Questions tagged [ikev2]
The ikev2 tag has no usage guidance.
66
questions with no upvoted or accepted answers
5
votes
2
answers
1k
views
pfSense - IKEv2 with EAP-RADIUS: Any fallback option if the RADIUS server is down?
I'm deploying an IKEv2 VPN authenticating against a RADIUS service within a pfSense 2.3-RELEASE box. But I'm afraid of the complications of this approach when the RADIUS server is down.
Since the ...
4
votes
0
answers
3k
views
Strongswan stops working after a while
I'm trying hard to resolve one question with my strongswan IKEv2 VPN.
I use Linux strongSwan U5.6.1/K3.10.0-862.el7.x86_64 installed on CentOS 7 and few clients: Windows Server 2012 R2, Windows 10, ...
3
votes
2
answers
4k
views
EAP / MSCHAPv2 authentications fails (only) on Windows with custom authenticator
I have a project that involves custom client authentication for the StrongSwan IKEv2 server implementation on Linux.
I am running: StrongSwan 5.4.0 with eap-radius plugin
Currently, we use FreeRadius ...
3
votes
0
answers
1k
views
How to connect to ikev2 vpn from docker container using bridge net mode?
I'm trying to connect to a VPN from inside a docker container via ikev2, Ubuntu host.
If I try the following:
docker run -i -t --privileged --net host --entrypoint /bin/bash ikev
It then do ipsec ...
2
votes
1
answer
915
views
How to block an IP for IPSec VPN connections?
This is my current IpTables setup:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,...
2
votes
0
answers
475
views
Bandwidth control with TC for clients yet to be connected
I have applied bandwidth control using TC and iptables using this tutorial on my Strongswan VPN server.
The bandwidth control works fine ONLY if that specific client is already connected.
For example:...
2
votes
1
answer
747
views
firehol ipsec configuration
Just discovered that apple dropped pptp support in the newest MacOSes, so configured ikev2 ipsec access instead. Clients are happy, everything is simple and good except one thing - ipsec clients ...
2
votes
0
answers
2k
views
MacOS native IKEv2 VPN client instead of AnyConnect?
Similar to this question from half a decade ago..
Can the native MacOS IKEv2 VPN client be used in lieu of Cisco AnyConnect client?
example anyconnect profile:
<AnyConnectProfile>
<...
2
votes
0
answers
1k
views
CentOS + strongswan + iOS VPN API, hal
I'm trying to setup StrongSwan on CentOS for iOS with VPN API. This API uses IKEv2 protocol. Here is my logs + configuration files. When i press connect in iOS device it's getting off in a few moments....
1
vote
1
answer
897
views
My Win 11 Pro VPN client for IKEv2 is perpetually broken
I am tearing my hair out over this sudden refusal of Windows 11 Pro on my PC to use the appropriately configured crypto in IKEv2 negotiation. It worked fine for a long time, until it didn't. This ...
1
vote
0
answers
471
views
issue with connecting to IKEV2 VPN server from android devices
We are facing a problem with connecting android devices to our VPN server. iOS devices do not have any problems connecting.
Android devices trying to connect via StrongSwan official app from Google ...
1
vote
1
answer
1k
views
Site-to-Site VPN and Remote Access VPN with Strongswan
I've recently deployed a Strongswan IKEv2 Remote Access VPN in two different sited with two different ubuntu servers. It all works great, but now i want to "merge" the two sites with a site-...
1
vote
0
answers
315
views
libreswan with Ikev2 client and plain text password
I need to set up a connection to VPN server with Libreswan. I can't use strongswan, since they are not working well together when installed on the same OC.
My system is Linux Debian 10 (Buster)
Kernel ...
1
vote
0
answers
153
views
How to disable all default cryptographic algorithms but the explicitly defined ones in OpenIKED?
I am having issues with setting up highly secure but still high performance IKEv2 tunnels between multiple data centers on OpenBSD nodes, by using very strict security features and allowing the use of ...
1
vote
2
answers
2k
views
Checking existence of IPSEC as a meta expression in nftables
Whilst recently setting up a router manually from scratch using Debian, I decided to use nftables along with strongSwan to provide an IKEv2 VPN access into this.
After much frustration along with ...
1
vote
0
answers
376
views
Strongswan username and password authentication
Guys I need to set up strongswan to use username and password for connecting instead of certificate! Anyone knows how this is done?
1
vote
1
answer
3k
views
Is strongSwan eap-mschapv2 authentication secure vs using certs?
What level of encryption is used during the authentication part of the connection?
Here’s a sample /etc/ipsec.conf configuration.
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no
...
