All Questions
67
questions
0
votes
0
answers
11
views
Windows 10 builtin IKEv2 VPN does not have option for preshared key
I configured Routing and Remote Access on Windows Server 2019, then built-in VPN Type IKEv2 + PSK:
Filled the PSK in "Allow custom IPsec policy for L2TP/IKEv2 connection" (rrasmgmt.msc)
...
0
votes
0
answers
27
views
Swastrong IPSec with Password Authentication
I'm in the exact same situation as sashok_bg here : I'm trying to access my Freebox pro VPN through Swanstrong client vpn on Debian.
So far, with what has been said in his converstation with ecdsa, ...
0
votes
1
answer
317
views
Strongswan VPN Client (Android) can't connect to my test Kerio Control server
I have the following issue: I set up a Kerio Control 9.4.4 build 8365 and tried to connect to VPN server through Android 14+ device. I used Strongswan(Android) for this, but I got the following error ...
0
votes
0
answers
33
views
Is iptables NAT forwarding possible bewteen two libvirt VMs?
I'm building a test VPN setup using two libvirt VMs with StrongSwan
IKEv2 but can't get traffic to forward. I can see the client sending
traffic to the server using tcpdump but the server doesn't do
...
0
votes
0
answers
63
views
Unable to acces on some websites when connected to VPN IKEv2 server from linux
I have a VPN server hosted on Windows 2019 and configured on IKEv2,
Everything works very well from all clients, however on Linux clients I have one last point to adjust, so for clarification I use ...
0
votes
0
answers
690
views
IPSec Example for a Password Authentication
I am trying to configure an ipsec (strongswan) vpn client to connect to my ISP-provided router's VPN.
I only have a username and password, no certificates.
In the documentation the provided (https://...
0
votes
0
answers
508
views
Cannot access network resources after connecting to Always On VPN
Background: recently moved offices to a new network that did not have any domain controllers. The network here has a basic WiFi router that has both DNS and DHCP. We moved our DC here that has our ...
0
votes
0
answers
470
views
RRAS IKEv2 MacOS 13.4.1 unable to connect since upgrade to Ventura
I encountered a problem when trying to connect to a VPN server configured in IKEv2 from MacOS (Ventura 13.4.1) on a fresh install.
The VPN server is a RRAS hosted in a Windows server 2019, its ...
0
votes
0
answers
832
views
Windows native client not connecting to IKEv2 EAP VPN
We are investigating the possibility of replacing pfSense/opnSense with Mikrotik for our office routers. Our current routers provide site-to-site tunnels between locations, as well as RADIUS-backed ...
0
votes
0
answers
597
views
Windows 11 IKEv2 fails to connect, error code 1931 eventID 20227
I have Mikrotik configured for accepting IPSec connections with server certificate and RADIUS auth, SHA1 and so on enabled on Mikrotik side for Windows compatibility.
It also configured for L2TP/IPSec,...
1
vote
1
answer
897
views
My Win 11 Pro VPN client for IKEv2 is perpetually broken
I am tearing my hair out over this sudden refusal of Windows 11 Pro on my PC to use the appropriately configured crypto in IKEv2 negotiation. It worked fine for a long time, until it didn't. This ...
1
vote
0
answers
471
views
issue with connecting to IKEV2 VPN server from android devices
We are facing a problem with connecting android devices to our VPN server. iOS devices do not have any problems connecting.
Android devices trying to connect via StrongSwan official app from Google ...
0
votes
0
answers
321
views
ike-scan 0 returned handshake 0 returned notify
I need to establish vpn connection to a specific site, I used strongswan and configure my side according to the provided parameters from another side, but when I try to connect I get 'peer not ...
1
vote
1
answer
1k
views
Site-to-Site VPN and Remote Access VPN with Strongswan
I've recently deployed a Strongswan IKEv2 Remote Access VPN in two different sited with two different ubuntu servers. It all works great, but now i want to "merge" the two sites with a site-...
-1
votes
1
answer
850
views
Strongswan & Windows client: connection freezes in a few minutes
On an AWS VPS, I installed Strongswan to use it as a VPN. It works fine with iPhone client. However, when I try to connect from a Windows client, the SA connection gets established successfully and ...
0
votes
1
answer
1k
views
Failed to start the IKEv2 VPN connection to surfshark via NetworkManager
I try to connect to surfshark VPN provider through IKEv2 manually. Here are the logs
charon-nm[5070]: 05[CFG] received initiate for NetworkManager connection Surfshark IKE2
charon-nm[5070]: 05[CFG] ...
0
votes
1
answer
1k
views
EAP-MS-CHAPv2 verification failed Arch Linux (strongswan)
I cannot get Strongswan, networkmanager-strongswan (client)
work on your Arch-PC. My vpn-strongswan server (hereinafter deb (server)) has been configured for a long time, any devices (such as android, ...
