Start ipsec Service

How to start the IPsec Service?
The “VPN”-Tab on the Dashboard shows “vpn_disabled” and the “Services”-Tab shows “ipsec (Internet Protocol Security - VPN)” as stopped. So I assume it is not running. But where can I start it?
My intention would be to find it somewhere in the “VPN”-Page, but I can’t. Or that the services starts automatically after a VPN tunnel was configured.
Where can I activate the ipsec-VPN Service (except using the Console…)?

Yes, just create a tunnel and the IPSec will be marked as running :slight_smile:

No, it’s not :slight_smile:

This is the status of my firewall in production:

[root@nethsecurity ~]# service ipsec status
IPsec running  - pluto pid: 10055
pluto pid 10055
1 tunnels up
some eroutes exist
[root@nethsecurity ~]# config show ipsec
ipsec=service
    AuthenticationId=
    CertificateName=
    KeyPskSecret=
    KeyRsaName=
    KeyType=rsa
    L2tpNetmask=255.255.255.0
    L2tpNetwork=192.168.78.0
    ServerStatus=disabled
    status=enabled

Can you post your config?

[root@gw ~]# service ipsec status
IPsec stopped
but...
has subsystem lock (/var/lock/subsys/ipsec)!
[root@gw ~]# config show ipsec
ipsec=service
    AuthenticationId=
    CertificateName=
    KeyPskSecret=xxx!
    KeyRsaName=
    KeyType=rsa
    L2tpNetmask=255.255.255.0
    L2tpNetwork=10.100.0.0
    ServerStatus=enabled
    status=enabled

I got it!
The tab you’re referring is the one used to display openvpn tunnels…know, the VPN web interface need a full refactor! :frowning:

Regarding IPsec, the status of the service should be cleaned:

rm -rf /var/lock/subsys/ipsec

And if it should be up:

service ipsec start

I did this, but the ipsec-service was already started regarding the Console. The Dashboard tells it was not.
I stopped it and started it again. After that both are telling me they are started.

Now I will try to configure my AVM FritzBox to connect to the Nethserver using IPsec.
Just for interest: Are you knowing the brand AVM and/or FritzBox in the other countries? In Germany every second internetaccess is established using that model but I don’t know how it is in other contries.

I don’t know sorry. Maybe @davide_marini or @filippo_carletti have some clue.

The FritzBox is well know in Italy, highly regarded, but probably not as extensively uses as in Germany.
I think I’ve seen an IPsec VPN between NS and a fritzbox.

In RFC we trust :wink:

1 Like

I’m currently try to configure my FritzBox to connect to Nethserver via ipsec.
The FritzBox interface looks like this (I added a translation for the fields):

What do you think I have to enter in this fields?
Nethserver address and the remotenetwork-settings are clear.

I tried:
VPN Username: “Name” field of ipsec-Tunnel in Nethserver
VPN-Password: PSK defined in Nethserver

and
VPN Username: “Name” field of ipsec-Tunnel in Nethserver
VPN-Password: PSK defined in Nethserver
XAUTH enabled
XAUTH Username: Accountname defined in Nethserver
XAUTH Password: The password for that account

and
VPN Username: “Name” of a User in Nethserver
VPN-Password: PSK defined in Nethserver

none of them worked.
The Fritzbox failes with the Error “VPN-Fehler: , IKE-Error 0x2027”

PS:
This is my Nethserver config:

Just google it. And as far as i see, config file it is better to upload into Fritz Box rather then webui configuration.
http://wiki.securepoint.de/index.php/IPSec_-_Fritzbox

hey @Hunv ! could be please tell me were u able accomplish it? I am also trying to configure nethserver with fritzbox. i tried alot of solutions but my nethserver tunnel remains red. and fritzbox is getting same error IKE-Error 0x2027.
I would really appreciate your help.