Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
0 votes
0 answers
11 views

Windows 10 builtin IKEv2 VPN does not have option for preshared key

I configured Routing and Remote Access on Windows Server 2019, then built-in VPN Type IKEv2 + PSK: Filled the PSK in "Allow custom IPsec policy for L2TP/IKEv2 connection" (rrasmgmt.msc) ...
Stef's user avatar
  • 612
0 votes
0 answers
142 views

Change IPSec IKEV2 VPN Default Ports 500 & 4500 To Anothers

For some reason OpenVPN is working on my local machine very well, But IPSec IKEV2 VPN not & it only works when OpenVPN is connect. I have a domain for IPSec IKEV2 VPN & in local machine vpn is ...
helius.dev's user avatar
0 votes
0 answers
416 views

AWS StrongSwan IPSec Tunnel with Cisco fails during Phase 2 with TS_UNACCEPTABLE

I need to to setup a site-to-site IPSec tunnel with a vendor whom We need to access each other's API servers seating on the LANs using their respective Public IPs. We're using AWS, And I have ...
kmos.w's user avatar
  • 101
0 votes
0 answers
597 views

Windows 11 IKEv2 fails to connect, error code 1931 eventID 20227

I have Mikrotik configured for accepting IPSec connections with server certificate and RADIUS auth, SHA1 and so on enabled on Mikrotik side for Windows compatibility. It also configured for L2TP/IPSec,...
SelfishCrawler's user avatar
1 vote
1 answer
897 views

My Win 11 Pro VPN client for IKEv2 is perpetually broken

I am tearing my hair out over this sudden refusal of Windows 11 Pro on my PC to use the appropriately configured crypto in IKEv2 negotiation. It worked fine for a long time, until it didn't. This ...
TheOrionArm's user avatar
0 votes
0 answers
321 views

ike-scan 0 returned handshake 0 returned notify

I need to establish vpn connection to a specific site, I used strongswan and configure my side according to the provided parameters from another side, but when I try to connect I get 'peer not ...
Mohammed Hafiz's user avatar
1 vote
1 answer
1k views

Site-to-Site VPN and Remote Access VPN with Strongswan

I've recently deployed a Strongswan IKEv2 Remote Access VPN in two different sited with two different ubuntu servers. It all works great, but now i want to "merge" the two sites with a site-...
P1r4nh4's user avatar
  • 11
0 votes
1 answer
945 views

pfSense as IPSec remote access client

I have a pfSense router in a residential environment and need to use IPSec/IKEv2 as a remote access client to a commercial VPN provider. I know the pfSense web UI doesn't support the router being the ...
joe_shmo's user avatar
2 votes
1 answer
7k views

Strongswan Error: no config named 'foo'

On Ubuntu 20.04, I am trying to establish a VPN tunnel to a IKEv2/Ipsec VPN site using Strongswan. However, even though I have the file /etc/ipsec.conf as shown # ipsec.conf - strongSwan IPsec ...
Nyxynyx's user avatar
  • 1,499
0 votes
1 answer
400 views

Does ikev1 or ikev2 support a no-authentication option? If so, how can I enable that in strongswan?

For testing purposes, I want to setup an ipsec tunnel using IKEv1 or v2 (preferably v2) that does not require any authentication - so just using the protocol to agree on the secret-keys of the ipsec ...
xeyipes's user avatar
  • 25
0 votes
0 answers
3k views

StrongSwan config issue: no matching peer config found

I am trying to establish a VPN between my router (running OpenWrt) and my smartphone using IPsec. I followed the guide at https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/roadwarrior ...
ahorn42's user avatar
2 votes
1 answer
2k views

Mikrotik IKEv2/ipsec + Windows 10 = no split include routes

I am deploying a solution using IKEv2+ipsec with certificates to connect roadwarriors to corporate network. Mikrotik CHR is used as entry point. All was swift until I started deploying the solution on ...
Eugene's user avatar
  • 297
0 votes
1 answer
263 views

What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?

Everything works fine over Wi-Fi. I tried disabling IPv6 using a provisioning profile. I tried on two different devices (iPhone 6 and current iPhone SE) using the same VPN provisioning profile (each ...
sunknudsen's user avatar
1 vote
1 answer
6k views

migrating ipsec.conf to swanctl.conf, cant seem to get it to work

this is my ipsec.conf that works as it should: conn pelle left=%defaultroute leftsourceip=%config leftauth=eap-mschapv2 eap_identity=min user right=vpn.mydomain.com rightsubnet=0.0.0.0/0 ...
per källström's user avatar
0 votes
0 answers
445 views

freeradius and configure eap or pap with rest

free radius and configure eap or pap with rest i want use strongswan with free radius and rest module, i see sql and eap work together, how can configure eap with rest ? the important part is ...
user3652881's user avatar
1 vote
2 answers
2k views

Checking existence of IPSEC as a meta expression in nftables

Whilst recently setting up a router manually from scratch using Debian, I decided to use nftables along with strongSwan to provide an IKEv2 VPN access into this. After much frustration along with ...
jren207's user avatar
  • 11
0 votes
0 answers
2k views

IKEv2 Need a small help on Strongswan

I'm trying to create an IKEv2 Strongswan VPN server (U5.7.2/K5.3.0-42-generic) since two days on my personnal VPS (Ubuntu 19.10) to make some tests before implement it on the Unifi equipment of my ...
mathpro's user avatar
1 vote
0 answers
376 views

Strongswan username and password authentication

Guys I need to set up strongswan to use username and password for connecting instead of certificate! Anyone knows how this is done?
Mr Pro's user avatar
  • 33
0 votes
0 answers
738 views

StrongSwan IKEv2 connected but no internet on some internets

I set up the StrongSwan and IKEv2 as remote access on CentOS 7, And it is working great but on some internets (not all, most ADSL modems or 4G modems) it connects but there is no internet access on ...
Farhad Sakhaei's user avatar
2 votes
1 answer
915 views

How to block an IP for IPSec VPN connections?

