All Questions
Tagged with ikev2 strongswan
58
questions
0
votes
0
answers
27
views
Swastrong IPSec with Password Authentication
I'm in the exact same situation as sashok_bg here : I'm trying to access my Freebox pro VPN through Swanstrong client vpn on Debian.
So far, with what has been said in his converstation with ecdsa, ...
0
votes
0
answers
121
views
IKEv2 with certificate + EAP between an IPsec client a VPN server on an OpenWRT router, and a FreeRADIUS - Auhtntication issue
I need your help and expertise to resolve a situation I'm facing. I'm currently testing an IPsec tunnel using IKEv2 with certificate + EAP between an IPsec client (TheGreenBow), a VPN server on an ...
0
votes
1
answer
317
views
Strongswan VPN Client (Android) can't connect to my test Kerio Control server
I have the following issue: I set up a Kerio Control 9.4.4 build 8365 and tried to connect to VPN server through Android 14+ device. I used Strongswan(Android) for this, but I got the following error ...
0
votes
0
answers
55
views
strongSwan: Accessing LAN of a Windows client (reversed remote access)
I am currently having an Ubuntu Server strongSwan setup (IKEv2, EAP-MSCHAPv2) that will allow any authorized remote Windows client to access server's LAN (192.168.7.0/24). It works perfectly, but I ...
0
votes
0
answers
33
views
Is iptables NAT forwarding possible bewteen two libvirt VMs?
I'm building a test VPN setup using two libvirt VMs with StrongSwan
IKEv2 but can't get traffic to forward. I can see the client sending
traffic to the server using tcpdump but the server doesn't do
...
0
votes
0
answers
63
views
Unable to acces on some websites when connected to VPN IKEv2 server from linux
I have a VPN server hosted on Windows 2019 and configured on IKEv2,
Everything works very well from all clients, however on Linux clients I have one last point to adjust, so for clarification I use ...
0
votes
0
answers
183
views
StrongSwan IPSec VPN - IKEv2 - LetsEncrypt Certificate Issue (building CRED_PRIVATE_KEY - RSA failed, tried 10 builders)
I followed the link below for setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7.
How to Setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7
But info on that link has been ...
0
votes
0
answers
690
views
IPSec Example for a Password Authentication
I am trying to configure an ipsec (strongswan) vpn client to connect to my ISP-provided router's VPN.
I only have a username and password, no certificates.
In the documentation the provided (https://...
0
votes
0
answers
416
views
AWS StrongSwan IPSec Tunnel with Cisco fails during Phase 2 with TS_UNACCEPTABLE
I need to to setup a site-to-site IPSec tunnel with a vendor whom We need to access each other's API servers seating on the LANs using their respective Public IPs. We're using AWS, And I have ...
0
votes
0
answers
1k
views
How to set up StrongSwan (behind NAT) IKEv2/IPSec with PSK (pre-shared key)?
I set up my strongswan server on a virtual Ubuntu 22 behind a NAT. It works well for RCA using login password.
But I need to work using only PSK key. I tried a bunch of options, I can not connect from ...
1
vote
0
answers
471
views
issue with connecting to IKEV2 VPN server from android devices
We are facing a problem with connecting android devices to our VPN server. iOS devices do not have any problems connecting.
Android devices trying to connect via StrongSwan official app from Google ...
0
votes
0
answers
321
views
ike-scan 0 returned handshake 0 returned notify
I need to establish vpn connection to a specific site, I used strongswan and configure my side according to the provided parameters from another side, but when I try to connect I get 'peer not ...
1
vote
1
answer
1k
views
Site-to-Site VPN and Remote Access VPN with Strongswan
I've recently deployed a Strongswan IKEv2 Remote Access VPN in two different sited with two different ubuntu servers. It all works great, but now i want to "merge" the two sites with a site-...
-1
votes
1
answer
850
views
Strongswan & Windows client: connection freezes in a few minutes
On an AWS VPS, I installed Strongswan to use it as a VPN. It works fine with iPhone client. However, when I try to connect from a Windows client, the SA connection gets established successfully and ...
0
votes
1
answer
1k
views
Failed to start the IKEv2 VPN connection to surfshark via NetworkManager
I try to connect to surfshark VPN provider through IKEv2 manually. Here are the logs
charon-nm[5070]: 05[CFG] received initiate for NetworkManager connection Surfshark IKE2
charon-nm[5070]: 05[CFG] ...
0
votes
1
answer
1k
views
EAP-MS-CHAPv2 verification failed Arch Linux (strongswan)
I cannot get Strongswan, networkmanager-strongswan (client)
work on your Arch-PC. My vpn-strongswan server (hereinafter deb (server)) has been configured for a long time, any devices (such as android, ...
