Questions tagged [site-to-site-vpn]
The site-to-site-vpn tag has no usage guidance.
462
questions
14
votes
3
answers
9k
views
What is the difference between AWS site-to-site VPN and AWS client VPN?
I know that site-to-site is using IPSec (layer 3), but client is using TLS (application layer). It seems like both are actually site to site vpns after reading articles/ docs online.
I guess the ...
9
votes
4
answers
50k
views
Can I automatically ROUTE ADD xxxx after i make a VPN connection in Windows 7?
after I make a VPN connection to my work/whatever, I currently have to go into the command prompt and manually add a route.
eg.
ROUTE ADD 10.1.0.0 255.255.0.0 172.16.3.0 METRIC 1 or whatever the ...
8
votes
2
answers
51k
views
Openvpn routing for lan to lan through tun
I am trying to setup an OpenVPN tun to connect two lan's
The open vpn connection is up and working but there is a problem with my routing or nat or something.
What I need is an example of what a ...
6
votes
1
answer
65k
views
IPsec VPN site-to-site: How should I configure the ipsec.conf files on both sites to get the tunnel up?
What I am trying to do is to create a site-to-site IPsec VPN between my network and my friend's network. We both have a router and two computers on each router, with all computers running Linux. So I ...
6
votes
1
answer
1k
views
Can Read-Only Domain Controller in External location work when VPN tunnel is down?
I have client which has multiple sites all over the world. They have 2 domain controllers in main location and every other location connects thru to main site with vpn tunnel. Currently the network is ...
6
votes
1
answer
16k
views
VPN Encryption Domain
I'm trying to connect to a counterparty using VPN IPsec. I have a standard cable broadband connection with a single static IP address.
The counterparty have asked me for my "Public IP Address Assigned ...
5
votes
1
answer
16k
views
Site-to-site IPSec routing (Ubuntu, StrongSwan)
I am stuck in trying to connect two networks.
SiteA: is a number of VPS in different locations and office workstations connected with OpenVPN in a private network 10.113.0.0/24. Each has it's own ...
5
votes
5
answers
20k
views
Improving VPN performance - stronger encryption = more performance?
I have a site-to-site VPN set up with two SonicWall's (a TZ170 and a Pro1260). It was suggested to me that turning off encryption (so the VPN is tunneling only) would improve performance. (I'm not ...
5
votes
1
answer
7k
views
Connecting two AWS Regions: Why not use two Virtual Private Gateways?
I am attempting to connect two AWS regions. AWS's documentation suggests starting up an instance on both sides to run software IPSec (OpenSWAN or StrongSWAN), giving both instances an elastic IP and ...
5
votes
1
answer
4k
views
Direct connection between multiple clients on OpenVPN
I've spent my entire day learning about VPN, and have been working with following setup:
2 VPS Servers at the same data centre in Texas. (Texas1 and Texas2), 1 VPS in England and 1 VPS in Atlanta and ...
5
votes
1
answer
12k
views
Site-to-Site IPsec vpn not sending ping across a tunnel
This is my first attempt at a site-to-site VPN. I chose to use IPec because it appeared to be the best solution for what I needed to accomplish. I've followed several different tutorials over the last ...
5
votes
2
answers
10k
views
Site to Site VPN between CISCO 2921 and Sonicwall NSA 3600: NO_PROPOSAL_CHOSEN
I have CISCO 2921 and Sonicwall NSA 3600. I am trying to setup Site to site VPN. I am getting:
Received notify. NO_PROPOSAL_CHOSEN
in Sonicwall logs and the VPN is not setup.
It looks like the ...
5
votes
0
answers
1k
views
Site-to-site VPN using MD5 instead of SHA and getting regular disconnection
We are experiencing some strange behavior with a site-to-site IPsec VPN that goes down about every week for 30 minutes (Iam told 30 minutes exactly).
I don't have access to the logs, so it's ...
4
votes
2
answers
17k
views
pfSense Site-toSite VPN with OpenVPN connects but won't route traffic
Using two pfSense routers, I've created a shared-key VPN between 2 sites. Both routers are pfSense 1.2.2. The pfSense box at the client site is the gateway router for that site, but at the server ...
4
votes
1
answer
6k
views
Azure Site-to-Site VPN with a Linux based router to bridge the VPN ports to a RRAS server while keeping NAT for other traffic
I am trying to get an Azure Site-to-Site VPN up and running using RRAS but require help configuring my router's iptables to bridge the VPN ports and protocols to the RRAS server without using NAT ...
4
votes
2
answers
4k
views
TCP Reverse Proxy through VPN
I have a rather odd situation, but it's simple, I swear. I have a server (we'll call it host A) that's connected up to the internet and I use for some websites and other odds and ends. I have another ...
