Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
0 votes
0 answers
11 views

Windows 10 builtin IKEv2 VPN does not have option for preshared key

I configured Routing and Remote Access on Windows Server 2019, then built-in VPN Type IKEv2 + PSK: Filled the PSK in "Allow custom IPsec policy for L2TP/IKEv2 connection" (rrasmgmt.msc) ...
Stef's user avatar
  • 612
0 votes
0 answers
27 views

Swastrong IPSec with Password Authentication

I'm in the exact same situation as sashok_bg here : I'm trying to access my Freebox pro VPN through Swanstrong client vpn on Debian. So far, with what has been said in his converstation with ecdsa, ...
Alex's user avatar
  • 11
0 votes
1 answer
317 views

Strongswan VPN Client (Android) can't connect to my test Kerio Control server

I have the following issue: I set up a Kerio Control 9.4.4 build 8365 and tried to connect to VPN server through Android 14+ device. I used Strongswan(Android) for this, but I got the following error ...
Creeprus's user avatar
0 votes
0 answers
33 views

Is iptables NAT forwarding possible bewteen two libvirt VMs?

I'm building a test VPN setup using two libvirt VMs with StrongSwan IKEv2 but can't get traffic to forward. I can see the client sending traffic to the server using tcpdump but the server doesn't do ...
dbazile's user avatar
0 votes
0 answers
63 views

Unable to acces on some websites when connected to VPN IKEv2 server from linux

I have a VPN server hosted on Windows 2019 and configured on IKEv2, Everything works very well from all clients, however on Linux clients I have one last point to adjust, so for clarification I use ...
Boby Lapointe's user avatar
0 votes
0 answers
690 views

IPSec Example for a Password Authentication

I am trying to configure an ipsec (strongswan) vpn client to connect to my ISP-provided router's VPN. I only have a username and password, no certificates. In the documentation the provided (https://...
sashok_bg's user avatar
  • 101
0 votes
0 answers
508 views

Cannot access network resources after connecting to Always On VPN

Background: recently moved offices to a new network that did not have any domain controllers. The network here has a basic WiFi router that has both DNS and DHCP. We moved our DC here that has our ...
Mike H's user avatar
  • 1
0 votes
0 answers
470 views

RRAS IKEv2 MacOS 13.4.1 unable to connect since upgrade to Ventura

I encountered a problem when trying to connect to a VPN server configured in IKEv2 from MacOS (Ventura 13.4.1) on a fresh install. The VPN server is a RRAS hosted in a Windows server 2019, its ...
Boby Lapointe's user avatar
0 votes
0 answers
832 views

Windows native client not connecting to IKEv2 EAP VPN

We are investigating the possibility of replacing pfSense/opnSense with Mikrotik for our office routers. Our current routers provide site-to-site tunnels between locations, as well as RADIUS-backed ...
miken32's user avatar
  • 974
0 votes
0 answers
597 views

Windows 11 IKEv2 fails to connect, error code 1931 eventID 20227

I have Mikrotik configured for accepting IPSec connections with server certificate and RADIUS auth, SHA1 and so on enabled on Mikrotik side for Windows compatibility. It also configured for L2TP/IPSec,...
SelfishCrawler's user avatar
1 vote
1 answer
897 views

My Win 11 Pro VPN client for IKEv2 is perpetually broken

I am tearing my hair out over this sudden refusal of Windows 11 Pro on my PC to use the appropriately configured crypto in IKEv2 negotiation. It worked fine for a long time, until it didn't. This ...
TheOrionArm's user avatar
1 vote
0 answers
471 views

issue with connecting to IKEV2 VPN server from android devices

We are facing a problem with connecting android devices to our VPN server. iOS devices do not have any problems connecting. Android devices trying to connect via StrongSwan official app from Google ...
Maksim Zakharenka's user avatar
0 votes
0 answers
321 views

ike-scan 0 returned handshake 0 returned notify

I need to establish vpn connection to a specific site, I used strongswan and configure my side according to the provided parameters from another side, but when I try to connect I get 'peer not ...
Mohammed Hafiz's user avatar
1 vote
1 answer
1k views

