VPN

23K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi All,

My company Scenario:

I have connected the branch office to main office using VPN.

Main office is running under domain environment and using a Watch guard as a firewall.
Branch office is running in a work group environment and using a Billion VPN Wi Fi router.

VPN has been set up between Watchguard Firewall (XTM26) and Billion Wifi Router (Bi Pac 8920nz)

VPN is working fine. I am able to take remote of all the computers located in to the branch office using "Microsoft Remote Desktop" from the main office.  

Problem:

I am not able to ping any of the branch office computers. I can ping branch office wifi router and network printer only. What could be the reason?
0
Industry Leaders: We Want Your Opinion!
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Does anyone know of a good, open source product or very reasonably priced product that can be used as an alternative to DFS?

I have a customer with 500gb of data that we want to sync up on a nightly basis, so that if the main site ever goes down, their branch site can stay operational.

So far we've done it the old fashioned way.  Bought a 2TB USB attached drive that's MAILED back and forth.  However, this only gives us a weekly file sync and we'd like it to be over the Internet.  The amount of data which is updated daily is typically 1gb or less, but for the sake of having additional capacity, let's say we want to copy up to 5gb across the Internet from the Main Site to the Branch Site.  There is no VPN between the two locations and the uplink at the Main Site is 1-3 megabits (DSL) and the Branch Site is also in the 1-5 megabits (Cable Internet).  We've thought about doing something like FileZilla and setting up a secure FTP / SCP site and then using WINSCP to run a script to back up modified files, but from reading about it, it doesn't appear to be the best solution.  Duplicati was something else we've kind of looked in to, but it does actual backups and we want to do the backup from Main to Branch and then restore the changed files to the Branch location.  Seems like a two step process that we'd like to avoid if at all possible.

Thanks in advance :-)
0
i have 2 ubuntu servers on in home and one on a remote server and both are running ubuntu server 16.04

i followed this guide to install and configure strongswan https://raymii.org/s/tutorials/IPSEC_vpn_with_Ubuntu_16.04.html

it worked fine on my localserver but not on the remote server even when accessing the my localserver remotely it works just fine

i am stuck .. im not sure what i am doing wrong .. hoping someone on here can help- my host says that my ubuntu install is mostly* stock with little to no mods - though ive noticed some file permissions where changed

https://imlost.me/server.txt https://imlost.me/client.txt
0
Experts,

I have a site-to-site VPN that has been working for years just fine. This morning it just broke. So far I have rebooted both end points to no avail. Here is the logs from both ends.

SITE A:
NSA 2600 - SonicOS Enhanced 6.1.2.0-11n
UTC 12/13/2017 17:10:06.640	Info	VPN IKE	IKEv2 Initiator: Remote party timeout - Retransmitting IKEv2 request.	xx.xxx.xxx.xxx, 500	xxx.xxx.xxx.xx, 500, static-XXX-XXX-XXX-XX.wireless.unwiredbb.net	VPN Policy: Fresno;
UTC 12/13/2017 17:14:09.640	Warning	VPN IKE	IKEv2 Peer is not responding. Negotiation aborted.	xx.xxx.xxx.xxx, 500	xxx.xxx.xxx.xx, 500, static-XXX-XXX-XXX-XX.wireless.unwiredbb.net	VPN Policy: Fresno; Falied 5 retries
; IKEv2 InitSPI: XXXXXXXXXXXXXXXXX;
IKEv2 RespSPI: 0x0000000000000000	 	 
2	UTC 12/13/2017 17:14:08.656	Info	VPN IKE	IKEv2 Initiator: Send IKE_SA_INIT request	xx.xxx.xxx.xxx, 500	xxx.xxx.xxx.xx, 500, static-XXX-XXX-XXX-XX.wireless.unwiredbb.net	VPN Policy: Fresno; 	 	 
3	UTC 12/13/2017 17:14:05.848	Info	VPN IKE	IKEv2 Responder: Send IKE_SA_INIT response	xx.xxx.xxx.xxx, 500	xxx.xxx.xxx.xx,205 500, static-XXX-XXX-XXX-XX.wireless.unwiredbb.net	VPN Policy: Fresno; 

