Skip to main content

Questions tagged [ikev2]

The tag has no usage guidance.

66 questions with no upvoted or accepted answers
Filter by
Sorted by
Tagged with
5 votes
2 answers
1k views

pfSense - IKEv2 with EAP-RADIUS: Any fallback option if the RADIUS server is down?

I'm deploying an IKEv2 VPN authenticating against a RADIUS service within a pfSense 2.3-RELEASE box. But I'm afraid of the complications of this approach when the RADIUS server is down. Since the ...
Vinícius Ferrão's user avatar
4 votes
0 answers
3k views

Strongswan stops working after a while

I'm trying hard to resolve one question with my strongswan IKEv2 VPN. I use Linux strongSwan U5.6.1/K3.10.0-862.el7.x86_64 installed on CentOS 7 and few clients: Windows Server 2012 R2, Windows 10, ...
Виталий Захаров's user avatar
3 votes
2 answers
4k views

EAP / MSCHAPv2 authentications fails (only) on Windows with custom authenticator

I have a project that involves custom client authentication for the StrongSwan IKEv2 server implementation on Linux. I am running: StrongSwan 5.4.0 with eap-radius plugin Currently, we use FreeRadius ...
Domokun's user avatar
  • 31
3 votes
0 answers
1k views

How to connect to ikev2 vpn from docker container using bridge net mode?

I'm trying to connect to a VPN from inside a docker container via ikev2, Ubuntu host. If I try the following: docker run -i -t --privileged --net host --entrypoint /bin/bash ikev It then do ipsec ...
Debrian's user avatar
  • 154
2 votes
1 answer
915 views

How to block an IP for IPSec VPN connections?

This is my current IpTables setup: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,...
Houman's user avatar
  • 1,675
2 votes
0 answers
475 views

Bandwidth control with TC for clients yet to be connected

I have applied bandwidth control using TC and iptables using this tutorial on my Strongswan VPN server. The bandwidth control works fine ONLY if that specific client is already connected. For example:...
Ajji's user avatar
  • 131
2 votes
1 answer
747 views

firehol ipsec configuration

Just discovered that apple dropped pptp support in the newest MacOSes, so configured ikev2 ipsec access instead. Clients are happy, everything is simple and good except one thing - ipsec clients ...
BUKTOP's user avatar
  • 155
2 votes
0 answers
2k views

MacOS native IKEv2 VPN client instead of AnyConnect?

Similar to this question from half a decade ago.. Can the native MacOS IKEv2 VPN client be used in lieu of Cisco AnyConnect client? example anyconnect profile: <AnyConnectProfile> <...
goofology's user avatar
  • 402
2 votes
0 answers
1k views

CentOS + strongswan + iOS VPN API, hal

I'm trying to setup StrongSwan on CentOS for iOS with VPN API. This API uses IKEv2 protocol. Here is my logs + configuration files. When i press connect in iOS device it's getting off in a few moments....
Al.Arak's user avatar
  • 21
1 vote
1 answer
897 views

My Win 11 Pro VPN client for IKEv2 is perpetually broken

I am tearing my hair out over this sudden refusal of Windows 11 Pro on my PC to use the appropriately configured crypto in IKEv2 negotiation. It worked fine for a long time, until it didn't. This ...
TheOrionArm's user avatar
1 vote
0 answers
471 views

issue with connecting to IKEV2 VPN server from android devices

We are facing a problem with connecting android devices to our VPN server. iOS devices do not have any problems connecting. Android devices trying to connect via StrongSwan official app from Google ...
Maksim Zakharenka's user avatar
1 vote
1 answer
1k views

Site-to-Site VPN and Remote Access VPN with Strongswan

I've recently deployed a Strongswan IKEv2 Remote Access VPN in two different sited with two different ubuntu servers. It all works great, but now i want to "merge" the two sites with a site-...
P1r4nh4's user avatar
  • 11
1 vote
0 answers
315 views

libreswan with Ikev2 client and plain text password

I need to set up a connection to VPN server with Libreswan. I can't use strongswan, since they are not working well together when installed on the same OC. My system is Linux Debian 10 (Buster) Kernel ...
Roustam Dzhafarov's user avatar
1 vote
0 answers
153 views

How to disable all default cryptographic algorithms but the explicitly defined ones in OpenIKED?

