Skip to main content

Questions tagged [ikev2]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
9 votes
2 answers
34k views

Strongswan IKEv2 vpn on Windows 10 client "policy match error"

I have the newest version of Strongswan vpn on my ubuntu server running. I followed this tutorial here and got it to work on my android and Iphone. Now I want to get it to work on my windows 10 ...
sirzento's user avatar
  • 193
8 votes
1 answer
1k views

How to limit bandwidth per VPN connection?

I have a StrongSwan (IKEv2) server setup and would like to limit each VPN connection to 512kb/s. After researching I came across tc in Ubuntu. I don't quite understand it and am fighting through the ...
Houman's user avatar
  • 1,675
7 votes
1 answer
5k views

Docker container can not access hosts behind VPN

I have a VPN gateway which allows remote access to a network with subnet 171.30.0.0/16. I have a local machine setup with ubuntu 14.04 and strongswan which connects to that VPN server using IKEv2 RSA ...
mohamnag's user avatar
  • 181
6 votes
2 answers
3k views

Setting up IPSEC on LAN between two hosts (OpenBSD)

Trying to use IPSEC between two hosts on a LAN. No VPN involved Using OpenBSD 5.8 (in VirtualBox). I'd prefer to use OpenBSD's built-in support for IPSEC and key exchange and not a third-party. Two ...
Neil McGuigan's user avatar
5 votes
2 answers
1k views

pfSense - IKEv2 with EAP-RADIUS: Any fallback option if the RADIUS server is down?

I'm deploying an IKEv2 VPN authenticating against a RADIUS service within a pfSense 2.3-RELEASE box. But I'm afraid of the complications of this approach when the RADIUS server is down. Since the ...
Vinícius Ferrão's user avatar
4 votes
1 answer
18k views

strongswan ikev2 with debian. EAP authentication failed. loading EAP_MSCHAPV2 method failed

I can't get Strongswan to run on my Debian machine. I've already done a tutorial to get it to run on a Ubuntu machine but it seems impossible to me to get it to run on my Debian machine. I actually ...
BestimmungGefördert's user avatar
4 votes
0 answers
3k views

Strongswan stops working after a while

I'm trying hard to resolve one question with my strongswan IKEv2 VPN. I use Linux strongSwan U5.6.1/K3.10.0-862.el7.x86_64 installed on CentOS 7 and few clients: Windows Server 2012 R2, Windows 10, ...
Виталий Захаров's user avatar
3 votes
1 answer
4k views

iPhone users does not connect to StrongSwan VPN, while Android and Windows 10 users do?

I have a StrongSwan VPN that for some reason unknown to me cannot connect iOS users to my VPN server. A few quick notes: My StrongSwan server is front for VPN clients who connects to my network. I ...
Lasse Michael Mølgaard's user avatar
3 votes
2 answers
4k views

EAP / MSCHAPv2 authentications fails (only) on Windows with custom authenticator

I have a project that involves custom client authentication for the StrongSwan IKEv2 server implementation on Linux. I am running: StrongSwan 5.4.0 with eap-radius plugin Currently, we use FreeRadius ...
Domokun's user avatar
  • 31
3 votes
0 answers
1k views

How to connect to ikev2 vpn from docker container using bridge net mode?

I'm trying to connect to a VPN from inside a docker container via ikev2, Ubuntu host. If I try the following: docker run -i -t --privileged --net host --entrypoint /bin/bash ikev It then do ipsec ...
Debrian's user avatar
  • 154
2 votes
2 answers
1k views

Accounting IPSec connections with RSA authentication

Apple iOS has "VPN On Demand" function. With this function the VPN connection is made whenever the device tries to connect to certain domains or to the internet at all. iOS supports "VPN On Demand" ...
John Green's user avatar
2 votes
1 answer
7k views

Strongswan Error: no config named 'foo'

