Questions tagged [ikev2]
The ikev2 tag has no usage guidance.
101
questions
0
votes
0
answers
2k
views
IKEv2 Need a small help on Strongswan
I'm trying to create an IKEv2 Strongswan VPN server (U5.7.2/K5.3.0-42-generic) since two days on my personnal VPS (Ubuntu 19.10) to make some tests before implement it on the Unifi equipment of my ...
0
votes
1
answer
430
views
IKev2 VPN Event ID 20209 - Server Authentication
I have made only one certificate for VPN access with ikev2. Within 2 days i got event id 20209, even though I didn't tried to connect. The certificate is still with me and no one else has access to it....
0
votes
0
answers
684
views
Strongswan Centos 7 Config Issue
I have a problem with configuring Strongswan on Centos 7 ! First please notice that I want to connect with only username and password and I don't want to import any profiles on my phone ! My server ip ...
1
vote
0
answers
376
views
Strongswan username and password authentication
Guys I need to set up strongswan to use username and password for connecting instead of certificate! Anyone knows how this is done?
0
votes
0
answers
91
views
Rekeying denies protocols/NAT issue or config?
I'm using strongswan to connect to a MAC server using IKEv2/IPsec configuration. The server uses the proposed algorithms to establish the SA and everything works great. Upon rekeying however, the ...
0
votes
1
answer
223
views
strongswan ikev2 connect to the same server
I have a strongswan ikev2 vpn installed on my server.
With my win10 laptop I can connect to the vpn and and connect to everything via vpn.
But how can I connect to my server? I have a service on a ...
1
vote
1
answer
1k
views
Test ike2 vpn connection on console possible?
Whatever I google for I find tutorials how to setup an IKEv2 VPN server either UI client configuration for different OS.
Is it possible to test the connection with a client in a Linux console ...
0
votes
0
answers
523
views
IKEv2/IPsec. Strongswan server static external ip-address. 2 pcs of Mikrotiks as clients. Routing (or what?) Mikrotiks LAN-subnets
Strongswan 5.7 on Debian 10. Static "white" ip address.
2 Mikrotiks with grey ip addresses from ISPs' and NAT:
/ip address print
2 D 10.141.170.32/16 10.141.0.0 ether1
Mikrotik "A" LAN ...
4
votes
1
answer
18k
views
strongswan ikev2 with debian. EAP authentication failed. loading EAP_MSCHAPV2 method failed
I can't get Strongswan to run on my Debian machine. I've already done a tutorial to get it to run on a Ubuntu machine but it seems impossible to me to get it to run on my Debian machine. I actually ...
0
votes
0
answers
738
views
StrongSwan IKEv2 connected but no internet on some internets
I set up the StrongSwan and IKEv2 as remote access on CentOS 7, And it is working great but on some internets (not all, most ADSL modems or 4G modems) it connects but there is no internet access on ...
0
votes
1
answer
614
views
IKEv2 certificate error but SSTP successfully connects Windows 10 pro / Windows Server 2019
I'm using Windows server 2019 (installed roles: AD DC, CA, DHCP, DNS, IIS, VPN).
my client is Windows 10 pro.
before installing the Online responder role and having a CRL server, IkEv2 was working, ...
9
votes
2
answers
34k
views
Strongswan IKEv2 vpn on Windows 10 client "policy match error"
I have the newest version of Strongswan vpn on my ubuntu server running.
I followed this tutorial here and got it to work on my android and Iphone.
Now I want to get it to work on my windows 10 ...
2
votes
1
answer
915
views
How to block an IP for IPSec VPN connections?
This is my current IpTables setup:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,...
1
vote
1
answer
3k
views
Is strongSwan eap-mschapv2 authentication secure vs using certs?
What level of encryption is used during the authentication part of the connection?
Here’s a sample /etc/ipsec.conf configuration.
config setup
charondebug="ike 1, knl 1, cfg 0"
uniqueids=no
...
