Skip to main content

Questions tagged [ikev2]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
0 votes
0 answers
2k views

IKEv2 Need a small help on Strongswan

I'm trying to create an IKEv2 Strongswan VPN server (U5.7.2/K5.3.0-42-generic) since two days on my personnal VPS (Ubuntu 19.10) to make some tests before implement it on the Unifi equipment of my ...
mathpro's user avatar
0 votes
1 answer
430 views

IKev2 VPN Event ID 20209 - Server Authentication

I have made only one certificate for VPN access with ikev2. Within 2 days i got event id 20209, even though I didn't tried to connect. The certificate is still with me and no one else has access to it....
Bhavya Gupta's user avatar
0 votes
0 answers
684 views

Strongswan Centos 7 Config Issue

I have a problem with configuring Strongswan on Centos 7 ! First please notice that I want to connect with only username and password and I don't want to import any profiles on my phone ! My server ip ...
master lfc6's user avatar
1 vote
0 answers
376 views

Strongswan username and password authentication

Guys I need to set up strongswan to use username and password for connecting instead of certificate! Anyone knows how this is done?
Mr Pro's user avatar
  • 33
0 votes
0 answers
91 views

Rekeying denies protocols/NAT issue or config?

I'm using strongswan to connect to a MAC server using IKEv2/IPsec configuration. The server uses the proposed algorithms to establish the SA and everything works great. Upon rekeying however, the ...
ToxicTech's user avatar
0 votes
1 answer
223 views

strongswan ikev2 connect to the same server

I have a strongswan ikev2 vpn installed on my server. With my win10 laptop I can connect to the vpn and and connect to everything via vpn. But how can I connect to my server? I have a service on a ...
BestimmungGefördert's user avatar
1 vote
1 answer
1k views

Test ike2 vpn connection on console possible?

Whatever I google for I find tutorials how to setup an IKEv2 VPN server either UI client configuration for different OS. Is it possible to test the connection with a client in a Linux console ...
J. Doe's user avatar
  • 179
0 votes
0 answers
523 views

IKEv2/IPsec. Strongswan server static external ip-address. 2 pcs of Mikrotiks as clients. Routing (or what?) Mikrotiks LAN-subnets

Strongswan 5.7 on Debian 10. Static "white" ip address. 2 Mikrotiks with grey ip addresses from ISPs' and NAT: /ip address print 2 D 10.141.170.32/16 10.141.0.0 ether1 Mikrotik "A" LAN ...
Vlad's user avatar
  • 13
4 votes
1 answer
18k views

strongswan ikev2 with debian. EAP authentication failed. loading EAP_MSCHAPV2 method failed

I can't get Strongswan to run on my Debian machine. I've already done a tutorial to get it to run on a Ubuntu machine but it seems impossible to me to get it to run on my Debian machine. I actually ...
BestimmungGefördert's user avatar
0 votes
0 answers
738 views

StrongSwan IKEv2 connected but no internet on some internets

I set up the StrongSwan and IKEv2 as remote access on CentOS 7, And it is working great but on some internets (not all, most ADSL modems or 4G modems) it connects but there is no internet access on ...
Farhad Sakhaei's user avatar
0 votes
1 answer
614 views

IKEv2 certificate error but SSTP successfully connects Windows 10 pro / Windows Server 2019

I'm using Windows server 2019 (installed roles: AD DC, CA, DHCP, DNS, IIS, VPN). my client is Windows 10 pro. before installing the Online responder role and having a CRL server, IkEv2 was working, ...
user avatar
9 votes
2 answers
34k views

Strongswan IKEv2 vpn on Windows 10 client "policy match error"

I have the newest version of Strongswan vpn on my ubuntu server running. I followed this tutorial here and got it to work on my android and Iphone. Now I want to get it to work on my windows 10 ...
sirzento's user avatar
  • 193
2 votes
1 answer
915 views

How to block an IP for IPSec VPN connections?