On Ubuntu 20.04, I am trying to establish a VPN tunnel to a IKEv2/Ipsec VPN site using Strongswan. However, even though I have the file /etc/ipsec.conf as shown # ipsec.conf - strongSwan IPsec ...
Nyxynyx's user avatar
  • 1,499
2 votes
2 answers
2k views

Specifying machine certificate issuer with Windows VPN

I am trying to create a Windows Always On VPN connection between an AD and AAD joined Windows 10 client and a StrongSwan VPN server. The Windows client has multiple "Client Authentication" ...
Cameron's user avatar
  • 287
2 votes
2 answers
2k views

how to use wildcard certificate with ikev2 on strongswan

I am using a wildcard certificate. I have managed to setup ikev2 protocol, applied my own certificate but it won't work for subdomains. Is there any workaround for this or the wildcard should be ...
Vitalik Jimbei's user avatar
2 votes
1 answer
2k views

Mikrotik IKEv2/ipsec + Windows 10 = no split include routes

I am deploying a solution using IKEv2+ipsec with certificates to connect roadwarriors to corporate network. Mikrotik CHR is used as entry point. All was swift until I started deploying the solution on ...
Eugene's user avatar
  • 297
2 votes
1 answer
3k views

VPN from WatchGuard to Google Cloud Platform: "establishing IKE_SA failed, peer not responding"

We are trying to "Build a VPN from a Watchguard to Google Cloud Platform" just like what is described here: https://querblick-it.de/build-vpn-watchguard-google-cloud-platform/ And under Remote peer ...
mountainclimber11's user avatar
2 votes
1 answer
1k views

IKEV2 configuration file IP pool

I have some problems with configuring VPN using IKEV2. Here is my server configuration file config setup # Uncomment to allow few simultaneous connections with one user account. # By ...
CROSP's user avatar
  • 191
2 votes
1 answer
915 views

How to block an IP for IPSec VPN connections?

This is my current IpTables setup: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,...
Houman's user avatar
  • 1,675
2 votes
0 answers
475 views

Bandwidth control with TC for clients yet to be connected

I have applied bandwidth control using TC and iptables using this tutorial on my Strongswan VPN server. The bandwidth control works fine ONLY if that specific client is already connected. For example:...
Ajji's user avatar
  • 131
2 votes
1 answer
747 views

firehol ipsec configuration

Just discovered that apple dropped pptp support in the newest MacOSes, so configured ikev2 ipsec access instead. Clients are happy, everything is simple and good except one thing - ipsec clients ...
BUKTOP's user avatar
  • 155
2 votes
0 answers
2k views

MacOS native IKEv2 VPN client instead of AnyConnect?

Similar to this question from half a decade ago.. Can the native MacOS IKEv2 VPN client be used in lieu of Cisco AnyConnect client? example anyconnect profile: <AnyConnectProfile> <...
goofology's user avatar
  • 402
2 votes
0 answers
1k views

CentOS + strongswan + iOS VPN API, hal

I'm trying to setup StrongSwan on CentOS for iOS with VPN API. This API uses IKEv2 protocol. Here is my logs + configuration files. When i press connect in iOS device it's getting off in a few moments....
Al.Arak's user avatar
  • 21
1 vote
1 answer
943 views

IPSEC IKEv2 not hiding HTTPS

I'm using Linux strongSwan U5.3.5/K4.4.0-116-generic on Ubuntu 16.04 with IOS 11 IKEv2 client. The connection could be successfully established on my client(IOS 11) and if I go to ip check webpage, ...
chrisky's user avatar
  • 23
1 vote
1 answer
6k views

no trusted rsa public key found

I am trying to setup ikev2 with strongswan using a wildcard certificate. The config seems to work for iOS with this certificate but doesn't work for Android, getting this error - no trusted rsa ...
Vitalik Jimbei's user avatar
1 vote
1 answer
4k views

Does IKEv2 support initiator authentication by pre-shared key _and_ password?