I am having issues with setting up highly secure but still high performance IKEv2 tunnels between multiple data centers on OpenBSD nodes, by using very strict security features and allowing the use of ...
Tony's user avatar
  • 11
1 vote
2 answers
2k views

Checking existence of IPSEC as a meta expression in nftables

Whilst recently setting up a router manually from scratch using Debian, I decided to use nftables along with strongSwan to provide an IKEv2 VPN access into this. After much frustration along with ...
jren207's user avatar
  • 11
1 vote
0 answers
376 views

Strongswan username and password authentication

Guys I need to set up strongswan to use username and password for connecting instead of certificate! Anyone knows how this is done?
Mr Pro's user avatar
  • 33
1 vote
1 answer
3k views

Is strongSwan eap-mschapv2 authentication secure vs using certs?

What level of encryption is used during the authentication part of the connection? Here’s a sample /etc/ipsec.conf configuration. config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=no ...
sunknudsen's user avatar
1 vote
0 answers
5k views

Porting a Cisco AnyConnect profile from Windows to Mac OSX

I have a client using a VisualStudio solution to manage their website. In order to make edits, they had to set up a Windows 7 laptop for me, which I have to use to connect to their VPN before being ...
user13286's user avatar
  • 111
1 vote
1 answer
2k views

OCSP verification fails in Strongswan (IKEv2)

I've managed to set up an IPsec connection between two (virtual) hosts in transport mode and now I want the server to validate the client's certificate with OCSP. In a third host, I've run an OCSP ...
Ander Juaristi's user avatar
1 vote
0 answers
526 views

How to configure RRAS on Windows Server 2012 R2 to forward broadcast UDP packets

I have a server running RRAS on Server 2012 R2. Clients connect using an IKEv2 VPN, and are on the same subnet: 192.168.1.0/24 and 255.255.255.0. The server has a single NIC, and VPN ports are ...
Britishly's user avatar
1 vote
1 answer
438 views

Google Cloud Platform VPN

Is there a way to change the lifetime in seconds for Phase 1 and Phase 2 of Ipsec? I am trying to connect to a Cisco ASA 5550 at a customer site and their lifetime in seconds setting is 86,400(Phase ...
L Zimmerman's user avatar
1 vote
1 answer
3k views

StrongSwan ikev2 routing through VPN in Windows 10

I'm trying to create an ikev2 VPN using StrongSwan on an ubuntu server. Now, in Windows 10 clients, use default gateway on remote network option is off by default; so when I connect to the server, ...
Mahdi Ghiasi's user avatar
1 vote
0 answers
614 views

Strongswan site to site tunnel

I configured strongswan on ServerA and ServerB and tunnel them successfully by this tutorial: http://linoxide.com/how-tos/ipsec-vpn-gateway-gateway-using-strongswan/ but i want to run this senario: ...
user3699217's user avatar
1 vote
0 answers
4k views

How to fix failing connection to VPN(ipsec+ikev2)?

Auth made with certificates ubuntu 16.04 + strongswan. Client connecting from win7, certificate was added like said in strongswan Wiki. Config made also like in strongswan wiki, but i got error: '...
littleguga's user avatar
1 vote
0 answers
1k views

RRAS IKEv2 Behind Router

I have an installation of Server 2012 R2 running that I need to deploy an IKEv2 VPN on. It's my way of accessing files at my office. The current setup involves a NAT Router (Just a standard ISP-...
Nodebay's user avatar
  • 111
0 votes
0 answers
11 views