-1
votes
1
answer
2k
views
Cannot connect a Fortigate VPN behind a static NAT to a GCP VPN gateway
Here's the need:
Connect a Fortigate device behind a static 1:1 NAT to the Internet to a Google Cloud Platform (GCP) VPN gateway.
Simplified ASCII Diagram:
LOCAL_LAN ---- Fortigate ----- Fiber modem --...
0
votes
0
answers
365
views
Vpn . Nps . Active directory . Strongswan ikev2
please help me
I configured a strongswan IKEV2 On Centos7 vps
and NPS and Active Directory for my authentication and accounting(radius) on windows server 2016 vps
when i want to connect to my ikev2 ...
0
votes
0
answers
2k
views
Cannot connect MacOS to StrongSwan VPN server installed on ubuntu
I have an issue connecting to IKEv2 VPN running on an Ubuntu VM on GCP. I am trying to connect with MacOS and Windows. I followed this tutorial to install the VPN on an Ubuntu VM. I need a VPN so that ...
-1
votes
1
answer
150
views
How to run Windows Ikev2 with NonetworkFirewall?
I have a small problem.I setup Firewall App Blocker in whtielist Mode(means basically It cut all Internet except allowed apps by setting "block all connection that not match firewall rule" ...
1
vote
0
answers
153
views
How to disable all default cryptographic algorithms but the explicitly defined ones in OpenIKED?
I am having issues with setting up highly secure but still high performance IKEv2 tunnels between multiple data centers on OpenBSD nodes, by using very strict security features and allowing the use of ...
0
votes
1
answer
8k
views
StrongSwan clients fail to connect, Constraint checking failure
Client devices (Runs Windows 10 and Android with StrongSwan app) fail to connect. Certificates signed by one authority, CN is set as server public ip.
Here's ipsec.conf:
config setup
include /var/lib/...
2
votes
1
answer
7k
views
Strongswan Error: no config named 'foo'
On Ubuntu 20.04, I am trying to establish a VPN tunnel to a IKEv2/Ipsec VPN site using Strongswan.
However, even though I have the file /etc/ipsec.conf as shown
# ipsec.conf - strongSwan IPsec ...
0
votes
0
answers
931
views
Is it possible to have 2 left ids in strongswan?
I need my strongswan server to operate on 2 domain names .
ipsec.conf currently contains : [email protected]
How can I add another domain ? Is this syntax gonna work?
[email protected],@sub2....
0
votes
1
answer
793
views
IKEv2 VPN on server 2019 suddenly stops working
We have a number of customers using Server 2019 as a VPN server with the IKEv2 protocol through the Routing and Remote Access (RRAS) service. Suddenly, every single one of them gets the following ...
0
votes
1
answer
6k
views
IKev2 strongswan got deleting half open IKE_SA with x.x.x.x after timeout with iOS device
I installed an IKEv2 strongswan vpn server on ubuntu 18.04 and also I use a valid Let's encrypte CA for that. I want to use it on an application for iOS.
So here is the IPSec.conf :
config setup
...
0
votes
0
answers
3k
views
StrongSwan config issue: no matching peer config found
I am trying to establish a VPN between my router (running OpenWrt) and my smartphone using IPsec.
I followed the guide at https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/roadwarrior
...
0
votes
1
answer
263
views
What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?
Everything works fine over Wi-Fi.
I tried disabling IPv6 using a provisioning profile.
I tried on two different devices (iPhone 6 and current iPhone SE) using the same VPN provisioning profile (each ...
0
votes
2
answers
5k
views
Windows 10 IKEv2 IPSec VPN client & DH Group15 (modp3072) or higher
Is there any way to configure the Windows 10 VPN client to use DH Group 15 / Group15 (modp3072) or higher for key exchange?
I am somewhat distressed that the CNSA specifies use of DH Group 15 (...
1
vote
2
answers
2k
views
Checking existence of IPSEC as a meta expression in nftables
Whilst recently setting up a router manually from scratch using Debian, I decided to use nftables along with strongSwan to provide an IKEv2 VPN access into this.
After much frustration along with ...
0
votes
0
answers
633
views
RRAS IKEv2 VPN no response
We have an IPSEC/L2TP PSK VPN on Windows Server 2012 using RRAS. This usually works fine, but now with so many staff working from home due to COVID-19, I am getting complaints of the VPN dropping out ...
1
vote
2
answers
3k
views
Determining root cause of Windows VPN Connection Error 13801
I'm trying to get machine authentication working with Microsoft "always on vpn".. I'm running into error 13801 on attempting to connect with a client. This error implies there is some sort of ...
