ClearFoundation

You only want one conn:
ipsec.d/ tun01:

Is your left subnet really 192.168.0.0/255.255.0.0 (not 255.255.255.0) and is your right subnet really public?

Because this breaks the webconfig you may have to start ipsec from the command line with a "service ipsec start". When you do this have a look at the output in /var/log/secure for error messages.

Webconfig ClearOS 5.2 crashed


here i go again...

at this point i changed to Clearos 6.2,

im running WebProxy (300 pcs, only phrase list porn, proxys, wares, no antivirus, Very lax level Dynamic Scan), Filter Content, Port Forwarding to 1 webserver,

now my question is?
if i configure openswan at same hw, is posible?
i have installed openswan via yum, but i affraid to broke webconfig.

In 5.2 manual configuration of Openswan breaks the IPSec VPN bit of the webconfig so you may as well remove it ("rpm -e app-ipsec"). In 6.2 there is not even a webconfig to break. You have to manually configure Openswan/IPSec.

What do you mean by "Webconfig ClearOS 5.2 crashed"?

i mean,

I could enter the module webconfig, but choose an option took 10 minutes, then just stopped working.
try restarting, synchronize ldap completely without solution.

I have now installed clearos 6.2, will try to configure openswan there.

ClearOS 6.2, FireWall ESP/AH + UDP 500 OPEN, Openswan IPsec U2.6.32/K2.6.32-220.13.1.v6.i686...
Fresh install

how i have to configure this....


ClearOS
200.6.x.y (public IP) remote gateway (peer)
192.168.x.y (LAN)
192.168.x.z (application to connect vpn) Remote End Point

ASA5540
190.242.x.y (public IP)
Local EndPoint / Host
125.1.1.x
125.1.214.x
125.1.213.x
125.1.210.x

Phase 1:
Autentication mode: Pre Shared Key (key "preshared1")
Negotiation: Main mode
Diffie-Hellman Group: G2 (1024-bit)
Renegotiation IKE (Internet key Exchange): 28800 secs
IKe retransmision

Phase 2
Integrity Algorithm: SHA/HMAC-160
Encryption algorythm: AES256
Renegotiation IKE (Internet key Exchange): 28800 secs
IKe retransmision

-------
Kernel net.ipv4.ip_forward = 1 modified and applied
------

# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0

#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
#include /etc/ipsec.d/*.conf

--------------------------

how i have to configure this....
thanks
....................

Use the ipsec.d/tun01.conf configuration from a few posts up
In config setup, remove the virtual_private and nat_traversal lines.

The next issue you have is you have multiple subnets behind the ASA. If the ASA is compliant change "rightsubnet=125.1.1.0/255.255.255.0" to rightsubnets={ 125.1.1.0/24 125.1.214..0/24 125.1.213.0/24 125.1.210.0/24 }. If the ASA does not work like this, set up four conns, one for each subnet and move all the repeating stuff into config default in /etc/ipsec.conf.

Post back with the an errors in /var/log/secure, your /etc/ipsec.conf and /etc/ipsec.d/*.conf files.

[edit]
I can't check now but I am not sure in set up I gave you earlier if 125.1.1.0/255.255.255.0 is valid. It may have to be 125.1.1.0/24 which is definitely OK.
[/edit]

Tim, here attached the secure log file, thanks for your help, seems like somebody was trying to get root access,
and other stuffs, then please when have some time read the file and comment, thanks

File not attached. Note that the forum only accepts certain file extensions such as txt. You may need to rename your file or just paste a small excerpt from it.

The Ipsec wasnt tested but in secure log, the folow appear:

a small part :

a lot of:
Jun 17 03:38:00 vpn snort[15757]: [1:1384:8] GPL MISC UPnP malformed advertisement [Classification: Misc Attack] [Priori
Jun 17 03:38:00 vpn snort[15757]: [1:1384:8] GPL MISC UPnP malformed advertisement [Classification: Misc Attack] [Priori
Jun 17 03:38:00 vpn snort[15757]: [1:1384:8] GPL MISC UPnP malformed advertisement [Classification: Misc Attack] [Priori
Jun 17 03:38:00 vpn snort[15757]: [1:1384:8] GPL MISC UPnP malformed advertisement [Classification: Misc Attack