0
votes
0
answers
365
views
Vpn . Nps . Active directory . Strongswan ikev2
please help me
I configured a strongswan IKEV2 On Centos7 vps
and NPS and Active Directory for my authentication and accounting(radius) on windows server 2016 vps
when i want to connect to my ikev2 ...
3
votes
1
answer
4k
views
iPhone users does not connect to StrongSwan VPN, while Android and Windows 10 users do?
I have a StrongSwan VPN that for some reason unknown to me cannot connect iOS users to my VPN server.
A few quick notes:
My StrongSwan server is front for VPN clients who connects to my network. I ...
0
votes
1
answer
8k
views
StrongSwan clients fail to connect, Constraint checking failure
Client devices (Runs Windows 10 and Android with StrongSwan app) fail to connect. Certificates signed by one authority, CN is set as server public ip.
Here's ipsec.conf:
config setup
include /var/lib/...
2
votes
1
answer
7k
views
Strongswan Error: no config named 'foo'
On Ubuntu 20.04, I am trying to establish a VPN tunnel to a IKEv2/Ipsec VPN site using Strongswan.
However, even though I have the file /etc/ipsec.conf as shown
# ipsec.conf - strongSwan IPsec ...
0
votes
0
answers
931
views
Is it possible to have 2 left ids in strongswan?
I need my strongswan server to operate on 2 domain names .
ipsec.conf currently contains : [email protected]
How can I add another domain ? Is this syntax gonna work?
[email protected],@sub2....
0
votes
1
answer
400
views
Does ikev1 or ikev2 support a no-authentication option? If so, how can I enable that in strongswan?
For testing purposes, I want to setup an ipsec tunnel using IKEv1 or v2 (preferably v2) that does not require any authentication - so just using the protocol to agree on the secret-keys of the ipsec ...
0
votes
1
answer
6k
views
IKev2 strongswan got deleting half open IKE_SA with x.x.x.x after timeout with iOS device
I installed an IKEv2 strongswan vpn server on ubuntu 18.04 and also I use a valid Let's encrypte CA for that. I want to use it on an application for iOS.
So here is the IPSec.conf :
config setup
...
0
votes
1
answer
1k
views
How to set remoteId and server certificate check Strongswan IKEv2 ubuntu 18.04
I am a new member in IKEv2, and I want to install an IKEv2 vpn on an ubuntu 18.04 server, I did it through this tutorial , but I have a couple of questions.
First how can I configure its remote id, ...
0
votes
0
answers
3k
views
StrongSwan config issue: no matching peer config found
I am trying to establish a VPN between my router (running OpenWrt) and my smartphone using IPsec.
I followed the guide at https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/roadwarrior
...
0
votes
1
answer
263
views
What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?
Everything works fine over Wi-Fi.
I tried disabling IPv6 using a provisioning profile.
I tried on two different devices (iPhone 6 and current iPhone SE) using the same VPN provisioning profile (each ...
1
vote
1
answer
6k
views
migrating ipsec.conf to swanctl.conf, cant seem to get it to work
this is my ipsec.conf that works as it should:
conn pelle
left=%defaultroute
leftsourceip=%config
leftauth=eap-mschapv2
eap_identity=min user
right=vpn.mydomain.com
rightsubnet=0.0.0.0/0
...
2
votes
2
answers
2k
views
Specifying machine certificate issuer with Windows VPN
I am trying to create a Windows Always On VPN connection between an AD and AAD joined Windows 10 client and a StrongSwan VPN server. The Windows client has multiple "Client Authentication" ...
0
votes
0
answers
445
views
freeradius and configure eap or pap with rest
free radius and configure eap or pap with rest
i want use strongswan with free radius and rest module,
i see sql and eap work together,
how can configure eap with rest ?
the important part is ...
1
vote
2
answers
2k
views
Checking existence of IPSEC as a meta expression in nftables
Whilst recently setting up a router manually from scratch using Debian, I decided to use nftables along with strongSwan to provide an IKEv2 VPN access into this.
After much frustration along with ...
0
votes
0
answers
2k
views
IKEv2 Need a small help on Strongswan
I'm trying to create an IKEv2 Strongswan VPN server (U5.7.2/K5.3.0-42-generic) since two days on my personnal VPS (Ubuntu 19.10) to make some tests before implement it on the Unifi equipment of my ...
0
votes
0
answers
684
views
Strongswan Centos 7 Config Issue
I have a problem with configuring Strongswan on Centos 7 ! First please notice that I want to connect with only username and password and I don't want to import any profiles on my phone ! My server ip ...
1
vote
0
answers
376
views
Strongswan username and password authentication
Guys I need to set up strongswan to use username and password for connecting instead of certificate! Anyone knows how this is done?
0
votes
1
answer
223
views
strongswan ikev2 connect to the same server
I have a strongswan ikev2 vpn installed on my server.