0
votes
0
answers
2k
views
IKEv2 Need a small help on Strongswan
I'm trying to create an IKEv2 Strongswan VPN server (U5.7.2/K5.3.0-42-generic) since two days on my personnal VPS (Ubuntu 19.10) to make some tests before implement it on the Unifi equipment of my ...
0
votes
1
answer
430
views
IKev2 VPN Event ID 20209 - Server Authentication
I have made only one certificate for VPN access with ikev2. Within 2 days i got event id 20209, even though I didn't tried to connect. The certificate is still with me and no one else has access to it....
1
vote
0
answers
376
views
Strongswan username and password authentication
Guys I need to set up strongswan to use username and password for connecting instead of certificate! Anyone knows how this is done?
0
votes
0
answers
91
views
Rekeying denies protocols/NAT issue or config?
I'm using strongswan to connect to a MAC server using IKEv2/IPsec configuration. The server uses the proposed algorithms to establish the SA and everything works great. Upon rekeying however, the ...
0
votes
1
answer
223
views
strongswan ikev2 connect to the same server
I have a strongswan ikev2 vpn installed on my server.
With my win10 laptop I can connect to the vpn and and connect to everything via vpn.
But how can I connect to my server? I have a service on a ...
1
vote
1
answer
1k
views
Test ike2 vpn connection on console possible?
Whatever I google for I find tutorials how to setup an IKEv2 VPN server either UI client configuration for different OS.
Is it possible to test the connection with a client in a Linux console ...
4
votes
1
answer
18k
views
strongswan ikev2 with debian. EAP authentication failed. loading EAP_MSCHAPV2 method failed
I can't get Strongswan to run on my Debian machine. I've already done a tutorial to get it to run on a Ubuntu machine but it seems impossible to me to get it to run on my Debian machine. I actually ...
0
votes
0
answers
738
views
StrongSwan IKEv2 connected but no internet on some internets
I set up the StrongSwan and IKEv2 as remote access on CentOS 7, And it is working great but on some internets (not all, most ADSL modems or 4G modems) it connects but there is no internet access on ...
0
votes
1
answer
614
views
IKEv2 certificate error but SSTP successfully connects Windows 10 pro / Windows Server 2019
I'm using Windows server 2019 (installed roles: AD DC, CA, DHCP, DNS, IIS, VPN).
my client is Windows 10 pro.
before installing the Online responder role and having a CRL server, IkEv2 was working, ...
9
votes
2
answers
34k
views
Strongswan IKEv2 vpn on Windows 10 client "policy match error"
I have the newest version of Strongswan vpn on my ubuntu server running.
I followed this tutorial here and got it to work on my android and Iphone.
Now I want to get it to work on my windows 10 ...
4
votes
0
answers
3k
views
Strongswan stops working after a while
I'm trying hard to resolve one question with my strongswan IKEv2 VPN.
I use Linux strongSwan U5.6.1/K3.10.0-862.el7.x86_64 installed on CentOS 7 and few clients: Windows Server 2012 R2, Windows 10, ...
1
vote
0
answers
5k
views
Porting a Cisco AnyConnect profile from Windows to Mac OSX
I have a client using a VisualStudio solution to manage their website. In order to make edits, they had to set up a Windows 7 laptop for me, which I have to use to connect to their VPN before being ...
1
vote
1
answer
2k
views
Strongswan IKEv2 auth - pubkey and EAP
I'am trying to setup strongswan with pubkey and EAP authentication. To login users need to have certificate and valid credentials.
My certificate is ok. I tested pubkey auth and it was ok, also EAP ...
0
votes
0
answers
1k
views
Stuup StrongSwan with user Cert
i will setting up strongswan and have some trouble with configure it. I can log in with user/pass but i will replace it with user.p12 certificate. When i add rightauth2=pubkey is login with user/pass ...
1
vote
1
answer
4k
views
Does IKEv2 support initiator authentication by pre-shared key _and_ password?
I'd like to configure an IKEv2 VPN gateway for multiple remote users to access a private network.
I have a test setup where the responder authenticates itself with a self-signed certificate. The ...
2
votes
1
answer
3k
views
VPN from WatchGuard to Google Cloud Platform: "establishing IKE_SA failed, peer not responding"
We are trying to "Build a VPN from a Watchguard to Google Cloud Platform" just like what is described here:
https://querblick-it.de/build-vpn-watchguard-google-cloud-platform/
And under Remote peer ...
0
votes
2
answers
5k
views
Strongswan IKEv2 for iOS devices
I want to connect a Strongswan IKEv2 VPN on iOS devices. It uses FreeRADIUS server for AAA of users.
It's already working perfectly on Android and Windows devices. but when I try to connect using ...