Open in new window


SITE B:
TZ 300
SonicOS Enhanced 6.2.3.1-19n

09:18:41 Dec 13	938	VPN	Inform	IKEv2 Initiator: Send IKE_SA_INIT Request	XXX.XXX.XXX.XX, 500	XX.XXX.XXX.XXX, 500	udp	VPN Policy:
Riverside; 	[Show Details] [Click to disable this kind of events]
09:18:41 Dec 13	171	VPN	Debug	SENDING>>>> ISAKMP OAK IKE_SA_INIT 

Open in new window

0
Dears,
I would like to install a VPN server and a VPN Client on a windows server 2012 and a client windows 10.

Any suggestion which software to use ? I would prefer something open source (but safe).

I would appreciate if I can get a step by step installation.

Thanks
0
Dear experts, we are building a domain environment for 1 Head quarter and several branch offices. We are in HQ, have Firewall Sophos XG which can create both IPSec and SSL VPN connection. But which one is better in terms of security, deployment, maintenance for active directory environment? Could you please suggest?

Note: the main aims of VPN are joining domain in HQ and access Shared file server
0
Want to deploy a cert and username/password based VPN.  Would prefer not to deal with the hassle of a CA on the domain.  Is there a way I can trust individual 3rd party certs to initiate a VPN connection and require a username/password in addition?  With a shared secret we have the ability to require the shared secret as well as username/pwd.   I don't want to allow VPN access simply because the workstation has a legit cert.
0
Hi.

My home broadband is, as I understand it, fibre to the local junction box (less than a mile away) and then very old copper to my house. When I first signed up a couple of years ago, I was consistently getting around 40Mbs down and 10Mbps up.

During this period ( the "golden age") , the line would occasionally "fail" but, as I'll explain,  with minimal impact to me. I say "fail" because Ping and TraceRT worked, but more importantly, using a VPN (Witopia), I could happily "punch through" the problem and reliably get my full 40Mbps. The ISP engineer would eventually arrive out, test the line, agree that it could support 40Mbs, agree that there was no problem in my house, go away, do "someting" and my connection would go back to providing 40mbs without the VPN. Happy days, indeed,

Sadly, back in May. at 23:36 one night, my line went down and when it came back *three* minutes later, my max speed had gone from 40Mbps to 22Mps (with upload going from 10Mbps to 3.3Mbps). Aargh! Unfortunately, I had neither the time nor the energy to get into an extended row with my ISP and "settled" for 30Mbps down, 10Mbps up (which I verified independently).

And now my latest situation - as of a week or so ago, performance has collapsed. Some times my line supports 30Mbs/10Mbps, but for extended periods, I'm getting some data, but usually not enough to even load a web page. Unless, of course, I use my VPN. But not all of its setups work - I get a perfect connection using …
0
I need solution for one issue I am facing in my organization and I am hopefull to get some good solution for this issue. Below is the details of my query.

1- Currently we are running 4 sites and all 4 sites are connected with each other throw site to site VPN tunnal.
2- We kept all the data under SAN storage. This data backed up regularly through backup exec in Tape drive and these tapes tapes moved to other location after backup .

Requirement:
We want all the data available at our branch offices should be replicate on the SAN storage which is installed at our Head office. In coming days we will put one more server in our branch office and copy approx. 2 TB data on that server. In case any disaster happen in any of our site, we can easily recover data from backup.

Challenges:
1- All three branch offices has 10 MBPS Link and approx. 2 TB data. If we will replicate data over network, it will be big load on network and slow down the network performance. It will affect regular operation until its all the data replicate successfully into SAN. This situation will affect our Business.
2-  There are much more chances of data duplicate because they are moving the same and use same data as case reference.

Solution required:
1- How can we replicate all location data in SAN storage without affecting our day to day operation?
2 -How to avoid data duplication?
0
Hi,

I have setup a Server 2016 VPN box, all is working, can connect and ping everything until.................

