Archive for the ‘ipsec’ Category

fprobe with ipsec running

Tuesday, August 30th, 2011

We’re using fprobe to collect and send NetFlow data to our NetFlow collector in HQ. The collector is configured with the private IP ( and NetFlow traffic is supposed to be sent via IPSEC tunnel.

Here is the issue: once the remote site is restarted no flows are received anymore. IPSEC tunnel is up and we can access the remote server without any issues. fprobe daemon is up and running as well and we can ping the IP of NetFlow collector. Everything looks normal with no flows received though.

netstat -an | grep 5067
udp        0      0        ESTABLISHED

There is one thing worth mentioning: once the remote server is up and I restart fprobe daemon we start getting flows alright until the next system restart. So that leaded me to the question of services boot order in Ubuntu. fprobe is obviously started prior to ipsec — what if this is the cause? It came out that it was indeed related to the boot order and moving fprobe to be started as the last service fixed the whole thing! Here is how you change the service boot order in Ubuntu:

update-rc.d -f fprobe remove
update-rc.d fprobe defaults 99

this will modify all runlevels of fprobe to be executed (started/stopped) with the lowest priority (99).

I think changing fprobe to be started after ipsec would probably be enough, however to be on a safe side, I fire fprobe as the last service.

Injecting multiple networks into VPN tunnel

Wednesday, January 5th, 2011

We have a number of IPSec tunnels running on Linux Ubuntu with Openswan installed. Here is the typical configuration for a site: