Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
0 votes
0 answers
27 views

Swastrong IPSec with Password Authentication

I'm in the exact same situation as sashok_bg here : I'm trying to access my Freebox pro VPN through Swanstrong client vpn on Debian. So far, with what has been said in his converstation with ecdsa, ...
Alex's user avatar
  • 11
0 votes
0 answers
121 views

IKEv2 with certificate + EAP between an IPsec client a VPN server on an OpenWRT router, and a FreeRADIUS - Auhtntication issue

I need your help and expertise to resolve a situation I'm facing. I'm currently testing an IPsec tunnel using IKEv2 with certificate + EAP between an IPsec client (TheGreenBow), a VPN server on an ...
Fenix ES's user avatar
0 votes
1 answer
317 views

Strongswan VPN Client (Android) can't connect to my test Kerio Control server

I have the following issue: I set up a Kerio Control 9.4.4 build 8365 and tried to connect to VPN server through Android 14+ device. I used Strongswan(Android) for this, but I got the following error ...
Creeprus's user avatar
0 votes
0 answers
55 views

strongSwan: Accessing LAN of a Windows client (reversed remote access)

I am currently having an Ubuntu Server strongSwan setup (IKEv2, EAP-MSCHAPv2) that will allow any authorized remote Windows client to access server's LAN (192.168.7.0/24). It works perfectly, but I ...
ivanthestupid's user avatar
0 votes
0 answers
33 views

Is iptables NAT forwarding possible bewteen two libvirt VMs?

I'm building a test VPN setup using two libvirt VMs with StrongSwan IKEv2 but can't get traffic to forward. I can see the client sending traffic to the server using tcpdump but the server doesn't do ...
dbazile's user avatar
0 votes
0 answers
63 views

Unable to acces on some websites when connected to VPN IKEv2 server from linux

I have a VPN server hosted on Windows 2019 and configured on IKEv2, Everything works very well from all clients, however on Linux clients I have one last point to adjust, so for clarification I use ...
Boby Lapointe's user avatar
0 votes
0 answers
183 views

StrongSwan IPSec VPN - IKEv2 - LetsEncrypt Certificate Issue (building CRED_PRIVATE_KEY - RSA failed, tried 10 builders)

I followed the link below for setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7. How to Setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7 But info on that link has been ...
helius.dev's user avatar
0 votes
0 answers
690 views

IPSec Example for a Password Authentication

I am trying to configure an ipsec (strongswan) vpn client to connect to my ISP-provided router's VPN. I only have a username and password, no certificates. In the documentation the provided (https://...
sashok_bg's user avatar
  • 101
0 votes
0 answers
416 views

AWS StrongSwan IPSec Tunnel with Cisco fails during Phase 2 with TS_UNACCEPTABLE

I need to to setup a site-to-site IPSec tunnel with a vendor whom We need to access each other's API servers seating on the LANs using their respective Public IPs. We're using AWS, And I have ...
kmos.w's user avatar
  • 101
0 votes
0 answers
1k views

How to set up StrongSwan (behind NAT) IKEv2/IPSec with PSK (pre-shared key)?

I set up my strongswan server on a virtual Ubuntu 22 behind a NAT. It works well for RCA using login password. But I need to work using only PSK key. I tried a bunch of options, I can not connect from ...
Дмитрий В.'s user avatar
1 vote
0 answers
471 views

issue with connecting to IKEV2 VPN server from android devices

We are facing a problem with connecting android devices to our VPN server. iOS devices do not have any problems connecting. Android devices trying to connect via StrongSwan official app from Google ...
Maksim Zakharenka's user avatar
0 votes
0 answers
321 views

ike-scan 0 returned handshake 0 returned notify

I need to establish vpn connection to a specific site, I used strongswan and configure my side according to the provided parameters from another side, but when I try to connect I get 'peer not ...
Mohammed Hafiz's user avatar
1 vote
1 answer
1k views

Site-to-Site VPN and Remote Access VPN with Strongswan

I've recently deployed a Strongswan IKEv2 Remote Access VPN in two different sited with two different ubuntu servers. It all works great, but now i want to "merge" the two sites with a site-...
P1r4nh4's user avatar
  • 11
-1 votes
1 answer
850 views

Strongswan & Windows client: connection freezes in a few minutes

On an AWS VPS, I installed Strongswan to use it as a VPN. It works fine with iPhone client. However, when I try to connect from a Windows client, the SA connection gets established successfully and ...
m. vokhm's user avatar
0 votes
1 answer
1k views

Failed to start the IKEv2 VPN connection to surfshark via NetworkManager

I try to connect to surfshark VPN provider through IKEv2 manually. Here are the logs charon-nm[5070]: 05[CFG] received initiate for NetworkManager connection Surfshark IKE2 charon-nm[5070]: 05[CFG] ...
Morse's user avatar
  • 103
0 votes
1 answer
1k views

EAP-MS-CHAPv2 verification failed Arch Linux (strongswan)

I cannot get Strongswan, networkmanager-strongswan (client) work on your Arch-PC. My vpn-strongswan server (hereinafter deb (server)) has been configured for a long time, any devices (such as android, ...
Alex Petrov's user avatar
0 votes
0 answers
365 views

Vpn . Nps . Active directory . Strongswan ikev2

please help me I configured a strongswan IKEV2 On Centos7 vps and NPS and Active Directory for my authentication and accounting(radius) on windows server 2016 vps when i want to connect to my ikev2 ...
Artursa's user avatar
3 votes
1 answer
4k views

iPhone users does not connect to StrongSwan VPN, while Android and Windows 10 users do?

I have a StrongSwan VPN that for some reason unknown to me cannot connect iOS users to my VPN server. A few quick notes: My StrongSwan server is front for VPN clients who connects to my network. I ...
Lasse Michael Mølgaard's user avatar
0 votes
1 answer
8k views

StrongSwan clients fail to connect, Constraint checking failure

Client devices (Runs Windows 10 and Android with StrongSwan app) fail to connect. Certificates signed by one authority, CN is set as server public ip. Here's ipsec.conf: config setup include /var/lib/...
user11686813's user avatar
2 votes
1 answer
7k views

Strongswan Error: no config named 'foo'

On Ubuntu 20.04, I am trying to establish a VPN tunnel to a IKEv2/Ipsec VPN site using Strongswan. However, even though I have the file /etc/ipsec.conf as shown # ipsec.conf - strongSwan IPsec ...
Nyxynyx's user avatar
  • 1,499
0 votes
0 answers
931 views

Is it possible to have 2 left ids in strongswan?

I need my strongswan server to operate on 2 domain names . ipsec.conf currently contains : [email protected] How can I add another domain ? Is this syntax gonna work? [email protected],@sub2....
master lfc6's user avatar
0 votes
1 answer
400 views

Does ikev1 or ikev2 support a no-authentication option? If so, how can I enable that in strongswan?

For testing purposes, I want to setup an ipsec tunnel using IKEv1 or v2 (preferably v2) that does not require any authentication - so just using the protocol to agree on the secret-keys of the ipsec ...
xeyipes's user avatar
  • 25
0 votes
1 answer
6k views

IKev2 strongswan got deleting half open IKE_SA with x.x.x.x after timeout with iOS device

I installed an IKEv2 strongswan vpn server on ubuntu 18.04 and also I use a valid Let's encrypte CA for that. I want to use it on an application for iOS. So here is the IPSec.conf : config setup ...
mohsen's user avatar
  • 113
0 votes
1 answer
1k views

How to set remoteId and server certificate check Strongswan IKEv2 ubuntu 18.04

I am a new member in IKEv2, and I want to install an IKEv2 vpn on an ubuntu 18.04 server, I did it through this tutorial , but I have a couple of questions. First how can I configure its remote id, ...
mohsen's user avatar
  • 113
0 votes
0 answers
3k views

StrongSwan config issue: no matching peer config found

I am trying to establish a VPN between my router (running OpenWrt) and my smartphone using IPsec. I followed the guide at https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/roadwarrior ...
ahorn42's user avatar
0 votes
1 answer
263 views

What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?