1
vote
0
answers
5k
views
Porting a Cisco AnyConnect profile from Windows to Mac OSX
I have a client using a VisualStudio solution to manage their website. In order to make edits, they had to set up a Windows 7 laptop for me, which I have to use to connect to their VPN before being ...
1
vote
1
answer
2k
views
OCSP verification fails in Strongswan (IKEv2)
I've managed to set up an IPsec connection between two (virtual) hosts in transport mode and now I want the server to validate the client's certificate with OCSP. In a third host, I've run an OCSP ...
1
vote
0
answers
526
views
How to configure RRAS on Windows Server 2012 R2 to forward broadcast UDP packets
I have a server running RRAS on Server 2012 R2. Clients connect using an IKEv2 VPN, and are on the same subnet: 192.168.1.0/24 and 255.255.255.0.
The server has a single NIC, and VPN ports are ...
1
vote
1
answer
438
views
Google Cloud Platform VPN
Is there a way to change the lifetime in seconds for Phase 1 and Phase 2 of Ipsec? I am trying to connect to a Cisco ASA 5550 at a customer site and their lifetime in seconds setting is 86,400(Phase ...
1
vote
1
answer
3k
views
StrongSwan ikev2 routing through VPN in Windows 10
I'm trying to create an ikev2 VPN using StrongSwan on an ubuntu server.
Now, in Windows 10 clients, use default gateway on remote network option is off by default; so when I connect to the server, ...
1
vote
0
answers
614
views
Strongswan site to site tunnel
I configured strongswan on ServerA and ServerB and tunnel them successfully by this tutorial:
http://linoxide.com/how-tos/ipsec-vpn-gateway-gateway-using-strongswan/
but i want to run this senario:
...
1
vote
0
answers
4k
views
How to fix failing connection to VPN(ipsec+ikev2)?
Auth made with certificates
ubuntu 16.04 + strongswan.
Client connecting from win7, certificate was added like said in strongswan Wiki.
Config made also like in strongswan wiki, but i got error: '...
1
vote
0
answers
1k
views
RRAS IKEv2 Behind Router
I have an installation of Server 2012 R2 running that I need to deploy an IKEv2 VPN on. It's my way of accessing files at my office.
The current setup involves a NAT Router (Just a standard ISP-...
0
votes
0
answers
11
views
Windows 10 builtin IKEv2 VPN does not have option for preshared key
I configured Routing and Remote Access on Windows Server 2019, then built-in VPN Type IKEv2 + PSK:
Filled the PSK in "Allow custom IPsec policy for L2TP/IKEv2 connection" (rrasmgmt.msc)
...
0
votes
0
answers
27
views
Swastrong IPSec with Password Authentication
I'm in the exact same situation as sashok_bg here : I'm trying to access my Freebox pro VPN through Swanstrong client vpn on Debian.
So far, with what has been said in his converstation with ecdsa, ...
0
votes
0
answers
121
views
IKEv2 with certificate + EAP between an IPsec client a VPN server on an OpenWRT router, and a FreeRADIUS - Auhtntication issue
I need your help and expertise to resolve a situation I'm facing. I'm currently testing an IPsec tunnel using IKEv2 with certificate + EAP between an IPsec client (TheGreenBow), a VPN server on an ...
0
votes
1
answer
317
views
Strongswan VPN Client (Android) can't connect to my test Kerio Control server
I have the following issue: I set up a Kerio Control 9.4.4 build 8365 and tried to connect to VPN server through Android 14+ device. I used Strongswan(Android) for this, but I got the following error ...
0
votes
0
answers
55
views
strongSwan: Accessing LAN of a Windows client (reversed remote access)
I am currently having an Ubuntu Server strongSwan setup (IKEv2, EAP-MSCHAPv2) that will allow any authorized remote Windows client to access server's LAN (192.168.7.0/24). It works perfectly, but I ...
0
votes
0
answers
33
views
Is iptables NAT forwarding possible bewteen two libvirt VMs?
I'm building a test VPN setup using two libvirt VMs with StrongSwan
IKEv2 but can't get traffic to forward. I can see the client sending
traffic to the server using tcpdump but the server doesn't do
...
0
votes
0
answers
142
views
Change IPSec IKEV2 VPN Default Ports 500 & 4500 To Anothers
For some reason OpenVPN is working on my local machine very well, But IPSec IKEV2 VPN not & it only works when OpenVPN is connect.
I have a domain for IPSec IKEV2 VPN & in local machine vpn is ...
0
votes
0
answers
63
views
Unable to acces on some websites when connected to VPN IKEv2 server from linux
I have a VPN server hosted on Windows 2019 and configured on IKEv2,
Everything works very well from all clients, however on Linux clients I have one last point to adjust, so for clarification I use ...