This is my current IpTables setup: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,...
Houman's user avatar
  • 1,675
1 vote
1 answer
3k views

Is strongSwan eap-mschapv2 authentication secure vs using certs?

What level of encryption is used during the authentication part of the connection? Here’s a sample /etc/ipsec.conf configuration. config setup charondebug="ike 1, knl 1, cfg 0" uniqueids=no ...
sunknudsen's user avatar
4 votes
0 answers
3k views

Strongswan stops working after a while

I'm trying hard to resolve one question with my strongswan IKEv2 VPN. I use Linux strongSwan U5.6.1/K3.10.0-862.el7.x86_64 installed on CentOS 7 and few clients: Windows Server 2012 R2, Windows 10, ...
Виталий Захаров's user avatar
1 vote
0 answers
5k views

Porting a Cisco AnyConnect profile from Windows to Mac OSX

I have a client using a VisualStudio solution to manage their website. In order to make edits, they had to set up a Windows 7 laptop for me, which I have to use to connect to their VPN before being ...
user13286's user avatar
  • 111
2 votes
0 answers
475 views

Bandwidth control with TC for clients yet to be connected

I have applied bandwidth control using TC and iptables using this tutorial on my Strongswan VPN server. The bandwidth control works fine ONLY if that specific client is already connected. For example:...
Ajji's user avatar
  • 131
1 vote
1 answer
2k views

Strongswan IKEv2 auth - pubkey and EAP

I'am trying to setup strongswan with pubkey and EAP authentication. To login users need to have certificate and valid credentials. My certificate is ok. I tested pubkey auth and it was ok, also EAP ...
user9443103's user avatar
0 votes
0 answers
1k views

Stuup StrongSwan with user Cert

i will setting up strongswan and have some trouble with configure it. I can log in with user/pass but i will replace it with user.p12 certificate. When i add rightauth2=pubkey is login with user/pass ...
Hannes Peter's user avatar
0 votes
1 answer
3k views

Strongswan: Connecting PSK & EAP at a time

I have successfully setup strongswan on a virtual Server. I basically have two kinds of configurations Using EAP (username/password for Android Strongswan Client). PSK (for IOS devices using ...
Ajji's user avatar
  • 131
1 vote
1 answer
4k views

Does IKEv2 support initiator authentication by pre-shared key _and_ password?

I'd like to configure an IKEv2 VPN gateway for multiple remote users to access a private network. I have a test setup where the responder authenticates itself with a self-signed certificate. The ...
Phil Frost's user avatar
2 votes
1 answer
747 views

firehol ipsec configuration

Just discovered that apple dropped pptp support in the newest MacOSes, so configured ikev2 ipsec access instead. Clients are happy, everything is simple and good except one thing - ipsec clients ...
BUKTOP's user avatar
  • 155
1 vote
1 answer
943 views

IPSEC IKEv2 not hiding HTTPS

I'm using Linux strongSwan U5.3.5/K4.4.0-116-generic on Ubuntu 16.04 with IOS 11 IKEv2 client. The connection could be successfully established on my client(IOS 11) and if I go to ip check webpage, ...
chrisky's user avatar
  • 23
2 votes
1 answer
3k views

VPN from WatchGuard to Google Cloud Platform: "establishing IKE_SA failed, peer not responding"

We are trying to "Build a VPN from a Watchguard to Google Cloud Platform" just like what is described here: https://querblick-it.de/build-vpn-watchguard-google-cloud-platform/ And under Remote peer ...
mountainclimber11's user avatar
1 vote
1 answer
2k views

OCSP verification fails in Strongswan (IKEv2)

I've managed to set up an IPsec connection between two (virtual) hosts in transport mode and now I want the server to validate the client's certificate with OCSP. In a third host, I've run an OCSP ...
Ander Juaristi's user avatar
8 votes
1 answer
1k views

How to limit bandwidth per VPN connection?

