We want to use IPSec to protect the Nagios client traffic (NS++) between the VM running Nagios XI & all of our Windows systems.
We've got IPSec working from WIndows host to Windows host, but everything I can find about IPSec with Linux is for site to site or remote access VPNs.
Can anyone point us in the right direction for this?
*Edit - fixed spelling error.
Nagios - IPSec with local Windows systems
Nagios - IPSec with local Windows systems
Last edited by ssouthern on Fri Nov 16, 2012 10:55 am, edited 1 time in total.
Re: Nagois - IPSec with local Windows systems
I found this link - see if this is going to point you to the right direction. Thanks!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Nagois - IPSec with local Windows systems
Unfortunately, that link is for Centos 5 - the Nagios XI VMs currently available run Centos 6.
Centos 6 does not appear to have an ipsec-tools package, however it does have OpenSwan... but all the documentation for that is about using Centos for site-to-site or remote access VPNs, not for protecting LAN traffic.
What I need is either details on installing ipsec-tools on Centos 6 (and having it work - I've found instructions that don't work) or on making OpenSwan work.
Our Windows IPSec policy is to negotiate security for UDP/161 & Nagios client traffic. If it can't be negotiated, it falls back to unencrypted for now. I need this same policy (using a PSK for now - we'll worry about certs after we get it working with PSK) on the Centos/Nagios VM.
If I can get this working, I'll post the details here.
Centos 6 does not appear to have an ipsec-tools package, however it does have OpenSwan... but all the documentation for that is about using Centos for site-to-site or remote access VPNs, not for protecting LAN traffic.
What I need is either details on installing ipsec-tools on Centos 6 (and having it work - I've found instructions that don't work) or on making OpenSwan work.
Our Windows IPSec policy is to negotiate security for UDP/161 & Nagios client traffic. If it can't be negotiated, it falls back to unencrypted for now. I need this same policy (using a PSK for now - we'll worry about certs after we get it working with PSK) on the Centos/Nagios VM.
If I can get this working, I'll post the details here.
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios - IPSec with local Windows systems
It does look like openswan is the standard for 6
https://access.redhat.com/knowledge/doc ... nswan.html
Code: Select all
yum install openswanRe: Nagios - IPSec with local Windows systems
I've looked through OpenSwan, and I get the impression it's for site-to-site or remote access IPSec VPNs... which is not what we're trying to accomplish. We want to protect internal LAN traffic with IPSec between the Nagios server running CentOS 6 and the Windows & Linux servers it's monitoring.
I'll take another look through OpenSwan (it would help if their wiki wasn't a bunch of 404s...)
I'll take another look through OpenSwan (it would help if their wiki wasn't a bunch of 404s...)
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Nagios - IPSec with local Windows systems
I don't believe we have anyone on staff that has set this up, it definitely would be good to inquire in any openswan forums..