I'd like to configure an IKEv2 VPN gateway for multiple remote users to access a private network. I have a test setup where the responder authenticates itself with a self-signed certificate. The ...
Phil Frost's user avatar
1 vote
1 answer
2k views

Is it possible for ikev2 VPN to do auto route configuration for client during connected?

We've setup a ikev2 VPN server with this tutorial, everything works. The only issue is we don't want client to route all traffic using this VPN, only a particular ip addresses. So, it is possible to ...
Traid's user avatar
  • 23
1 vote
2 answers
2k views

IKEV2 VPN doesn't hides real IP from Windows client

I have just set up VPN server using IKEv2 at home. Everything works fine, but the problem that when I am connected to the VPN from Windows 10 client I have external IP of the network where I connected ...
frvzuaex's user avatar
1 vote
1 answer
6k views

migrating ipsec.conf to swanctl.conf, cant seem to get it to work

this is my ipsec.conf that works as it should: conn pelle left=%defaultroute leftsourceip=%config leftauth=eap-mschapv2 eap_identity=min user right=vpn.mydomain.com rightsubnet=0.0.0.0/0 ...
per källström's user avatar
1 vote
1 answer
1k views

Test ike2 vpn connection on console possible?

Whatever I google for I find tutorials how to setup an IKEv2 VPN server either UI client configuration for different OS. Is it possible to test the connection with a client in a Linux console ...
J. Doe's user avatar
  • 179
1 vote
1 answer
3k views

Is it possible to use certificate from public CA for IKEv2 without importing intermediate cert?

I have configured ikev2 vpn on a strongswan server and a Windows 10 client, and it works fine. The authorization method is leftauth=pubkey and rightauth=eap-mschapv2. Because the leftcert to ...
limilaw's user avatar
  • 146
1 vote
1 answer
897 views

My Win 11 Pro VPN client for IKEv2 is perpetually broken

I am tearing my hair out over this sudden refusal of Windows 11 Pro on my PC to use the appropriately configured crypto in IKEv2 negotiation. It worked fine for a long time, until it didn't. This ...
TheOrionArm's user avatar
1 vote
0 answers
471 views

issue with connecting to IKEV2 VPN server from android devices

We are facing a problem with connecting android devices to our VPN server. iOS devices do not have any problems connecting. Android devices trying to connect via StrongSwan official app from Google ...
Maksim Zakharenka's user avatar
1 vote
1 answer
1k views

Site-to-Site VPN and Remote Access VPN with Strongswan

I've recently deployed a Strongswan IKEv2 Remote Access VPN in two different sited with two different ubuntu servers. It all works great, but now i want to "merge" the two sites with a site-...
P1r4nh4's user avatar
  • 11
1 vote
0 answers
315 views

libreswan with Ikev2 client and plain text password

I need to set up a connection to VPN server with Libreswan. I can't use strongswan, since they are not working well together when installed on the same OC. My system is Linux Debian 10 (Buster) Kernel ...
Roustam Dzhafarov's user avatar
1 vote
0 answers
153 views

How to disable all default cryptographic algorithms but the explicitly defined ones in OpenIKED?

I am having issues with setting up highly secure but still high performance IKEv2 tunnels between multiple data centers on OpenBSD nodes, by using very strict security features and allowing the use of ...
Tony's user avatar
  • 11
1 vote
2 answers
2k views

Checking existence of IPSEC as a meta expression in nftables

Whilst recently setting up a router manually from scratch using Debian, I decided to use nftables along with strongSwan to provide an IKEv2 VPN access into this. After much frustration along with ...
jren207's user avatar
  • 11
1 vote
0 answers
376 views

Strongswan username and password authentication

Guys I need to set up strongswan to use username and password for connecting instead of certificate! Anyone knows how this is done?
Mr Pro's user avatar
  • 33
1 vote
1 answer
3k views

Is strongSwan eap-mschapv2 authentication secure vs using certs?