Windows 10 builtin IKEv2 VPN does not have option for preshared key

I configured Routing and Remote Access on Windows Server 2019, then built-in VPN Type IKEv2 + PSK: Filled the PSK in "Allow custom IPsec policy for L2TP/IKEv2 connection" (rrasmgmt.msc) ...
Stef's user avatar
  • 612
0 votes
0 answers
27 views

Swastrong IPSec with Password Authentication

I'm in the exact same situation as sashok_bg here : I'm trying to access my Freebox pro VPN through Swanstrong client vpn on Debian. So far, with what has been said in his converstation with ecdsa, ...
Alex's user avatar
  • 11
0 votes
0 answers
121 views

IKEv2 with certificate + EAP between an IPsec client a VPN server on an OpenWRT router, and a FreeRADIUS - Auhtntication issue

I need your help and expertise to resolve a situation I'm facing. I'm currently testing an IPsec tunnel using IKEv2 with certificate + EAP between an IPsec client (TheGreenBow), a VPN server on an ...
Fenix ES's user avatar
0 votes
1 answer
317 views

Strongswan VPN Client (Android) can't connect to my test Kerio Control server

I have the following issue: I set up a Kerio Control 9.4.4 build 8365 and tried to connect to VPN server through Android 14+ device. I used Strongswan(Android) for this, but I got the following error ...
Creeprus's user avatar
0 votes
0 answers
55 views

strongSwan: Accessing LAN of a Windows client (reversed remote access)

I am currently having an Ubuntu Server strongSwan setup (IKEv2, EAP-MSCHAPv2) that will allow any authorized remote Windows client to access server's LAN (192.168.7.0/24). It works perfectly, but I ...
ivanthestupid's user avatar
0 votes
0 answers
33 views

Is iptables NAT forwarding possible bewteen two libvirt VMs?

I'm building a test VPN setup using two libvirt VMs with StrongSwan IKEv2 but can't get traffic to forward. I can see the client sending traffic to the server using tcpdump but the server doesn't do ...
dbazile's user avatar
0 votes
0 answers
142 views

Change IPSec IKEV2 VPN Default Ports 500 & 4500 To Anothers

For some reason OpenVPN is working on my local machine very well, But IPSec IKEV2 VPN not & it only works when OpenVPN is connect. I have a domain for IPSec IKEV2 VPN & in local machine vpn is ...
helius.dev's user avatar
0 votes
0 answers
63 views

Unable to acces on some websites when connected to VPN IKEv2 server from linux

I have a VPN server hosted on Windows 2019 and configured on IKEv2, Everything works very well from all clients, however on Linux clients I have one last point to adjust, so for clarification I use ...
Boby Lapointe's user avatar
0 votes
0 answers
183 views

StrongSwan IPSec VPN - IKEv2 - LetsEncrypt Certificate Issue (building CRED_PRIVATE_KEY - RSA failed, tried 10 builders)

I followed the link below for setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7. How to Setup IKEv2 VPN Using Strongswan and Let's encrypt on CentOS 7 But info on that link has been ...
helius.dev's user avatar
0 votes
0 answers
690 views

IPSec Example for a Password Authentication

I am trying to configure an ipsec (strongswan) vpn client to connect to my ISP-provided router's VPN. I only have a username and password, no certificates. In the documentation the provided (https://...
sashok_bg's user avatar
  • 101
0 votes
0 answers
508 views

Cannot access network resources after connecting to Always On VPN

Background: recently moved offices to a new network that did not have any domain controllers. The network here has a basic WiFi router that has both DNS and DHCP. We moved our DC here that has our ...
Mike H's user avatar
  • 1
0 votes
0 answers
428 views

Why is my EdgeRouter-X IKEv2 VPN tunnel not working for HTTP/HTTPS on port 5000/5001?