This is my current IpTables setup: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,...
Houman's user avatar
  • 1,675
1 vote
1 answer
3k views

Is strongSwan eap-mschapv2 authentication secure vs using certs?

What level of encryption is used during the authentication part of the connection? Here’s a sample /etc/ipsec.conf configuration. config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=no ...
sunknudsen's user avatar
1 vote
0 answers
5k views

Porting a Cisco AnyConnect profile from Windows to Mac OSX

I have a client using a VisualStudio solution to manage their website. In order to make edits, they had to set up a Windows 7 laptop for me, which I have to use to connect to their VPN before being ...
user13286's user avatar
  • 111
0 votes
0 answers
1k views

Stuup StrongSwan with user Cert

i will setting up strongswan and have some trouble with configure it. I can log in with user/pass but i will replace it with user.p12 certificate. When i add rightauth2=pubkey is login with user/pass ...
Hannes Peter's user avatar
1 vote
1 answer
943 views

IPSEC IKEv2 not hiding HTTPS

I'm using Linux strongSwan U5.3.5/K4.4.0-116-generic on Ubuntu 16.04 with IOS 11 IKEv2 client. The connection could be successfully established on my client(IOS 11) and if I go to ip check webpage, ...
chrisky's user avatar
  • 23
1 vote
1 answer
2k views

OCSP verification fails in Strongswan (IKEv2)

I've managed to set up an IPsec connection between two (virtual) hosts in transport mode and now I want the server to validate the client's certificate with OCSP. In a third host, I've run an OCSP ...
Ander Juaristi's user avatar
8 votes
1 answer
1k views

How to limit bandwidth per VPN connection?

I have a StrongSwan (IKEv2) server setup and would like to limit each VPN connection to 512kb/s. After researching I came across tc in Ubuntu. I don't quite understand it and am fighting through the ...
Houman's user avatar
  • 1,675
0 votes
2 answers
5k views

Strongswan IKEv2 for iOS devices

I want to connect a Strongswan IKEv2 VPN on iOS devices. It uses FreeRADIUS server for AAA of users. It's already working perfectly on Android and Windows devices. but when I try to connect using ...
Varun Taliyan's user avatar
0 votes
1 answer
1k views

Use MySQL for storing secrets in Strongswan VPN

I have a working Strongswan IKEv2 VPN, i uses eap-mschapv2 as right auth. It's working fine as long as I use the ipsec.secrets file to store the user credentials. # ipsec.secrets file : RSA vpn-...
Varun Taliyan's user avatar
2 votes
0 answers
2k views

MacOS native IKEv2 VPN client instead of AnyConnect?

Similar to this question from half a decade ago.. Can the native MacOS IKEv2 VPN client be used in lieu of Cisco AnyConnect client? example anyconnect profile: <AnyConnectProfile> <...
goofology's user avatar
  • 402
1 vote
1 answer
3k views

StrongSwan ikev2 routing through VPN in Windows 10

I'm trying to create an ikev2 VPN using StrongSwan on an ubuntu server. Now, in Windows 10 clients, use default gateway on remote network option is off by default; so when I connect to the server, ...
Mahdi Ghiasi's user avatar
1 vote
2 answers
2k views

IKEV2 VPN doesn't hides real IP from Windows client

I have just set up VPN server using IKEv2 at home. Everything works fine, but the problem that when I am connected to the VPN from Windows 10 client I have external IP of the network where I connected ...
frvzuaex's user avatar
1 vote
0 answers
614 views

Strongswan site to site tunnel

I configured strongswan on ServerA and ServerB and tunnel them successfully by this tutorial: http://linoxide.com/how-tos/ipsec-vpn-gateway-gateway-using-strongswan/ but i want to run this senario: ...
user3699217's user avatar
1 vote
0 answers
4k views

How to fix failing connection to VPN(ipsec+ikev2)?

Auth made with certificates ubuntu 16.04 + strongswan. Client connecting from win7, certificate was added like said in strongswan Wiki. Config made also like in strongswan wiki, but i got error: '...
littleguga's user avatar
6 votes
2 answers
3k views

Setting up IPSEC on LAN between two hosts (OpenBSD)

Trying to use IPSEC between two hosts on a LAN. No VPN involved Using OpenBSD 5.8 (in VirtualBox). I'd prefer to use OpenBSD's built-in support for IPSEC and key exchange and not a third-party. Two ...
Neil McGuigan's user avatar
2 votes
0 answers
1k views

CentOS + strongswan + iOS VPN API, hal

I'm trying to setup StrongSwan on CentOS for iOS with VPN API. This API uses IKEv2 protocol. Here is my logs + configuration files. When i press connect in iOS device it's getting off in a few moments....
Al.Arak's user avatar
  • 21
2 votes
2 answers
1k views

Accounting IPSec connections with RSA authentication

Apple iOS has "VPN On Demand" function. With this function the VPN connection is made whenever the device tries to connect to certain domains or to the internet at all. iOS supports "VPN On Demand" ...
John Green's user avatar