What level of encryption is used during the authentication part of the connection? Here’s a sample /etc/ipsec.conf configuration. config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=no ...
sunknudsen's user avatar
1 vote
0 answers
5k views

Porting a Cisco AnyConnect profile from Windows to Mac OSX

I have a client using a VisualStudio solution to manage their website. In order to make edits, they had to set up a Windows 7 laptop for me, which I have to use to connect to their VPN before being ...
user13286's user avatar
  • 111
1 vote
1 answer
2k views

Strongswan IKEv2 auth - pubkey and EAP

I'am trying to setup strongswan with pubkey and EAP authentication. To login users need to have certificate and valid credentials. My certificate is ok. I tested pubkey auth and it was ok, also EAP ...
user9443103's user avatar
1 vote
1 answer
2k views

OCSP verification fails in Strongswan (IKEv2)

I've managed to set up an IPsec connection between two (virtual) hosts in transport mode and now I want the server to validate the client's certificate with OCSP. In a third host, I've run an OCSP ...
Ander Juaristi's user avatar
1 vote
0 answers
526 views

How to configure RRAS on Windows Server 2012 R2 to forward broadcast UDP packets

I have a server running RRAS on Server 2012 R2. Clients connect using an IKEv2 VPN, and are on the same subnet: 192.168.1.0/24 and 255.255.255.0. The server has a single NIC, and VPN ports are ...
Britishly's user avatar
1 vote
1 answer
438 views

Google Cloud Platform VPN

Is there a way to change the lifetime in seconds for Phase 1 and Phase 2 of Ipsec? I am trying to connect to a Cisco ASA 5550 at a customer site and their lifetime in seconds setting is 86,400(Phase ...
L Zimmerman's user avatar
1 vote
1 answer
3k views

StrongSwan ikev2 routing through VPN in Windows 10

I'm trying to create an ikev2 VPN using StrongSwan on an ubuntu server. Now, in Windows 10 clients, use default gateway on remote network option is off by default; so when I connect to the server, ...
Mahdi Ghiasi's user avatar
1 vote
0 answers
614 views

Strongswan site to site tunnel

I configured strongswan on ServerA and ServerB and tunnel them successfully by this tutorial: http://linoxide.com/how-tos/ipsec-vpn-gateway-gateway-using-strongswan/ but i want to run this senario: ...
user3699217's user avatar
1 vote
0 answers
4k views

How to fix failing connection to VPN(ipsec+ikev2)?

Auth made with certificates ubuntu 16.04 + strongswan. Client connecting from win7, certificate was added like said in strongswan Wiki. Config made also like in strongswan wiki, but i got error: '...
littleguga's user avatar
1 vote
0 answers
1k views

RRAS IKEv2 Behind Router

I have an installation of Server 2012 R2 running that I need to deploy an IKEv2 VPN on. It's my way of accessing files at my office. The current setup involves a NAT Router (Just a standard ISP-...
Nodebay's user avatar
  • 111
1 vote
2 answers
3k views

Determining root cause of Windows VPN Connection Error 13801

I'm trying to get machine authentication working with Microsoft "always on vpn".. I'm running into error 13801 on attempting to connect with a client. This error implies there is some sort of ...
Robert Meany's user avatar
0 votes
1 answer
1k views

IKEv2 VPN, tunnel ok but no traffic

I setup a vpn on my windows server 2016 (with routing and remote access), the client is a windows 10 pro. This is the server configuration: The client connects correctly, but does not receive a ...
matti157's user avatar
  • 101
0 votes
1 answer
1k views

Failed to start the IKEv2 VPN connection to surfshark via NetworkManager

I try to connect to surfshark VPN provider through IKEv2 manually. Here are the logs charon-nm[5070]: 05[CFG] received initiate for NetworkManager connection Surfshark IKE2 charon-nm[5070]: 05[CFG] ...
Morse's user avatar
  • 103