When I specify a different DHCP Subnet\Range (10.50.166.0/24 - VPN Client Range) I am unable to ping anything internally, if I change the settings BACK to the same subnet that the VPN Server is in all works. (10.50.10.0/24 - Server Range).

I'm guesing I am missing a route in RRAS?
0
The Evil-ution of Network Security Threats
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Hi Guys please help me with error as attached , aslo at phase 1 the passphrase key is the same at both sides the wififortigate and the fortigate 100e , please help
0
We are running Direct Access for all windows 10 machines but would like to limit it's functionality to allow only password sync and changes and group policy,

how do we turn off access for network shares and internal resources for this?

thanks,
0
Hi All,

I have a Fortigate 90D firewall and I have set up an IPSEC VPN on it but when I browse to my servers the response time is terribly slow, each folder click takes about 1min.

I decided to try and configure the SSL VPN to see if this would resolve the issue but I cannot for the life of me get it working.

I can get access to the Web portal, RDP etc direct within the browser window etc but once I download the forticlient and add the details I get to 10% and the VPN fails with the following error:

Unable to establish the VPN connection. The VPN server may be unreachable.

This is officially doing my head in, can anyone help?
0
I have a Cisco RV042G that I configured Group VPN through with the following settings per my screenshot and under Advanced, also have Keep-Alive, NetBIOS Broadcast, and NAT Traversal all checked.
Cisco RV042G Screenshot
In ShrewSoft's VPN client, I have everything matching and I've triple-verified as well as followed multiple online links. For some reason when I connect, I get the tunnel enabled but can't do anything on the Remote LAN. All I get is failed security associations and I have no idea why.

Anybody have any recommendations?
0
Hello All,

I found "IPsec (ESP) packet dropped" events in attempts section in Sonicwall GMS.
Can anyone help me to resolve this issue.

Thanks
Yogiraj Pattani
0
I have a situation where a specific user is connecting to our organization network through a VPN address successfully, but then if she touches the touchscreen of her laptop, if she opens Internet Explorer 11 and is logged onto our RDS Web site, the mouse cursor disappears behind the IE window when the cursor is passed over that window. What is going on?  Weird.
0
I have an application running on a Remote Desktop Server, that is used by lots of different clients on different sites.  To make things a little more secure, we are going to set it so users login to a VPN first and then the Remote Desktop.  I was thinking of writing a small C# application to control this and provide clients with an installer, that they run on each machine.  The settings will be entered into the application - and off they go (hopefully).

I'm only just getting to grips with c# and want to know if c#/.net will allow me to do this - with a pretty basic knowledge.

  • Enter / store settings for VPN and RDP login
  • Login to VPN
  • If successful, login to RDP
  • Disconnect from VPN when RDP is disconnected.
0
I am going to be changing Vendors and my public IP's will change soon.  I need to update this on all windows client VPN's ~100.   Is there a way to PUSH just the IP change?  When I tried to do this with GPO under Computer config/Preferences/Control Panel/Network Options it wiped out all of the other VPN configuration settings.  The original VPN are all named the same, but were manually created.  Possibly a registry key that can be edited?
0
I'm fairly new to VPN services so I don't really know what's happening and why.

I am trying to connect 3 remote sites to HQ by using site-to-site VPN and have managed to get 2 working.
The 3th one won't come online and I cant really figure out why, I have used the exact same config on all 3 routers (Vigor2925) for Outbound connections (except for local subnet ofcourse) and the same inboud settings for HQ router (also Vigor2925).

When I check the syslog on the remote site, it gives the following error:
[IPSEC][L2L][1:Wessem-Out][@WAN IP] IKE link timeout: state linking

On HQ I keep getting this one:
Responding to Main Mode from <WAN IP REMOTE SITE>
Accept Phase1 prorosals : ENCR OAKLEY_DES_CBC, HASH OAKLEY_MD5

Can someone maybe explain what im doing wrong??
0
What Security Threats Are We Predicting for 2018?
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

i want to use the vpn server at our office, please suggest best free von server.
0
I need to setup a SSTP VPN on a server 2012R2, which is also running an exchange server 2013. Will this be a problem?
0
Hello to all.