Site-to-Site VPN and Remote Access VPN with Strongswan

I've recently deployed a Strongswan IKEv2 Remote Access VPN in two different sited with two different ubuntu servers. It all works great, but now i want to "merge" the two sites with a site-...
P1r4nh4's user avatar
  • 11
-1 votes
1 answer
850 views

Strongswan & Windows client: connection freezes in a few minutes

On an AWS VPS, I installed Strongswan to use it as a VPN. It works fine with iPhone client. However, when I try to connect from a Windows client, the SA connection gets established successfully and ...
m. vokhm's user avatar
0 votes
1 answer
1k views

Failed to start the IKEv2 VPN connection to surfshark via NetworkManager

I try to connect to surfshark VPN provider through IKEv2 manually. Here are the logs charon-nm[5070]: 05[CFG] received initiate for NetworkManager connection Surfshark IKE2 charon-nm[5070]: 05[CFG] ...
Morse's user avatar
  • 103
0 votes
1 answer
1k views

EAP-MS-CHAPv2 verification failed Arch Linux (strongswan)

I cannot get Strongswan, networkmanager-strongswan (client) work on your Arch-PC. My vpn-strongswan server (hereinafter deb (server)) has been configured for a long time, any devices (such as android, ...
Alex Petrov's user avatar
-1 votes
1 answer
2k views

Cannot connect a Fortigate VPN behind a static NAT to a GCP VPN gateway

Here's the need: Connect a Fortigate device behind a static 1:1 NAT to the Internet to a Google Cloud Platform (GCP) VPN gateway. Simplified ASCII Diagram: LOCAL_LAN ---- Fortigate ----- Fiber modem --...
Hawkmx's user avatar
  • 11
0 votes
0 answers
365 views

Vpn . Nps . Active directory . Strongswan ikev2

please help me I configured a strongswan IKEV2 On Centos7 vps and NPS and Active Directory for my authentication and accounting(radius) on windows server 2016 vps when i want to connect to my ikev2 ...
Artursa's user avatar
0 votes
0 answers
2k views

Cannot connect MacOS to StrongSwan VPN server installed on ubuntu

I have an issue connecting to IKEv2 VPN running on an Ubuntu VM on GCP. I am trying to connect with MacOS and Windows. I followed this tutorial to install the VPN on an Ubuntu VM. I need a VPN so that ...
nealous3's user avatar
  • 131
-1 votes
1 answer
150 views

How to run Windows Ikev2 with NonetworkFirewall?

I have a small problem.I setup Firewall App Blocker in whtielist Mode(means basically It cut all Internet except allowed apps by setting "block all connection that not match firewall rule" ...
Fros Vonex's user avatar
1 vote
0 answers
153 views

How to disable all default cryptographic algorithms but the explicitly defined ones in OpenIKED?

I am having issues with setting up highly secure but still high performance IKEv2 tunnels between multiple data centers on OpenBSD nodes, by using very strict security features and allowing the use of ...
Tony's user avatar
  • 11
0 votes
1 answer
8k views

StrongSwan clients fail to connect, Constraint checking failure

Client devices (Runs Windows 10 and Android with StrongSwan app) fail to connect. Certificates signed by one authority, CN is set as server public ip. Here's ipsec.conf: config setup include /var/lib/...
user11686813's user avatar
2 votes
1 answer
7k views

Strongswan Error: no config named 'foo'

On Ubuntu 20.04, I am trying to establish a VPN tunnel to a IKEv2/Ipsec VPN site using Strongswan. However, even though I have the file /etc/ipsec.conf as shown # ipsec.conf - strongSwan IPsec ...
Nyxynyx's user avatar
  • 1,499
0 votes
0 answers
931 views

Is it possible to have 2 left ids in strongswan?

