Questions tagged [ikev2]
The ikev2 tag has no usage guidance.
101
questions
9
votes
2
answers
34k
views
Strongswan IKEv2 vpn on Windows 10 client "policy match error"
I have the newest version of Strongswan vpn on my ubuntu server running.
I followed this tutorial here and got it to work on my android and Iphone.
Now I want to get it to work on my windows 10 ...
8
votes
1
answer
1k
views
How to limit bandwidth per VPN connection?
I have a StrongSwan (IKEv2) server setup and would like to limit each VPN connection to 512kb/s.
After researching I came across tc in Ubuntu. I don't quite understand it and am fighting through the ...
7
votes
1
answer
5k
views
Docker container can not access hosts behind VPN
I have a VPN gateway which allows remote access to a network with subnet 171.30.0.0/16.
I have a local machine setup with ubuntu 14.04 and strongswan which connects to that VPN server using IKEv2 RSA ...
6
votes
2
answers
3k
views
Setting up IPSEC on LAN between two hosts (OpenBSD)
Trying to use IPSEC between two hosts on a LAN. No VPN involved
Using OpenBSD 5.8 (in VirtualBox). I'd prefer to use OpenBSD's built-in support for IPSEC and key exchange and not a third-party.
Two ...
5
votes
2
answers
1k
views
pfSense - IKEv2 with EAP-RADIUS: Any fallback option if the RADIUS server is down?
I'm deploying an IKEv2 VPN authenticating against a RADIUS service within a pfSense 2.3-RELEASE box. But I'm afraid of the complications of this approach when the RADIUS server is down.
Since the ...
4
votes
1
answer
18k
views
strongswan ikev2 with debian. EAP authentication failed. loading EAP_MSCHAPV2 method failed
I can't get Strongswan to run on my Debian machine. I've already done a tutorial to get it to run on a Ubuntu machine but it seems impossible to me to get it to run on my Debian machine. I actually ...
4
votes
0
answers
3k
views
Strongswan stops working after a while
I'm trying hard to resolve one question with my strongswan IKEv2 VPN.
I use Linux strongSwan U5.6.1/K3.10.0-862.el7.x86_64 installed on CentOS 7 and few clients: Windows Server 2012 R2, Windows 10, ...
3
votes
1
answer
4k
views
iPhone users does not connect to StrongSwan VPN, while Android and Windows 10 users do?
I have a StrongSwan VPN that for some reason unknown to me cannot connect iOS users to my VPN server.
A few quick notes:
My StrongSwan server is front for VPN clients who connects to my network. I ...
3
votes
2
answers
4k
views
EAP / MSCHAPv2 authentications fails (only) on Windows with custom authenticator
I have a project that involves custom client authentication for the StrongSwan IKEv2 server implementation on Linux.
I am running: StrongSwan 5.4.0 with eap-radius plugin
Currently, we use FreeRadius ...
3
votes
0
answers
1k
views
How to connect to ikev2 vpn from docker container using bridge net mode?
I'm trying to connect to a VPN from inside a docker container via ikev2, Ubuntu host.
If I try the following:
docker run -i -t --privileged --net host --entrypoint /bin/bash ikev
It then do ipsec ...
2
votes
2
answers
1k
views
Accounting IPSec connections with RSA authentication
Apple iOS has "VPN On Demand" function. With this function the VPN connection is made whenever the device tries to connect to certain domains or to the internet at all. iOS supports "VPN On Demand" ...
2
votes
1
answer
7k
views
Strongswan Error: no config named 'foo'
On Ubuntu 20.04, I am trying to establish a VPN tunnel to a IKEv2/Ipsec VPN site using Strongswan.
However, even though I have the file /etc/ipsec.conf as shown
# ipsec.conf - strongSwan IPsec ...
2
votes
2
answers
2k
views
Specifying machine certificate issuer with Windows VPN
I am trying to create a Windows Always On VPN connection between an AD and AAD joined Windows 10 client and a StrongSwan VPN server. The Windows client has multiple "Client Authentication" ...
2
votes
2
answers
2k
views
how to use wildcard certificate with ikev2 on strongswan
I am using a wildcard certificate.
I have managed to setup ikev2 protocol, applied my own certificate but it won't work for subdomains.
Is there any workaround for this or the wildcard should be ...
2
votes
1
answer
2k
views
Mikrotik IKEv2/ipsec + Windows 10 = no split include routes
I am deploying a solution using IKEv2+ipsec with certificates to connect roadwarriors to corporate network. Mikrotik CHR is used as entry point.
All was swift until I started deploying the solution on ...
