All Questions
36
questions
0
votes
0
answers
11
views
Windows 10 builtin IKEv2 VPN does not have option for preshared key
I configured Routing and Remote Access on Windows Server 2019, then built-in VPN Type IKEv2 + PSK:
Filled the PSK in "Allow custom IPsec policy for L2TP/IKEv2 connection" (rrasmgmt.msc)
...
- 612
0
votes
0
answers
142
views
Change IPSec IKEV2 VPN Default Ports 500 & 4500 To Anothers
For some reason OpenVPN is working on my local machine very well, But IPSec IKEV2 VPN not & it only works when OpenVPN is connect.
I have a domain for IPSec IKEV2 VPN & in local machine vpn is ...
- 15
0
votes
0
answers
416
views
AWS StrongSwan IPSec Tunnel with Cisco fails during Phase 2 with TS_UNACCEPTABLE
I need to to setup a site-to-site IPSec tunnel with a vendor whom We need to access each other's API servers seating on the LANs using their respective Public IPs. We're using AWS, And I have ...
- 101
0
votes
0
answers
597
views
Windows 11 IKEv2 fails to connect, error code 1931 eventID 20227
I have Mikrotik configured for accepting IPSec connections with server certificate and RADIUS auth, SHA1 and so on enabled on Mikrotik side for Windows compatibility.
It also configured for L2TP/IPSec,...
- 167
1
vote
1
answer
897
views
My Win 11 Pro VPN client for IKEv2 is perpetually broken
I am tearing my hair out over this sudden refusal of Windows 11 Pro on my PC to use the appropriately configured crypto in IKEv2 negotiation. It worked fine for a long time, until it didn't. This ...
- 11
0
votes
0
answers
321
views
ike-scan 0 returned handshake 0 returned notify
I need to establish vpn connection to a specific site, I used strongswan and configure my side according to the provided parameters from another side, but when I try to connect I get 'peer not ...
1
vote
1
answer
1k
views
Site-to-Site VPN and Remote Access VPN with Strongswan
I've recently deployed a Strongswan IKEv2 Remote Access VPN in two different sited with two different ubuntu servers. It all works great, but now i want to "merge" the two sites with a site-...
- 11
0
votes
1
answer
945
views
pfSense as IPSec remote access client
I have a pfSense router in a residential environment and need to use IPSec/IKEv2 as a remote access client to a commercial VPN provider. I know the pfSense web UI doesn't support the router being the ...
- 1
2
votes
1
answer
7k
views
Strongswan Error: no config named 'foo'
On Ubuntu 20.04, I am trying to establish a VPN tunnel to a IKEv2/Ipsec VPN site using Strongswan.
However, even though I have the file /etc/ipsec.conf as shown
# ipsec.conf - strongSwan IPsec ...
- 1,499
0
votes
1
answer
400
views
Does ikev1 or ikev2 support a no-authentication option? If so, how can I enable that in strongswan?
For testing purposes, I want to setup an ipsec tunnel using IKEv1 or v2 (preferably v2) that does not require any authentication - so just using the protocol to agree on the secret-keys of the ipsec ...
- 25
0
votes
0
answers
3k
views
StrongSwan config issue: no matching peer config found
I am trying to establish a VPN between my router (running OpenWrt) and my smartphone using IPsec.
I followed the guide at https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/roadwarrior
...
- 1
2
votes
1
answer
2k
views
Mikrotik IKEv2/ipsec + Windows 10 = no split include routes
I am deploying a solution using IKEv2+ipsec with certificates to connect roadwarriors to corporate network. Mikrotik CHR is used as entry point.
All was swift until I started deploying the solution on ...
- 297
0
votes
1
answer
263
views
What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?
Everything works fine over Wi-Fi.
I tried disabling IPv6 using a provisioning profile.
I tried on two different devices (iPhone 6 and current iPhone SE) using the same VPN provisioning profile (each ...
- 741
1
vote
1
answer
6k
views
migrating ipsec.conf to swanctl.conf, cant seem to get it to work
this is my ipsec.conf that works as it should:
conn pelle
left=%defaultroute
leftsourceip=%config
leftauth=eap-mschapv2
eap_identity=min user
right=vpn.mydomain.com
rightsubnet=0.0.0.0/0
...
0
votes
0
answers
445
views
freeradius and configure eap or pap with rest
free radius and configure eap or pap with rest
i want use strongswan with free radius and rest module,
i see sql and eap work together,
how can configure eap with rest ?
the important part is ...
1
vote
2
answers
2k
views
Checking existence of IPSEC as a meta expression in nftables
Whilst recently setting up a router manually from scratch using Debian, I decided to use nftables along with strongSwan to provide an IKEv2 VPN access into this.
After much frustration along with ...
- 11
0
votes
0
answers
2k
views
IKEv2 Need a small help on Strongswan
I'm trying to create an IKEv2 Strongswan VPN server (U5.7.2/K5.3.0-42-generic) since two days on my personnal VPS (Ubuntu 19.10) to make some tests before implement it on the Unifi equipment of my ...