4
votes
3
answers
16k
views
Can I make a site-to-site VPN with a public IP on one side only?
I purchased two Cisco RV110W routers to create a site-to-site VPN between two offices. At the main office we have a static IP connected directly to the RV110W. The other office is an executive suite,...
4
votes
2
answers
13k
views
Understanding ipsec with NAT and dynamic IP's
I'm using OpenSWAN to set up a net-to-net VPN tunnel. I have succeeded in configuring a test scenario as follows:
About test and test2:
they are Ubuntu 12.04 virtual machines created using ubuntu-vm-...
4
votes
1
answer
699
views
Is it possible to connect two IPSec site-to-site VPNs to one Windows 2008 Server?
I need to connect to two IPSEC site to site vpns from a Windows 2008 Server at the same time. Is it posible?
I tried to assign two IP Security Policies, but it seems I can only have one assigned at ...
4
votes
2
answers
2k
views
VNET peering with on-premise gateway transit not working properly
We have a VNET (let's call it VN_MAIN) that is configured to have a S2S VPN connection to our on-premise network. The VMs deployed within subnets of VN_MAIN are reachable from on-premise.
What I'm ...
4
votes
1
answer
2k
views
site to site VPN
The problem i am facing is establishment of a site to site VPN in between pfSense( version 2.0.1) and SonicWall Pro2040 Enhanced ( Firmware Version: SonicOS Enhanced 4.2.1.4-7e) .
All of the ...
4
votes
1
answer
6k
views
Site to site VPN : how does the routing work?
I've established a site to site VPN with two Zyxell routers. Site A (LAN: 192.168.16.x) is the main office, and site B (LAN: 192.168.17.x) is a branch office. Both sites are able to reach each other, ...
4
votes
2
answers
5k
views
How do I setup a site-to-site VPN between two Windows 2008 servers?
We have a Windows 2008 server that we want to move offsite to the cloud (we're using Rackspace). It has to talk to our Active Directory domain constantly, so we need a stable site-to-site VPN between ...
4
votes
2
answers
12k
views
Can't ping or traceroute through AWS IPSec VPN
My VPC is connected to my premises via IPSec VPN, tunnel is shown to be UP on AWS console.
Things that work:
I can see the traffic from my premises (subnet 192.168.0.0/16) to AWS VPC ( 10.0.0.0/16) ...
4
votes
2
answers
7k
views
Site to Site VPN error 'received hash payload does not match computed value'
We need to access a couple of Linux machines located at our client's end.
Our Linux machine, from which we need to access client's machine is located on cloud.
The connection to be established is ...
4
votes
0
answers
4k
views
Azure VPN Keeps Dropping Connection And Won't Come Back Up
I have a site-to-site network setup in Azure to allow my servers in Azure connect to some local resources. The gateway is setup with static routing (policy based). If the connection is inactive for ...
4
votes
1
answer
6k
views
VPN ERROR 500 STATE_MAIN_I1, unable to start phase2
i'm trying to set up a site to site vpn to a fortigate 60c from a CentOS 7 with openswan, the error i get everytime is the following
000 #1: "office":500 STATE_MAIN_I1 (sent MI1, expecting MR1);
...
4
votes
2
answers
8k
views
subnet-to-subnet libreswan ipsec vpn
I'm configuring a "subnet to subnet VPN" between two Centos 7 server using libreswan.
Each server has two nic as showed in the following image.
I would allow secure communication between the subnets ...
3
votes
2
answers
9k
views
Client packets not forwarded over strongSwan IPsec site-to-site tunnel for client and gateway on the same server
I have a site-to-site IPsec tunnel set up with strongSwan between my CentOS 7 virtual private server (public IP x.x.x.233 for subnet 172.25.10.0/24) and a customer's network (public IP y.y.y.24 for ...
3
votes
3
answers
16k
views
VMWare ESXi - VPN Tunnel to VMs
We are looking at renting a VMWare ESXi server through a provider. This VMWare ESXi server will be allocated a public IP. Most of the VMs that we will host on this server is only meant to be used ...
3
votes
2
answers
3k
views
DNS Server replication created duplicate A-Records
I have a several Windows Server 2008 R2 DC/DNS servers locally, RODC's at the remote office, and a Windows Server 2012 DC/DNS server on Azure with a VPN tunnel established.
Earlier today I moved a ...
3
votes
5
answers
373
views
E-Discovery and personal computers
What, if any, steps do you take to minimize the potential of client personal computers being subject to e-discovery during potential lawsuits when their personal home computers are used for work?
...
3
votes
2
answers
20k
views
number of hops using tracert over vpn
I work for a small tech company that is signing up a new client that has two locations connected via a site to site VPN. If I run tracert from one pc to another pc at the remote office, there are no ...