2
votes
1
answer
3k
views
VPN from WatchGuard to Google Cloud Platform: "establishing IKE_SA failed, peer not responding"
We are trying to "Build a VPN from a Watchguard to Google Cloud Platform" just like what is described here:
https://querblick-it.de/build-vpn-watchguard-google-cloud-platform/
And under Remote peer ...
2
votes
1
answer
1k
views
IKEV2 configuration file IP pool
I have some problems with configuring VPN using IKEV2.
Here is my server configuration file
config setup
# Uncomment to allow few simultaneous connections with one user account.
# By ...
2
votes
1
answer
915
views
How to block an IP for IPSec VPN connections?
This is my current IpTables setup:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,...
2
votes
0
answers
475
views
Bandwidth control with TC for clients yet to be connected
I have applied bandwidth control using TC and iptables using this tutorial on my Strongswan VPN server.
The bandwidth control works fine ONLY if that specific client is already connected.
For example:...
2
votes
1
answer
747
views
firehol ipsec configuration
Just discovered that apple dropped pptp support in the newest MacOSes, so configured ikev2 ipsec access instead. Clients are happy, everything is simple and good except one thing - ipsec clients ...
2
votes
0
answers
2k
views
MacOS native IKEv2 VPN client instead of AnyConnect?
Similar to this question from half a decade ago..
Can the native MacOS IKEv2 VPN client be used in lieu of Cisco AnyConnect client?
example anyconnect profile:
<AnyConnectProfile>
<...
2
votes
0
answers
1k
views
CentOS + strongswan + iOS VPN API, hal
I'm trying to setup StrongSwan on CentOS for iOS with VPN API. This API uses IKEv2 protocol. Here is my logs + configuration files. When i press connect in iOS device it's getting off in a few moments....
1
vote
1
answer
943
views
IPSEC IKEv2 not hiding HTTPS
I'm using
Linux strongSwan U5.3.5/K4.4.0-116-generic on Ubuntu 16.04
with IOS 11 IKEv2 client.
The connection could be successfully established on my client(IOS 11) and if I go to ip check webpage, ...
1
vote
1
answer
6k
views
no trusted rsa public key found
I am trying to setup ikev2 with strongswan using a wildcard certificate.
The config seems to work for iOS with this certificate but doesn't work for Android, getting this error - no trusted rsa ...
1
vote
1
answer
4k
views
Does IKEv2 support initiator authentication by pre-shared key _and_ password?
I'd like to configure an IKEv2 VPN gateway for multiple remote users to access a private network.
I have a test setup where the responder authenticates itself with a self-signed certificate. The ...
1
vote
1
answer
2k
views
Is it possible for ikev2 VPN to do auto route configuration for client during connected?
We've setup a ikev2 VPN server with this tutorial, everything works.
The only issue is we don't want client to route all traffic using this VPN, only a particular ip addresses.
So, it is possible to ...
1
vote
2
answers
2k
views
IKEV2 VPN doesn't hides real IP from Windows client
I have just set up VPN server using IKEv2 at home. Everything works fine, but the problem that when I am connected to the VPN from Windows 10 client I have external IP of the network where I connected ...
1
vote
1
answer
6k
views
migrating ipsec.conf to swanctl.conf, cant seem to get it to work
this is my ipsec.conf that works as it should:
conn pelle
left=%defaultroute
leftsourceip=%config
leftauth=eap-mschapv2
eap_identity=min user
right=vpn.mydomain.com
rightsubnet=0.0.0.0/0
...
1
vote
1
answer
1k
views
Test ike2 vpn connection on console possible?
Whatever I google for I find tutorials how to setup an IKEv2 VPN server either UI client configuration for different OS.
Is it possible to test the connection with a client in a Linux console ...
1
vote
1
answer
3k
views
Is it possible to use certificate from public CA for IKEv2 without importing intermediate cert?
I have configured ikev2 vpn on a strongswan server and a Windows 10 client, and it works fine.
The authorization method is leftauth=pubkey and rightauth=eap-mschapv2.
Because the leftcert to ...
1
vote
1
answer
897
views
My Win 11 Pro VPN client for IKEv2 is perpetually broken
I am tearing my hair out over this sudden refusal of Windows 11 Pro on my PC to use the appropriately configured crypto in IKEv2 negotiation. It worked fine for a long time, until it didn't. This ...
1
vote
0
answers
471
views
issue with connecting to IKEV2 VPN server from android devices
We are facing a problem with connecting android devices to our VPN server. iOS devices do not have any problems connecting.
Android devices trying to connect via StrongSwan official app from Google ...
1
vote
1
answer
1k
views
Site-to-Site VPN and Remote Access VPN with Strongswan
I've recently deployed a Strongswan IKEv2 Remote Access VPN in two different sited with two different ubuntu servers. It all works great, but now i want to "merge" the two sites with a site-...