With my win10 laptop I can connect to the vpn and and connect to everything via vpn.
But how can I connect to my server? I have a service on a ...
0
votes
0
answers
523
views
IKEv2/IPsec. Strongswan server static external ip-address. 2 pcs of Mikrotiks as clients. Routing (or what?) Mikrotiks LAN-subnets
Strongswan 5.7 on Debian 10. Static "white" ip address.
2 Mikrotiks with grey ip addresses from ISPs' and NAT:
/ip address print
2 D 10.141.170.32/16 10.141.0.0 ether1
Mikrotik "A" LAN ...
4
votes
1
answer
18k
views
strongswan ikev2 with debian. EAP authentication failed. loading EAP_MSCHAPV2 method failed
I can't get Strongswan to run on my Debian machine. I've already done a tutorial to get it to run on a Ubuntu machine but it seems impossible to me to get it to run on my Debian machine. I actually ...
0
votes
0
answers
738
views
StrongSwan IKEv2 connected but no internet on some internets
I set up the StrongSwan and IKEv2 as remote access on CentOS 7, And it is working great but on some internets (not all, most ADSL modems or 4G modems) it connects but there is no internet access on ...
9
votes
2
answers
34k
views
Strongswan IKEv2 vpn on Windows 10 client "policy match error"
I have the newest version of Strongswan vpn on my ubuntu server running.
I followed this tutorial here and got it to work on my android and Iphone.
Now I want to get it to work on my windows 10 ...
1
vote
1
answer
3k
views
Is strongSwan eap-mschapv2 authentication secure vs using certs?
What level of encryption is used during the authentication part of the connection?
Here’s a sample /etc/ipsec.conf configuration.
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no
...
4
votes
0
answers
3k
views
Strongswan stops working after a while
I'm trying hard to resolve one question with my strongswan IKEv2 VPN.
I use Linux strongSwan U5.6.1/K3.10.0-862.el7.x86_64 installed on CentOS 7 and few clients: Windows Server 2012 R2, Windows 10, ...
2
votes
0
answers
475
views
Bandwidth control with TC for clients yet to be connected
I have applied bandwidth control using TC and iptables using this tutorial on my Strongswan VPN server.
The bandwidth control works fine ONLY if that specific client is already connected.
For example:...
1
vote
1
answer
2k
views
Strongswan IKEv2 auth - pubkey and EAP
I'am trying to setup strongswan with pubkey and EAP authentication. To login users need to have certificate and valid credentials.
My certificate is ok. I tested pubkey auth and it was ok, also EAP ...
0
votes
0
answers
1k
views
Stuup StrongSwan with user Cert
i will setting up strongswan and have some trouble with configure it. I can log in with user/pass but i will replace it with user.p12 certificate. When i add rightauth2=pubkey is login with user/pass ...
0
votes
1
answer
3k
views
Strongswan: Connecting PSK & EAP at a time
I have successfully setup strongswan on a virtual Server. I basically have two kinds of configurations
Using EAP (username/password for Android Strongswan Client).
PSK (for IOS devices using ...
1
vote
1
answer
2k
views
OCSP verification fails in Strongswan (IKEv2)
I've managed to set up an IPsec connection between two (virtual) hosts in transport mode and now I want the server to validate the client's certificate with OCSP. In a third host, I've run an OCSP ...
8
votes
1
answer
1k
views
How to limit bandwidth per VPN connection?
I have a StrongSwan (IKEv2) server setup and would like to limit each VPN connection to 512kb/s.
After researching I came across tc in Ubuntu. I don't quite understand it and am fighting through the ...
0
votes
2
answers
5k
views
Strongswan IKEv2 for iOS devices
I want to connect a Strongswan IKEv2 VPN on iOS devices. It uses FreeRADIUS server for AAA of users.
It's already working perfectly on Android and Windows devices. but when I try to connect using ...
0
votes
1
answer
1k
views
Use MySQL for storing secrets in Strongswan VPN
I have a working Strongswan IKEv2 VPN, i uses eap-mschapv2 as right auth.
It's working fine as long as I use the ipsec.secrets file to store the user credentials.
# ipsec.secrets file
: RSA vpn-...
2
votes
2
answers
2k
views
how to use wildcard certificate with ikev2 on strongswan
I am using a wildcard certificate.
I have managed to setup ikev2 protocol, applied my own certificate but it won't work for subdomains.
Is there any workaround for this or the wildcard should be ...
1
vote
1
answer
3k
views
StrongSwan ikev2 routing through VPN in Windows 10
I'm trying to create an ikev2 VPN using StrongSwan on an ubuntu server.
Now, in Windows 10 clients, use default gateway on remote network option is off by default; so when I connect to the server, ...