3
votes
1
answer
2k
views
IPSec L2L Failover between two pfSense devices
Is it possible to achieve IPSec L2L failover (ie, from one WAN interface to another) between two pfSense devices using Gateway Groups, or really anything other than defining multiple IPSec connections ...
3
votes
1
answer
3k
views
Site-specific folder redirection through group policy
Suppose I have two sites - A and B - both with 5/5 Mbps WAN links that are connected via L2L VPN. Each Site is defined in AD Sites 'n Services with its own domain controllers, etc. The problem is that ...
3
votes
4
answers
6k
views
What is the least expensive gateway for Amazon VPC?
I need to prototype a solution using Amazon VPC - what's the least expensive option available to create a VPC gateway on our side for the test lab?
I realize there are probably free VPN gateways (...
3
votes
1
answer
6k
views
Openswan Cisco ASA 9.1 -- cannot resopnd to IPsec SA request because no connection is known for
Ok, so I have a simple VPN IPSEC setup with a single Linux host that has a public IP address and a loopback interface of 172.16.255.1. On the right side I have a Cisco ASA 5505 9.1. the issue is the ...
3
votes
1
answer
4k
views
site-to-site VPN between cisco ASA and 870 cannot ping remote network
I have two sites which are connected through site-to-site vpn from cisco.
One site has a cisco ASA router, the other has a cisco 870 router
The tunnel has been setup, and active, however I cannot ...
3
votes
1
answer
1k
views
site to site openvpn with Merlin and DD-WRT
I am trying to setup an OpenVPN site to site between site A(Server-Merlin) and site B(Client DD-WRT). The tunnel comes up and both peers are able to ping each other but when anyone on the client ...
3
votes
1
answer
4k
views
ASA 5510 Site to Site VPN works in one direction
I have setup a site to site VPN connection between two Cisco ASA 5510. One site (let's call it A) can see the private network of the other site (site B), but site B cannot see the private network of ...
3
votes
3
answers
9k
views
Pfsense OpenVPN Site to Site Routing issues
I know this question has been asked a plethora of times before and I have looked over probably 100 different answers and still can't seem to get this to work.
I'm trying to create a very simple site ...
2
votes
3
answers
187
views
How quickly should data/files be visible on a network share that goes through a VPN tunnel?
I'm looking for information on how information is shared/passed across a network between a Windows 7 client OS and a Windows Server 2008 server?
Little history of our setup (I apologize as for Im not ...
2
votes
2
answers
1k
views
Cisco ASA 5505 can't talk to anything on Site-to-Site VPN
So I have a Cisco ASA 5505 Setup with 2 Site-to-Site VPN's and a Remote Access VPN, now anything connected (Hardwired, S2S VPN or RA VPN) can all talk to each other without a problem.
The problem ...
2
votes
1
answer
1k
views
What are the VPN configuration requirements for site-to-site VPN with Azure?
I'm using a Cisco RV325, and I don't have access to any bigger/better routers.
My understanding is that the RV325 should still support the necessary security protocols to connect to the Azure site-to-...
2
votes
1
answer
19k
views
How can I NAT traffic for one VPN to come from a different IP on Cisco ASA?
I have a Cisco ASA firewall between our private network (10.1.0.0/16) and the outside world, and multiple VPNS going to client sites.
Existing:
[10.1.0.2...] = source client
|
[10.1.0.1 ASA &...
2
votes
4
answers
4k
views
DHCP over VPN between SonicWALL NSA-2400 and NSA-240 loses connectivity each night
In my central office I have a SonicWALL NSA-2400 appliance acting as the hub for several remote offices. It is configured to pass DHCP requests to my internal DHCP server. The VPN connection works ...
2
votes
1
answer
8k
views
IKEV2 IPSEC Autostart, restart, daemon
I use strongswan for IKEV2 and IPSEC.
And i don't know how to keep it updated, and running on change restart etc.
For starting service i use:
systemctl status strongswan
Afer that i need to type
...
2
votes
1
answer
3k
views
Ipsec nat-traversal on port 4500
What is the point of switching the traffic on port 4500 in Phase 1 of IPSec negotiatons From 5th packets onwards? Since the NAT Is already detected in packet 3 and 4 itself, can’t we simply continue ...
2
votes
2
answers
3k
views
Azure backup VPN tunnel
Is it possible to set up a failover site to site VPN tunnel in Azure?
I have one tunnel already established to local network "MyLocalNet". I want to set up a second tunnel with a different endpoint ...
2
votes
1
answer
2k
views
VPN IP Routing - slow connections
UPDATE: Router error logs show:
LCP Time-out 0
I'm not sure how to correct this. The Lan-to-Lan profiles are set to -1 Idle Timeout (for the remote branch).
I have a PPTP VPN running between two ...