I need my strongswan server to operate on 2 domain names . ipsec.conf currently contains : [email protected] How can I add another domain ? Is this syntax gonna work? [email protected],@sub2....
master lfc6's user avatar
0 votes
1 answer
793 views

IKEv2 VPN on server 2019 suddenly stops working

We have a number of customers using Server 2019 as a VPN server with the IKEv2 protocol through the Routing and Remote Access (RRAS) service. Suddenly, every single one of them gets the following ...
Mikael Dyreborg Hansen's user avatar
0 votes
1 answer
6k views

IKev2 strongswan got deleting half open IKE_SA with x.x.x.x after timeout with iOS device

I installed an IKEv2 strongswan vpn server on ubuntu 18.04 and also I use a valid Let's encrypte CA for that. I want to use it on an application for iOS. So here is the IPSec.conf : config setup ...
mohsen's user avatar
  • 113
0 votes
0 answers
3k views

StrongSwan config issue: no matching peer config found

I am trying to establish a VPN between my router (running OpenWrt) and my smartphone using IPsec. I followed the guide at https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/roadwarrior ...
ahorn42's user avatar
0 votes
1 answer
263 views

What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?

Everything works fine over Wi-Fi. I tried disabling IPv6 using a provisioning profile. I tried on two different devices (iPhone 6 and current iPhone SE) using the same VPN provisioning profile (each ...
sunknudsen's user avatar
0 votes
2 answers
5k views

Windows 10 IKEv2 IPSec VPN client & DH Group15 (modp3072) or higher

Is there any way to configure the Windows 10 VPN client to use DH Group 15 / Group15 (modp3072) or higher for key exchange? I am somewhat distressed that the CNSA specifies use of DH Group 15 (...
Will Snyder's user avatar
1 vote
2 answers
2k views

Checking existence of IPSEC as a meta expression in nftables

Whilst recently setting up a router manually from scratch using Debian, I decided to use nftables along with strongSwan to provide an IKEv2 VPN access into this. After much frustration along with ...
jren207's user avatar
  • 11
0 votes
0 answers
633 views

RRAS IKEv2 VPN no response

We have an IPSEC/L2TP PSK VPN on Windows Server 2012 using RRAS. This usually works fine, but now with so many staff working from home due to COVID-19, I am getting complaints of the VPN dropping out ...
Asagohan's user avatar
  • 127
1 vote
2 answers
3k views

Determining root cause of Windows VPN Connection Error 13801

I'm trying to get machine authentication working with Microsoft "always on vpn".. I'm running into error 13801 on attempting to connect with a client. This error implies there is some sort of ...
Robert Meany's user avatar
0 votes
0 answers
2k views

IKEv2 Need a small help on Strongswan

I'm trying to create an IKEv2 Strongswan VPN server (U5.7.2/K5.3.0-42-generic) since two days on my personnal VPS (Ubuntu 19.10) to make some tests before implement it on the Unifi equipment of my ...
mathpro's user avatar
0 votes
1 answer
430 views

IKev2 VPN Event ID 20209 - Server Authentication

I have made only one certificate for VPN access with ikev2. Within 2 days i got event id 20209, even though I didn't tried to connect. The certificate is still with me and no one else has access to it....
Bhavya Gupta's user avatar
1 vote
0 answers
376 views

Strongswan username and password authentication

Guys I need to set up strongswan to use username and password for connecting instead of certificate! Anyone knows how this is done?
Mr Pro's user avatar
  • 33
0 votes
0 answers
91 views

Rekeying denies protocols/NAT issue or config?

I'm using strongswan to connect to a MAC server using IKEv2/IPsec configuration. The server uses the proposed algorithms to establish the SA and everything works great. Upon rekeying however, the ...
ToxicTech's user avatar
0 votes
1 answer
223 views

strongswan ikev2 connect to the same server

I have a strongswan ikev2 vpn installed on my server. With my win10 laptop I can connect to the vpn and and connect to everything via vpn. But how can I connect to my server? I have a service on a ...
BestimmungGefördert's user avatar
1 vote
1 answer
1k views

Test ike2 vpn connection on console possible?