Everything works fine over Wi-Fi. I tried disabling IPv6 using a provisioning profile. I tried on two different devices (iPhone 6 and current iPhone SE) using the same VPN provisioning profile (each ...
sunknudsen's user avatar
1 vote
1 answer
6k views

migrating ipsec.conf to swanctl.conf, cant seem to get it to work

this is my ipsec.conf that works as it should: conn pelle left=%defaultroute leftsourceip=%config leftauth=eap-mschapv2 eap_identity=min user right=vpn.mydomain.com rightsubnet=0.0.0.0/0 ...
per källström's user avatar
2 votes
2 answers
2k views

Specifying machine certificate issuer with Windows VPN

I am trying to create a Windows Always On VPN connection between an AD and AAD joined Windows 10 client and a StrongSwan VPN server. The Windows client has multiple "Client Authentication" ...
Cameron's user avatar
  • 287
0 votes
0 answers
445 views

freeradius and configure eap or pap with rest

free radius and configure eap or pap with rest i want use strongswan with free radius and rest module, i see sql and eap work together, how can configure eap with rest ? the important part is ...
user3652881's user avatar
1 vote
2 answers
2k views

Checking existence of IPSEC as a meta expression in nftables

Whilst recently setting up a router manually from scratch using Debian, I decided to use nftables along with strongSwan to provide an IKEv2 VPN access into this. After much frustration along with ...
jren207's user avatar
  • 11
0 votes
0 answers
2k views

IKEv2 Need a small help on Strongswan

I'm trying to create an IKEv2 Strongswan VPN server (U5.7.2/K5.3.0-42-generic) since two days on my personnal VPS (Ubuntu 19.10) to make some tests before implement it on the Unifi equipment of my ...
mathpro's user avatar
0 votes
0 answers
684 views

Strongswan Centos 7 Config Issue

I have a problem with configuring Strongswan on Centos 7 ! First please notice that I want to connect with only username and password and I don't want to import any profiles on my phone ! My server ip ...
master lfc6's user avatar
1 vote
0 answers
376 views

Strongswan username and password authentication

Guys I need to set up strongswan to use username and password for connecting instead of certificate! Anyone knows how this is done?
Mr Pro's user avatar
  • 33
0 votes
1 answer
223 views

strongswan ikev2 connect to the same server

I have a strongswan ikev2 vpn installed on my server. With my win10 laptop I can connect to the vpn and and connect to everything via vpn. But how can I connect to my server? I have a service on a ...
BestimmungGefördert's user avatar
0 votes
0 answers
523 views

IKEv2/IPsec. Strongswan server static external ip-address. 2 pcs of Mikrotiks as clients. Routing (or what?) Mikrotiks LAN-subnets

Strongswan 5.7 on Debian 10. Static "white" ip address. 2 Mikrotiks with grey ip addresses from ISPs' and NAT: /ip address print 2 D 10.141.170.32/16 10.141.0.0 ether1 Mikrotik "A" LAN ...
Vlad's user avatar
  • 13
4 votes
1 answer
18k views

strongswan ikev2 with debian. EAP authentication failed. loading EAP_MSCHAPV2 method failed

I can't get Strongswan to run on my Debian machine. I've already done a tutorial to get it to run on a Ubuntu machine but it seems impossible to me to get it to run on my Debian machine. I actually ...
BestimmungGefördert's user avatar
0 votes
0 answers
738 views

StrongSwan IKEv2 connected but no internet on some internets

I set up the StrongSwan and IKEv2 as remote access on CentOS 7, And it is working great but on some internets (not all, most ADSL modems or 4G modems) it connects but there is no internet access on ...
Farhad Sakhaei's user avatar
9 votes
2 answers
34k views

Strongswan IKEv2 vpn on Windows 10 client "policy match error"

I have the newest version of Strongswan vpn on my ubuntu server running. I followed this tutorial here and got it to work on my android and Iphone. Now I want to get it to work on my windows 10 ...
sirzento's user avatar
  • 193
1 vote
1 answer
3k views

Is strongSwan eap-mschapv2 authentication secure vs using certs?