I have a StrongSwan (IKEv2) server setup and would like to limit each VPN connection to 512kb/s. After researching I came across tc in Ubuntu. I don't quite understand it and am fighting through the ...
Houman's user avatar
  • 1,675
1 vote
0 answers
526 views

How to configure RRAS on Windows Server 2012 R2 to forward broadcast UDP packets

I have a server running RRAS on Server 2012 R2. Clients connect using an IKEv2 VPN, and are on the same subnet: 192.168.1.0/24 and 255.255.255.0. The server has a single NIC, and VPN ports are ...
Britishly's user avatar
0 votes
2 answers
5k views

Strongswan IKEv2 for iOS devices

I want to connect a Strongswan IKEv2 VPN on iOS devices. It uses FreeRADIUS server for AAA of users. It's already working perfectly on Android and Windows devices. but when I try to connect using ...
Varun Taliyan's user avatar
1 vote
1 answer
438 views

Google Cloud Platform VPN

Is there a way to change the lifetime in seconds for Phase 1 and Phase 2 of Ipsec? I am trying to connect to a Cisco ASA 5550 at a customer site and their lifetime in seconds setting is 86,400(Phase ...
L Zimmerman's user avatar
3 votes
0 answers
1k views

How to connect to ikev2 vpn from docker container using bridge net mode?

I'm trying to connect to a VPN from inside a docker container via ikev2, Ubuntu host. If I try the following: docker run -i -t --privileged --net host --entrypoint /bin/bash ikev It then do ipsec ...
Debrian's user avatar
  • 154
0 votes
1 answer
1k views

Use MySQL for storing secrets in Strongswan VPN

I have a working Strongswan IKEv2 VPN, i uses eap-mschapv2 as right auth. It's working fine as long as I use the ipsec.secrets file to store the user credentials. # ipsec.secrets file : RSA vpn-...
Varun Taliyan's user avatar
1 vote
1 answer
2k views

Is it possible for ikev2 VPN to do auto route configuration for client during connected?

We've setup a ikev2 VPN server with this tutorial, everything works. The only issue is we don't want client to route all traffic using this VPN, only a particular ip addresses. So, it is possible to ...
Traid's user avatar
  • 23
0 votes
0 answers
3k views

unable to install inbound and outbound IPsec SA (SAD) in kernel

I'm trying to install L2TP over IPsec using strognswan and xl2tp daemon. this is my config : conn L2TP-PSK-NAT also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT authby=secret auto=...
Vitalik Jimbei's user avatar
1 vote
1 answer
6k views

no trusted rsa public key found

I am trying to setup ikev2 with strongswan using a wildcard certificate. The config seems to work for iOS with this certificate but doesn't work for Android, getting this error - no trusted rsa ...
Vitalik Jimbei's user avatar
2 votes
2 answers
2k views

how to use wildcard certificate with ikev2 on strongswan

I am using a wildcard certificate. I have managed to setup ikev2 protocol, applied my own certificate but it won't work for subdomains. Is there any workaround for this or the wildcard should be ...
Vitalik Jimbei's user avatar
2 votes
0 answers
2k views

MacOS native IKEv2 VPN client instead of AnyConnect?

Similar to this question from half a decade ago.. Can the native MacOS IKEv2 VPN client be used in lieu of Cisco AnyConnect client? example anyconnect profile: <AnyConnectProfile> <...
goofology's user avatar
  • 402
1 vote
1 answer
3k views

StrongSwan ikev2 routing through VPN in Windows 10

I'm trying to create an ikev2 VPN using StrongSwan on an ubuntu server. Now, in Windows 10 clients, use default gateway on remote network option is off by default; so when I connect to the server, ...
Mahdi Ghiasi's user avatar
0 votes
1 answer
1k views

IKEv2 VPN, tunnel ok but no traffic

I setup a vpn on my windows server 2016 (with routing and remote access), the client is a windows 10 pro. This is the server configuration: The client connects correctly, but does not receive a ...
matti157's user avatar
  • 101
1 vote
2 answers
2k views