4
votes
0
answers
3k
views
Strongswan stops working after a while
I'm trying hard to resolve one question with my strongswan IKEv2 VPN.
I use Linux strongSwan U5.6.1/K3.10.0-862.el7.x86_64 installed on CentOS 7 and few clients: Windows Server 2012 R2, Windows 10, ...
1
vote
0
answers
5k
views
Porting a Cisco AnyConnect profile from Windows to Mac OSX
I have a client using a VisualStudio solution to manage their website. In order to make edits, they had to set up a Windows 7 laptop for me, which I have to use to connect to their VPN before being ...
2
votes
0
answers
475
views
Bandwidth control with TC for clients yet to be connected
I have applied bandwidth control using TC and iptables using this tutorial on my Strongswan VPN server.
The bandwidth control works fine ONLY if that specific client is already connected.
For example:...
1
vote
1
answer
2k
views
Strongswan IKEv2 auth - pubkey and EAP
I'am trying to setup strongswan with pubkey and EAP authentication. To login users need to have certificate and valid credentials.
My certificate is ok. I tested pubkey auth and it was ok, also EAP ...
0
votes
0
answers
1k
views
Stuup StrongSwan with user Cert
i will setting up strongswan and have some trouble with configure it. I can log in with user/pass but i will replace it with user.p12 certificate. When i add rightauth2=pubkey is login with user/pass ...
0
votes
1
answer
3k
views
Strongswan: Connecting PSK & EAP at a time
I have successfully setup strongswan on a virtual Server. I basically have two kinds of configurations
Using EAP (username/password for Android Strongswan Client).
PSK (for IOS devices using ...
1
vote
1
answer
4k
views
Does IKEv2 support initiator authentication by pre-shared key _and_ password?
I'd like to configure an IKEv2 VPN gateway for multiple remote users to access a private network.
I have a test setup where the responder authenticates itself with a self-signed certificate. The ...
2
votes
1
answer
747
views
firehol ipsec configuration
Just discovered that apple dropped pptp support in the newest MacOSes, so configured ikev2 ipsec access instead. Clients are happy, everything is simple and good except one thing - ipsec clients ...
1
vote
1
answer
943
views
IPSEC IKEv2 not hiding HTTPS
I'm using
Linux strongSwan U5.3.5/K4.4.0-116-generic on Ubuntu 16.04
with IOS 11 IKEv2 client.
The connection could be successfully established on my client(IOS 11) and if I go to ip check webpage, ...
2
votes
1
answer
3k
views
VPN from WatchGuard to Google Cloud Platform: "establishing IKE_SA failed, peer not responding"
We are trying to "Build a VPN from a Watchguard to Google Cloud Platform" just like what is described here:
https://querblick-it.de/build-vpn-watchguard-google-cloud-platform/
And under Remote peer ...
1
vote
1
answer
2k
views
OCSP verification fails in Strongswan (IKEv2)
I've managed to set up an IPsec connection between two (virtual) hosts in transport mode and now I want the server to validate the client's certificate with OCSP. In a third host, I've run an OCSP ...
8
votes
1
answer
1k
views
How to limit bandwidth per VPN connection?
I have a StrongSwan (IKEv2) server setup and would like to limit each VPN connection to 512kb/s.
After researching I came across tc in Ubuntu. I don't quite understand it and am fighting through the ...
1
vote
0
answers
526
views
How to configure RRAS on Windows Server 2012 R2 to forward broadcast UDP packets
I have a server running RRAS on Server 2012 R2. Clients connect using an IKEv2 VPN, and are on the same subnet: 192.168.1.0/24 and 255.255.255.0.
The server has a single NIC, and VPN ports are ...
0
votes
2
answers
5k
views
Strongswan IKEv2 for iOS devices
I want to connect a Strongswan IKEv2 VPN on iOS devices. It uses FreeRADIUS server for AAA of users.
It's already working perfectly on Android and Windows devices. but when I try to connect using ...