I've configured my EdgeRouter-X for an IKEv2 VPN Tunnel using self signed certificates. I'm using this VPN to access my home network from my Android phone and my iPad. I can connect from both devices ...
bistromatic's user avatar
0 votes
0 answers
470 views

RRAS IKEv2 MacOS 13.4.1 unable to connect since upgrade to Ventura

I encountered a problem when trying to connect to a VPN server configured in IKEv2 from MacOS (Ventura 13.4.1) on a fresh install. The VPN server is a RRAS hosted in a Windows server 2019, its ...
Boby Lapointe's user avatar
0 votes
0 answers
416 views

AWS StrongSwan IPSec Tunnel with Cisco fails during Phase 2 with TS_UNACCEPTABLE

I need to to setup a site-to-site IPSec tunnel with a vendor whom We need to access each other's API servers seating on the LANs using their respective Public IPs. We're using AWS, And I have ...
kmos.w's user avatar
  • 101
0 votes
0 answers
832 views

Windows native client not connecting to IKEv2 EAP VPN

We are investigating the possibility of replacing pfSense/opnSense with Mikrotik for our office routers. Our current routers provide site-to-site tunnels between locations, as well as RADIUS-backed ...
miken32's user avatar
  • 974
0 votes
0 answers
1k views

How to set up StrongSwan (behind NAT) IKEv2/IPSec with PSK (pre-shared key)?

I set up my strongswan server on a virtual Ubuntu 22 behind a NAT. It works well for RCA using login password. But I need to work using only PSK key. I tried a bunch of options, I can not connect from ...
Дмитрий В.'s user avatar
0 votes
0 answers
597 views

Windows 11 IKEv2 fails to connect, error code 1931 eventID 20227

I have Mikrotik configured for accepting IPSec connections with server certificate and RADIUS auth, SHA1 and so on enabled on Mikrotik side for Windows compatibility. It also configured for L2TP/IPSec,...
SelfishCrawler's user avatar
0 votes
0 answers
321 views

ike-scan 0 returned handshake 0 returned notify

I need to establish vpn connection to a specific site, I used strongswan and configure my side according to the provided parameters from another side, but when I try to connect I get 'peer not ...
Mohammed Hafiz's user avatar
0 votes
1 answer
1k views

EAP-MS-CHAPv2 verification failed Arch Linux (strongswan)

I cannot get Strongswan, networkmanager-strongswan (client) work on your Arch-PC. My vpn-strongswan server (hereinafter deb (server)) has been configured for a long time, any devices (such as android, ...
Alex Petrov's user avatar
0 votes
1 answer
945 views

pfSense as IPSec remote access client

I have a pfSense router in a residential environment and need to use IPSec/IKEv2 as a remote access client to a commercial VPN provider. I know the pfSense web UI doesn't support the router being the ...
joe_shmo's user avatar
0 votes
0 answers
365 views

Vpn . Nps . Active directory . Strongswan ikev2

please help me I configured a strongswan IKEV2 On Centos7 vps and NPS and Active Directory for my authentication and accounting(radius) on windows server 2016 vps when i want to connect to my ikev2 ...
Artursa's user avatar
0 votes
0 answers
2k views

Cannot connect MacOS to StrongSwan VPN server installed on ubuntu

I have an issue connecting to IKEv2 VPN running on an Ubuntu VM on GCP. I am trying to connect with MacOS and Windows. I followed this tutorial to install the VPN on an Ubuntu VM. I need a VPN so that ...
nealous3's user avatar
  • 131
0 votes
0 answers
931 views

Is it possible to have 2 left ids in strongswan?

I need my strongswan server to operate on 2 domain names . ipsec.conf currently contains : [email protected] How can I add another domain ? Is this syntax gonna work? [email protected],@sub2....
master lfc6's user avatar
0 votes
1 answer
793 views

IKEv2 VPN on server 2019 suddenly stops working

We have a number of customers using Server 2019 as a VPN server with the IKEv2 protocol through the Routing and Remote Access (RRAS) service. Suddenly, every single one of them gets the following ...
Mikael Dyreborg Hansen's user avatar
0 votes
0 answers
3k views

StrongSwan config issue: no matching peer config found

I am trying to establish a VPN between my router (running OpenWrt) and my smartphone using IPsec. I followed the guide at https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/roadwarrior ...
ahorn42's user avatar