IKEV2 VPN doesn't hides real IP from Windows client

I have just set up VPN server using IKEv2 at home. Everything works fine, but the problem that when I am connected to the VPN from Windows 10 client I have external IP of the network where I connected ...
frvzuaex's user avatar
2 votes
1 answer
1k views

IKEV2 configuration file IP pool

I have some problems with configuring VPN using IKEV2. Here is my server configuration file config setup # Uncomment to allow few simultaneous connections with one user account. # By ...
CROSP's user avatar
  • 191
1 vote
0 answers
614 views

Strongswan site to site tunnel

I configured strongswan on ServerA and ServerB and tunnel them successfully by this tutorial: http://linoxide.com/how-tos/ipsec-vpn-gateway-gateway-using-strongswan/ but i want to run this senario: ...
user3699217's user avatar
0 votes
1 answer
2k views

IKEv2 connection from OSX to Windows RRAS disconnects after eight minutes

Using Windows as a VPN client everything works perfectly fine. When I establish a connection using the integrated IKEv2 client on my Mac (OS X 10.11.6), I get disconnected after eight minutes. Until ...
bitfrickler's user avatar
1 vote
0 answers
4k views

How to fix failing connection to VPN(ipsec+ikev2)?

Auth made with certificates ubuntu 16.04 + strongswan. Client connecting from win7, certificate was added like said in strongswan Wiki. Config made also like in strongswan wiki, but i got error: '...
littleguga's user avatar
5 votes
2 answers
1k views

pfSense - IKEv2 with EAP-RADIUS: Any fallback option if the RADIUS server is down?

I'm deploying an IKEv2 VPN authenticating against a RADIUS service within a pfSense 2.3-RELEASE box. But I'm afraid of the complications of this approach when the RADIUS server is down. Since the ...
Vinícius Ferrão's user avatar
1 vote
0 answers
1k views

RRAS IKEv2 Behind Router

I have an installation of Server 2012 R2 running that I need to deploy an IKEv2 VPN on. It's my way of accessing files at my office. The current setup involves a NAT Router (Just a standard ISP-...
Nodebay's user avatar
  • 111
0 votes
1 answer
503 views

Best way to setup highly compatible VPN (thinking IKEv2) in Ubuntu 15+?

Having used OpenVPN for a while, I've found it tiresome to install a client on every machine that needs to connect (Android, Windows, Linux.) I'd rather just enter the details in the OS's built in ...
Dragoon's user avatar
  • 111
1 vote
1 answer
3k views

Is it possible to use certificate from public CA for IKEv2 without importing intermediate cert?

I have configured ikev2 vpn on a strongswan server and a Windows 10 client, and it works fine. The authorization method is leftauth=pubkey and rightauth=eap-mschapv2. Because the leftcert to ...
limilaw's user avatar
  • 146
6 votes
2 answers
3k views

Setting up IPSEC on LAN between two hosts (OpenBSD)

Trying to use IPSEC between two hosts on a LAN. No VPN involved Using OpenBSD 5.8 (in VirtualBox). I'd prefer to use OpenBSD's built-in support for IPSEC and key exchange and not a third-party. Two ...
Neil McGuigan's user avatar
2 votes
0 answers
1k views

CentOS + strongswan + iOS VPN API, hal

I'm trying to setup StrongSwan on CentOS for iOS with VPN API. This API uses IKEv2 protocol. Here is my logs + configuration files. When i press connect in iOS device it's getting off in a few moments....
Al.Arak's user avatar
  • 21
7 votes
1 answer
5k views

Docker container can not access hosts behind VPN

I have a VPN gateway which allows remote access to a network with subnet 171.30.0.0/16. I have a local machine setup with ubuntu 14.04 and strongswan which connects to that VPN server using IKEv2 RSA ...
mohamnag's user avatar
  • 181