a lot of

Jun 17 03:44:20 vpn sshd[16064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost
Jun 17 03:44:22 vpn sshd[16064]: Failed password for root from 203.231.233.29 port 54987 ssh2
Jun 17 03:44:22 vpn sshd[16065]: Received disconnect from 203.231.233.29: 11: Bye Bye
Jun 17 03:44:25 vpn sshd[16070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost
Jun 17 03:44:27 vpn sshd[16070]: Failed password for root from 203.231.233.29 port 55327 ssh2
Jun 17 03:44:27 vpn sshd[16071]: Received disconnect from 203.231.233.29: 11: Bye Bye
Jun 17 03:44:29 vpn sshd[16072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost
Jun 17 03:44:30 vpn sshd[16072]: Failed password for root from 203.231.233.29 port 55624 ssh2
Jun 17 03:44:31 vpn sshd[16073]: Received disconnect from 203.231.233.29: 11: Bye Bye
Jun 17 03:44:33 vpn sshd[16074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost
Jun 17 03:44:34 vpn sshd[16074]: Failed password for root from 203.231.233.29 port 55894 ssh2
Jun 17 03:44:35 vpn sshd[16075]: Received disconnect from 203.231.233.29: 11: Bye Bye
Jun 17 03:44:37 vpn sshd[16076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost
Jun 17 03:44:39 vpn sshd[16076]: Failed password for root from 203.231.233.29 port 56172 ssh2
Jun 17 03:44:39 vpn sshd[16077]: Received disconnect from 203.231.233.29: 11: Bye Bye
Jun 17 03:44:41 vpn sshd[16079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid
ost
Jun 17 06:41:03 vpn sshd[20684]: pam_succeed_if(sshd:auth): error retrieving information about user test
Jun 17 06:41:04 vpn sshd[20684]: Failed password for invalid user test from 112.216.108.22 port 43227 ssh2
Jun 17 06:41:05 vpn sshd[20685]: Received disconnect from 112.216.108.22: 11: Bye Bye
Jun 17 06:41:07 vpn sshd[20686]: Invalid user test from 112.216.108.22
Jun 17 06:41:07 vpn sshd[20687]: input_userauth_request: invalid user test
Jun 17 06:41:07 vpn sshd[20686]: pam_unix(sshd:auth): check pass; user unknown
Jun 17 06:41:07 vpn sshd[20686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost
Jun 17 06:41:07 vpn sshd[20686]: pam_succeed_if(sshd:auth): error retrieving information about user test
Jun 17 06:41:09 vpn sshd[20686]: Failed password for invalid user test from 112.216.108.22 port 44271 ssh2
Jun 17 06:41:09 vpn sshd[20687]: Received disconnect from 112.216.108.22: 11: Bye Bye
Jun 17 06:41:11 vpn sshd[20688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost
Jun 17 06:41:13 vpn sshd[20688]: Failed password for root from 112.216.108.22 port 45568 ssh2
Jun 17 06:41:13 vpn sshd[20689]: Received disconnect from 112.216.108.22: 11: Bye Bye
Jun 17 06:41:15 vpn sshd[20690]: Invalid user sid from 112.216.108.22
Jun 17 06:41:15 vpn sshd[20691]: input_userauth_request: invalid user sid
Jun 17 06:41:15 vpn sshd[20690]: pam_unix(sshd:auth): check pass; user unknown
Jun 17 06:41:15 vpn sshd[20690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost
Jun 17 06:41:15 vpn sshd[20690]: pam_succeed_if(sshd:auth): error retrieving information about user sid
Jun 17 06:41:17 vpn sshd[20690]: Failed password for invalid user sid from 112.216.108.22 port 46756 ssh2
Jun 17 06:41:17 vpn sshd[20691]: Received disconnect from 112.216.108.22: 11: Bye Bye
Jun 17 06:41:19 vpn sshd[20692]: Invalid user vincent from 112.216.108.22
Jun 17 06:41:19 vpn sshd[20693]: input_userauth_request: invalid user vincent
Jun 17 06:41:19 vpn sshd[20692]: pam_unix(sshd:auth): check pass; user unknown
Jun 17 06:41:19 vpn sshd[20692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost
Jun 17 06:41:19 vpn sshd[20692]: pam_succeed_if(sshd:auth): error retrieving information about user vincent
Jun 17 06:41:21 vpn sshd[20692]: Failed password for invalid user vincent from 112.216.108.22 port 47971 ssh2
Jun 17 06:41:21 vpn sshd[20693]: Received disconnect from 112.216.108.22: 11: Bye Bye
Jun 17 06:41:23 vpn sshd[20694]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost
Jun 17 06:41:25 vpn sshd[20694]: Failed password for root from 112.216.108.22 port 49150 ssh2
Jun 17 06:41:26 vpn sshd[20695]: Received disconnect from 112.216.108.22: 11: Bye Bye
Jun 17 06:41:28 vpn sshd[20699]: Invalid user stella from 112.216.108.22
Jun 17 06:41:28 vpn sshd[20700]: input_userauth_request: invalid user stella
Jun 17 06:41:28 vpn sshd[20699]: pam_unix(sshd:auth): check pass; user unknown
Jun 17 06:41:28 vpn sshd[20699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost
Jun 17 06:41:28 vpn sshd[20699]: pam_succeed_if(sshd:auth): error retrieving information about user stella
Jun 17 06:41:30 vpn sshd[20699]: Failed password for invalid user stella from 112.216.108.22 port 50362 ssh2
Jun 17 06:41:30 vpn sshd[20700]: Received disconnect from 112.216.108.22: 11: Bye Bye
Jun 17 06:41:32 vpn sshd[20702]: Invalid user ernie from 112.216.108.22
Jun 17 06:41:32 vpn sshd[20703]: input_userauth_request: invalid user ernie
Jun 17 06:41:32 vpn sshd[20702]: pam_unix(sshd:auth): check pass; user unknown
Jun 17 06:41:32 vpn sshd[20702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost

looks like a lot of attemps to hack server, what i can do to prevent ?

i don see any ipsec vpn attempts, at secure log i was searching by ASA IP but nothing.

thanks..

another thing beyond, block incoming connections at network incoming section ?