1
vote
0
answers
315
views
libreswan with Ikev2 client and plain text password
I need to set up a connection to VPN server with Libreswan. I can't use strongswan, since they are not working well together when installed on the same OC.
My system is Linux Debian 10 (Buster)
Kernel ...
1
vote
0
answers
153
views
How to disable all default cryptographic algorithms but the explicitly defined ones in OpenIKED?
I am having issues with setting up highly secure but still high performance IKEv2 tunnels between multiple data centers on OpenBSD nodes, by using very strict security features and allowing the use of ...
1
vote
2
answers
2k
views
Checking existence of IPSEC as a meta expression in nftables
Whilst recently setting up a router manually from scratch using Debian, I decided to use nftables along with strongSwan to provide an IKEv2 VPN access into this.
After much frustration along with ...
1
vote
0
answers
376
views
Strongswan username and password authentication
Guys I need to set up strongswan to use username and password for connecting instead of certificate! Anyone knows how this is done?
1
vote
1
answer
3k
views
Is strongSwan eap-mschapv2 authentication secure vs using certs?
What level of encryption is used during the authentication part of the connection?
Here’s a sample /etc/ipsec.conf configuration.
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no
...
1
vote
0
answers
5k
views
Porting a Cisco AnyConnect profile from Windows to Mac OSX
I have a client using a VisualStudio solution to manage their website. In order to make edits, they had to set up a Windows 7 laptop for me, which I have to use to connect to their VPN before being ...
1
vote
1
answer
2k
views
Strongswan IKEv2 auth - pubkey and EAP
I'am trying to setup strongswan with pubkey and EAP authentication. To login users need to have certificate and valid credentials.
My certificate is ok. I tested pubkey auth and it was ok, also EAP ...
1
vote
1
answer
2k
views
OCSP verification fails in Strongswan (IKEv2)
I've managed to set up an IPsec connection between two (virtual) hosts in transport mode and now I want the server to validate the client's certificate with OCSP. In a third host, I've run an OCSP ...
1
vote
0
answers
526
views
How to configure RRAS on Windows Server 2012 R2 to forward broadcast UDP packets
I have a server running RRAS on Server 2012 R2. Clients connect using an IKEv2 VPN, and are on the same subnet: 192.168.1.0/24 and 255.255.255.0.
The server has a single NIC, and VPN ports are ...
1
vote
1
answer
438
views
Google Cloud Platform VPN
Is there a way to change the lifetime in seconds for Phase 1 and Phase 2 of Ipsec? I am trying to connect to a Cisco ASA 5550 at a customer site and their lifetime in seconds setting is 86,400(Phase ...
1
vote
1
answer
3k
views
StrongSwan ikev2 routing through VPN in Windows 10
I'm trying to create an ikev2 VPN using StrongSwan on an ubuntu server.
Now, in Windows 10 clients, use default gateway on remote network option is off by default; so when I connect to the server, ...
1
vote
0
answers
614
views
Strongswan site to site tunnel
I configured strongswan on ServerA and ServerB and tunnel them successfully by this tutorial:
http://linoxide.com/how-tos/ipsec-vpn-gateway-gateway-using-strongswan/
but i want to run this senario:
...
1
vote
0
answers
4k
views
How to fix failing connection to VPN(ipsec+ikev2)?
Auth made with certificates
ubuntu 16.04 + strongswan.
Client connecting from win7, certificate was added like said in strongswan Wiki.
Config made also like in strongswan wiki, but i got error: '...
1
vote
0
answers
1k
views
RRAS IKEv2 Behind Router
I have an installation of Server 2012 R2 running that I need to deploy an IKEv2 VPN on. It's my way of accessing files at my office.
The current setup involves a NAT Router (Just a standard ISP-...
1
vote
2
answers
3k
views
Determining root cause of Windows VPN Connection Error 13801
I'm trying to get machine authentication working with Microsoft "always on vpn".. I'm running into error 13801 on attempting to connect with a client. This error implies there is some sort of ...
0
votes
1
answer
1k
views
IKEv2 VPN, tunnel ok but no traffic
I setup a vpn on my windows server 2016 (with routing and remote access), the client is a windows 10 pro.
This is the server configuration:
The client connects correctly, but does not receive a ...
0
votes
1
answer
1k
views
Failed to start the IKEv2 VPN connection to surfshark via NetworkManager
I try to connect to surfshark VPN provider through IKEv2 manually. Here are the logs
charon-nm[5070]: 05[CFG] received initiate for NetworkManager connection Surfshark IKE2
charon-nm[5070]: 05[CFG] ...