- 1
1
vote
0
answers
376
views
Strongswan username and password authentication
Guys I need to set up strongswan to use username and password for connecting instead of certificate! Anyone knows how this is done?
- 33
0
votes
0
answers
738
views
StrongSwan IKEv2 connected but no internet on some internets
I set up the StrongSwan and IKEv2 as remote access on CentOS 7, And it is working great but on some internets (not all, most ADSL modems or 4G modems) it connects but there is no internet access on ...
- 141
2
votes
1
answer
915
views
How to block an IP for IPSec VPN connections?
This is my current IpTables setup:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,...
- 1,675
1
vote
1
answer
3k
views
Is strongSwan eap-mschapv2 authentication secure vs using certs?
What level of encryption is used during the authentication part of the connection?
Here’s a sample /etc/ipsec.conf configuration.
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no
...
- 741
1
vote
0
answers
5k
views
Porting a Cisco AnyConnect profile from Windows to Mac OSX
I have a client using a VisualStudio solution to manage their website. In order to make edits, they had to set up a Windows 7 laptop for me, which I have to use to connect to their VPN before being ...
- 111
0
votes
0
answers
1k
views
Stuup StrongSwan with user Cert
i will setting up strongswan and have some trouble with configure it. I can log in with user/pass but i will replace it with user.p12 certificate. When i add rightauth2=pubkey is login with user/pass ...
1
vote
1
answer
943
views
IPSEC IKEv2 not hiding HTTPS
I'm using
Linux strongSwan U5.3.5/K4.4.0-116-generic on Ubuntu 16.04
with IOS 11 IKEv2 client.
The connection could be successfully established on my client(IOS 11) and if I go to ip check webpage, ...
- 23
1
vote
1
answer
2k
views
OCSP verification fails in Strongswan (IKEv2)
I've managed to set up an IPsec connection between two (virtual) hosts in transport mode and now I want the server to validate the client's certificate with OCSP. In a third host, I've run an OCSP ...
- 111
8
votes
1
answer
1k
views
How to limit bandwidth per VPN connection?
I have a StrongSwan (IKEv2) server setup and would like to limit each VPN connection to 512kb/s.
After researching I came across tc in Ubuntu. I don't quite understand it and am fighting through the ...
- 1,675
0
votes
2
answers
5k
views
Strongswan IKEv2 for iOS devices
I want to connect a Strongswan IKEv2 VPN on iOS devices. It uses FreeRADIUS server for AAA of users.
It's already working perfectly on Android and Windows devices. but when I try to connect using ...
0
votes
1
answer
1k
views
Use MySQL for storing secrets in Strongswan VPN
I have a working Strongswan IKEv2 VPN, i uses eap-mschapv2 as right auth.
It's working fine as long as I use the ipsec.secrets file to store the user credentials.
# ipsec.secrets file
: RSA vpn-...
2
votes
0
answers
2k
views
MacOS native IKEv2 VPN client instead of AnyConnect?
Similar to this question from half a decade ago..
Can the native MacOS IKEv2 VPN client be used in lieu of Cisco AnyConnect client?
example anyconnect profile:
<AnyConnectProfile>
<...
- 402
1
vote
1
answer
3k
views
StrongSwan ikev2 routing through VPN in Windows 10
I'm trying to create an ikev2 VPN using StrongSwan on an ubuntu server.
Now, in Windows 10 clients, use default gateway on remote network option is off by default; so when I connect to the server, ...
- 391
1
vote
2
answers
2k
views
IKEV2 VPN doesn't hides real IP from Windows client
I have just set up VPN server using IKEv2 at home. Everything works fine, but the problem that when I am connected to the VPN from Windows 10 client I have external IP of the network where I connected ...
- 55
1
vote
0
answers
614
views
Strongswan site to site tunnel
I configured strongswan on ServerA and ServerB and tunnel them successfully by this tutorial:
http://linoxide.com/how-tos/ipsec-vpn-gateway-gateway-using-strongswan/
but i want to run this senario:
...
- 31
1
vote
0
answers
4k
views
How to fix failing connection to VPN(ipsec+ikev2)?
Auth made with certificates
ubuntu 16.04 + strongswan.
Client connecting from win7, certificate was added like said in strongswan Wiki.
Config made also like in strongswan wiki, but i got error: '...
- 166
6
votes
2
answers
3k
views
Setting up IPSEC on LAN between two hosts (OpenBSD)
Trying to use IPSEC between two hosts on a LAN. No VPN involved
Using OpenBSD 5.8 (in VirtualBox). I'd prefer to use OpenBSD's built-in support for IPSEC and key exchange and not a third-party.
Two ...
- 213
2
votes
0
answers
1k
views
CentOS + strongswan + iOS VPN API, hal
I'm trying to setup StrongSwan on CentOS for iOS with VPN API. This API uses IKEv2 protocol. Here is my logs + configuration files. When i press connect in iOS device it's getting off in a few moments....
- 21
2
votes
2
answers
1k
views
Accounting IPSec connections with RSA authentication
Apple iOS has "VPN On Demand" function. With this function the VPN connection is made whenever the device tries to connect to certain domains or to the internet at all. iOS supports "VPN On Demand" ...
- 135