What level of encryption is used during the authentication part of the connection? Here’s a sample /etc/ipsec.conf configuration. config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=no ...
sunknudsen's user avatar
4 votes
0 answers
3k views

Strongswan stops working after a while

I'm trying hard to resolve one question with my strongswan IKEv2 VPN. I use Linux strongSwan U5.6.1/K3.10.0-862.el7.x86_64 installed on CentOS 7 and few clients: Windows Server 2012 R2, Windows 10, ...
Виталий Захаров's user avatar
2 votes
0 answers
475 views

Bandwidth control with TC for clients yet to be connected

I have applied bandwidth control using TC and iptables using this tutorial on my Strongswan VPN server. The bandwidth control works fine ONLY if that specific client is already connected. For example:...
Ajji's user avatar
  • 131
1 vote
1 answer
2k views

Strongswan IKEv2 auth - pubkey and EAP

I'am trying to setup strongswan with pubkey and EAP authentication. To login users need to have certificate and valid credentials. My certificate is ok. I tested pubkey auth and it was ok, also EAP ...
user9443103's user avatar
0 votes
0 answers
1k views

Stuup StrongSwan with user Cert

i will setting up strongswan and have some trouble with configure it. I can log in with user/pass but i will replace it with user.p12 certificate. When i add rightauth2=pubkey is login with user/pass ...
Hannes Peter's user avatar
0 votes
1 answer
3k views

Strongswan: Connecting PSK & EAP at a time

I have successfully setup strongswan on a virtual Server. I basically have two kinds of configurations Using EAP (username/password for Android Strongswan Client). PSK (for IOS devices using ...
Ajji's user avatar
  • 131
1 vote
1 answer
2k views

OCSP verification fails in Strongswan (IKEv2)

I've managed to set up an IPsec connection between two (virtual) hosts in transport mode and now I want the server to validate the client's certificate with OCSP. In a third host, I've run an OCSP ...
Ander Juaristi's user avatar
8 votes
1 answer
1k views

How to limit bandwidth per VPN connection?

I have a StrongSwan (IKEv2) server setup and would like to limit each VPN connection to 512kb/s. After researching I came across tc in Ubuntu. I don't quite understand it and am fighting through the ...
Houman's user avatar
  • 1,675
0 votes
2 answers
5k views

Strongswan IKEv2 for iOS devices

I want to connect a Strongswan IKEv2 VPN on iOS devices. It uses FreeRADIUS server for AAA of users. It's already working perfectly on Android and Windows devices. but when I try to connect using ...
Varun Taliyan's user avatar
0 votes
1 answer
1k views

Use MySQL for storing secrets in Strongswan VPN

I have a working Strongswan IKEv2 VPN, i uses eap-mschapv2 as right auth. It's working fine as long as I use the ipsec.secrets file to store the user credentials. # ipsec.secrets file : RSA vpn-...
Varun Taliyan's user avatar
2 votes
2 answers
2k views

how to use wildcard certificate with ikev2 on strongswan

I am using a wildcard certificate. I have managed to setup ikev2 protocol, applied my own certificate but it won't work for subdomains. Is there any workaround for this or the wildcard should be ...
Vitalik Jimbei's user avatar
1 vote
1 answer
3k views

StrongSwan ikev2 routing through VPN in Windows 10

I'm trying to create an ikev2 VPN using StrongSwan on an ubuntu server. Now, in Windows 10 clients, use default gateway on remote network option is off by default; so when I connect to the server, ...
Mahdi Ghiasi's user avatar