.xx proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel level required share any enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff   ... View more
Labels:
© 2023 Meraki