0
votes
0
answers
183
views
StrongSwan IPSec VPN - IKEv2 - LetsEncrypt Certificate Issue (building CRED_PRIVATE_KEY - RSA failed, tried 10 builders)
I followed the link below for setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7.
How to Setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7
But info on that link has been ...
0
votes
0
answers
690
views
IPSec Example for a Password Authentication
I am trying to configure an ipsec (strongswan) vpn client to connect to my ISP-provided router's VPN.
I only have a username and password, no certificates.
In the documentation the provided (https://...
0
votes
0
answers
508
views
Cannot access network resources after connecting to Always On VPN
Background: recently moved offices to a new network that did not have any domain controllers. The network here has a basic WiFi router that has both DNS and DHCP. We moved our DC here that has our ...
0
votes
0
answers
428
views
Why is my EdgeRouter-X IKEv2 VPN tunnel not working for HTTP/HTTPS on port 5000/5001?
I've configured my EdgeRouter-X for an IKEv2 VPN Tunnel using self signed certificates. I'm using this VPN to access my home network from my Android phone and my iPad.
I can connect from both devices ...
0
votes
0
answers
470
views
RRAS IKEv2 MacOS 13.4.1 unable to connect since upgrade to Ventura
I encountered a problem when trying to connect to a VPN server configured in IKEv2 from MacOS (Ventura 13.4.1) on a fresh install.
The VPN server is a RRAS hosted in a Windows server 2019, its ...
0
votes
0
answers
416
views
AWS StrongSwan IPSec Tunnel with Cisco fails during Phase 2 with TS_UNACCEPTABLE
I need to to setup a site-to-site IPSec tunnel with a vendor whom We need to access each other's API servers seating on the LANs using their respective Public IPs. We're using AWS, And I have ...
0
votes
0
answers
832
views
Windows native client not connecting to IKEv2 EAP VPN
We are investigating the possibility of replacing pfSense/opnSense with Mikrotik for our office routers. Our current routers provide site-to-site tunnels between locations, as well as RADIUS-backed ...
0
votes
0
answers
1k
views
How to set up StrongSwan (behind NAT) IKEv2/IPSec with PSK (pre-shared key)?
I set up my strongswan server on a virtual Ubuntu 22 behind a NAT. It works well for RCA using login password.
But I need to work using only PSK key. I tried a bunch of options, I can not connect from ...
0
votes
0
answers
597
views
Windows 11 IKEv2 fails to connect, error code 1931 eventID 20227
I have Mikrotik configured for accepting IPSec connections with server certificate and RADIUS auth, SHA1 and so on enabled on Mikrotik side for Windows compatibility.
It also configured for L2TP/IPSec,...
0
votes
0
answers
321
views
ike-scan 0 returned handshake 0 returned notify
I need to establish vpn connection to a specific site, I used strongswan and configure my side according to the provided parameters from another side, but when I try to connect I get 'peer not ...
0
votes
1
answer
1k
views
EAP-MS-CHAPv2 verification failed Arch Linux (strongswan)
I cannot get Strongswan, networkmanager-strongswan (client)
work on your Arch-PC. My vpn-strongswan server (hereinafter deb (server)) has been configured for a long time, any devices (such as android, ...
0
votes
1
answer
945
views
pfSense as IPSec remote access client
I have a pfSense router in a residential environment and need to use IPSec/IKEv2 as a remote access client to a commercial VPN provider. I know the pfSense web UI doesn't support the router being the ...
0
votes
0
answers
365
views
Vpn . Nps . Active directory . Strongswan ikev2
please help me
I configured a strongswan IKEV2 On Centos7 vps
and NPS and Active Directory for my authentication and accounting(radius) on windows server 2016 vps
when i want to connect to my ikev2 ...
0
votes
0
answers
2k
views
Cannot connect MacOS to StrongSwan VPN server installed on ubuntu
I have an issue connecting to IKEv2 VPN running on an Ubuntu VM on GCP. I am trying to connect with MacOS and Windows. I followed this tutorial to install the VPN on an Ubuntu VM. I need a VPN so that ...
0
votes
0
answers
931
views
Is it possible to have 2 left ids in strongswan?
I need my strongswan server to operate on 2 domain names .
ipsec.conf currently contains : [email protected]
How can I add another domain ? Is this syntax gonna work?
[email protected],@sub2....
0
votes
1
answer
793
views
IKEv2 VPN on server 2019 suddenly stops working
We have a number of customers using Server 2019 as a VPN server with the IKEv2 protocol through the Routing and Remote Access (RRAS) service. Suddenly, every single one of them gets the following ...
0
votes
0
answers
3k
views
StrongSwan config issue: no matching peer config found
I am trying to establish a VPN between my router (running OpenWrt) and my smartphone using IPsec.
I followed the guide at https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/roadwarrior
...