I have a simple question. When using the command "Show crypto isakmp sa" how do the following get decided?

"Child sa: local selector  90.0.0.0/0 - 90.63.255.255/65535" -example

I am wanting to change the subnet mask coming across. I am not very sure on how to accomplish this.

Thank you.
0
Hi Guys

I need to find a way to allow the 10.0.0.0/24 network to be reached from 10.10.1.0/24 – 10.10.3.0/24 networks. Given little documentation, I need the help to allow for communication between the networks, trying to achieve the below (sorry, I know it is sketchy)
 
10.10.1.0/24 >>> PING >>>> 10.0.0.0/24
10.10.3.0/24 >>> PING >>>> 10.0.0.0/24
 
10.0.0.0/24 >>> PING >>>> 10.10.1.0/24
10.0.0.0/24 >>> PING >>>> 10.10.3.0/24

The below is .conf file I pulled from our OpenSwan 2.2.6, this .conf file is for our 10.10.1.10/24 network (the 10.10.3.0/24 network is similar)
 
conn ifly-pen
        auto=start
        type=tunnel
        left=%defaultroute
        leftsubnets={172.17.0.0/16 10.0.0.0/24}
        leftid=54.153.249.30
        right=115.70.193.138
        rightid=115.70.193.138
        rightsubnets={10.10.1.0/24}
        authby=secret
        ike=aes128-sha1;modp1024
        esp=aes128-sha1
        pfs=no
        forceencaps=yes
        force_keepalive=yes
        keep_alive=10
        ikelifetime=8h
        keylife=8h
 
You can see, the leftsubnets allows for communication to the 10.0.0.0/24 network from the 10.10.1.0/24 network. However, in the 10.10.1.0/24 network, when I ping the 10.0.0.1 IP address I get no response, see Ping.png and Tracert.png
 
Our OpenSwan IP is 172.17.0.6 and it is a VM in AWS, you can see the above is routing through the 10.10.1.1 (on the 10.10.1.0 network, router), through to the 172.17.0.6 but then goes …
0
Hello Experts,

I have a few DCs (Server 2008 and 2016) in my environment. Three of them are on the 192.168.0.0/24 network and one is located at a remote site (192.168.1.0/24) which is accessible over a site to site VPN. I can join any Windows client to the domain when the client is on 192.168.0.0/24 subnet. If I am at the remote site I can join any Win client to the domain that is part of the 192.168.1.0/24 subnet.

The problem I have is when I attempt to join a Win client that is not part of the DCs' subnets. I believe this is true for both locations. Please see the attached file to review the error message I get when I attempt to join a Win client to the domain. My client is on the 10.0.0.0/24 network. There is no ACLs on the def. GW  (Cisco ASR) between 192.168.0.0/24 and 10.0.0.0/24. Also, I am not filtering any traffic on VPN.

So far I was able to confirm the DCs are reachable from 10.0.0.0/24 (ping and RDP). As far as I can tell the SRV records look good, however I do not see the _msdcs folder in the Forward Lookup Zone. Also, I noticed that the domain name is GPS instead of GPS.local or GPS.net for example.

GPS-AD-2.GPS was decommissioned some time ago and AD-1 is to follow shortly. All DC are multi-homed but the I only have one NIC active at the moment for troubleshooting purposes.

Any help is greatly appreciated.

Thank You in advance.
Error.txt
0
Hello, I started to configure a PFSense, version 2.4.1. I want to know if it is possible to configure an IPsec multi-WAN failover

Has anyone had any experience configuring this? I already configured the DUAL WAN Failover on the PFSense

I would like that the VPN tunnel can be able to stay up if the WAN fails over.

Thanks in advance
0

VPN

23K

Solutions

23K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.