Whatever I google for I find tutorials how to setup an IKEv2 VPN server either UI client configuration for different OS. Is it possible to test the connection with a client in a Linux console ...
J. Doe's user avatar
  • 179
4 votes
1 answer
18k views

strongswan ikev2 with debian. EAP authentication failed. loading EAP_MSCHAPV2 method failed

I can't get Strongswan to run on my Debian machine. I've already done a tutorial to get it to run on a Ubuntu machine but it seems impossible to me to get it to run on my Debian machine. I actually ...
BestimmungGefördert's user avatar
0 votes
0 answers
738 views

StrongSwan IKEv2 connected but no internet on some internets

I set up the StrongSwan and IKEv2 as remote access on CentOS 7, And it is working great but on some internets (not all, most ADSL modems or 4G modems) it connects but there is no internet access on ...
Farhad Sakhaei's user avatar
0 votes
1 answer
614 views

IKEv2 certificate error but SSTP successfully connects Windows 10 pro / Windows Server 2019

I'm using Windows server 2019 (installed roles: AD DC, CA, DHCP, DNS, IIS, VPN). my client is Windows 10 pro. before installing the Online responder role and having a CRL server, IkEv2 was working, ...
user avatar
9 votes
2 answers
34k views

Strongswan IKEv2 vpn on Windows 10 client "policy match error"

I have the newest version of Strongswan vpn on my ubuntu server running. I followed this tutorial here and got it to work on my android and Iphone. Now I want to get it to work on my windows 10 ...
sirzento's user avatar
  • 193
4 votes
0 answers
3k views

Strongswan stops working after a while

I'm trying hard to resolve one question with my strongswan IKEv2 VPN. I use Linux strongSwan U5.6.1/K3.10.0-862.el7.x86_64 installed on CentOS 7 and few clients: Windows Server 2012 R2, Windows 10, ...
Виталий Захаров's user avatar
1 vote
0 answers
5k views

Porting a Cisco AnyConnect profile from Windows to Mac OSX

I have a client using a VisualStudio solution to manage their website. In order to make edits, they had to set up a Windows 7 laptop for me, which I have to use to connect to their VPN before being ...
user13286's user avatar
  • 111
1 vote
1 answer
2k views

Strongswan IKEv2 auth - pubkey and EAP

I'am trying to setup strongswan with pubkey and EAP authentication. To login users need to have certificate and valid credentials. My certificate is ok. I tested pubkey auth and it was ok, also EAP ...
user9443103's user avatar
0 votes
0 answers
1k views

Stuup StrongSwan with user Cert

i will setting up strongswan and have some trouble with configure it. I can log in with user/pass but i will replace it with user.p12 certificate. When i add rightauth2=pubkey is login with user/pass ...
Hannes Peter's user avatar
1 vote
1 answer
4k views

Does IKEv2 support initiator authentication by pre-shared key _and_ password?

I'd like to configure an IKEv2 VPN gateway for multiple remote users to access a private network. I have a test setup where the responder authenticates itself with a self-signed certificate. The ...
Phil Frost's user avatar
2 votes
1 answer
3k views

VPN from WatchGuard to Google Cloud Platform: "establishing IKE_SA failed, peer not responding"

We are trying to "Build a VPN from a Watchguard to Google Cloud Platform" just like what is described here: https://querblick-it.de/build-vpn-watchguard-google-cloud-platform/ And under Remote peer ...
mountainclimber11's user avatar
0 votes
2 answers
5k views

Strongswan IKEv2 for iOS devices

I want to connect a Strongswan IKEv2 VPN on iOS devices. It uses FreeRADIUS server for AAA of users. It's already working perfectly on Android and Windows devices. but when I try to connect using ...
Varun Taliyan's user avatar