1
vote
1
answer
438
views
Google Cloud Platform VPN
Is there a way to change the lifetime in seconds for Phase 1 and Phase 2 of Ipsec? I am trying to connect to a Cisco ASA 5550 at a customer site and their lifetime in seconds setting is 86,400(Phase ...
3
votes
0
answers
1k
views
How to connect to ikev2 vpn from docker container using bridge net mode?
I'm trying to connect to a VPN from inside a docker container via ikev2, Ubuntu host.
If I try the following:
docker run -i -t --privileged --net host --entrypoint /bin/bash ikev
It then do ipsec ...
0
votes
1
answer
1k
views
Use MySQL for storing secrets in Strongswan VPN
I have a working Strongswan IKEv2 VPN, i uses eap-mschapv2 as right auth.
It's working fine as long as I use the ipsec.secrets file to store the user credentials.
# ipsec.secrets file
: RSA vpn-...
1
vote
1
answer
2k
views
Is it possible for ikev2 VPN to do auto route configuration for client during connected?
We've setup a ikev2 VPN server with this tutorial, everything works.
The only issue is we don't want client to route all traffic using this VPN, only a particular ip addresses.
So, it is possible to ...
0
votes
0
answers
3k
views
unable to install inbound and outbound IPsec SA (SAD) in kernel
I'm trying to install L2TP over IPsec using strognswan and xl2tp daemon.
this is my config :
conn L2TP-PSK-NAT
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
auto=...
1
vote
1
answer
6k
views
no trusted rsa public key found
I am trying to setup ikev2 with strongswan using a wildcard certificate.
The config seems to work for iOS with this certificate but doesn't work for Android, getting this error - no trusted rsa ...
2
votes
2
answers
2k
views
how to use wildcard certificate with ikev2 on strongswan
I am using a wildcard certificate.
I have managed to setup ikev2 protocol, applied my own certificate but it won't work for subdomains.
Is there any workaround for this or the wildcard should be ...
2
votes
0
answers
2k
views
MacOS native IKEv2 VPN client instead of AnyConnect?
Similar to this question from half a decade ago..
Can the native MacOS IKEv2 VPN client be used in lieu of Cisco AnyConnect client?
example anyconnect profile:
<AnyConnectProfile>
<...
1
vote
1
answer
3k
views
StrongSwan ikev2 routing through VPN in Windows 10
I'm trying to create an ikev2 VPN using StrongSwan on an ubuntu server.
Now, in Windows 10 clients, use default gateway on remote network option is off by default; so when I connect to the server, ...
0
votes
1
answer
1k
views
IKEv2 VPN, tunnel ok but no traffic
I setup a vpn on my windows server 2016 (with routing and remote access), the client is a windows 10 pro.
This is the server configuration:
The client connects correctly, but does not receive a ...
1
vote
2
answers
2k
views
IKEV2 VPN doesn't hides real IP from Windows client
I have just set up VPN server using IKEv2 at home. Everything works fine, but the problem that when I am connected to the VPN from Windows 10 client I have external IP of the network where I connected ...
2
votes
1
answer
1k
views
IKEV2 configuration file IP pool
I have some problems with configuring VPN using IKEV2.
Here is my server configuration file
config setup
# Uncomment to allow few simultaneous connections with one user account.
# By ...
1
vote
0
answers
614
views
Strongswan site to site tunnel
I configured strongswan on ServerA and ServerB and tunnel them successfully by this tutorial:
http://linoxide.com/how-tos/ipsec-vpn-gateway-gateway-using-strongswan/
but i want to run this senario:
...
0
votes
1
answer
2k
views
IKEv2 connection from OSX to Windows RRAS disconnects after eight minutes
Using Windows as a VPN client everything works perfectly fine.
When I establish a connection using the integrated IKEv2 client on my Mac (OS X 10.11.6), I get disconnected after eight minutes. Until ...
1
vote
0
answers
4k
views
How to fix failing connection to VPN(ipsec+ikev2)?
Auth made with certificates
ubuntu 16.04 + strongswan.
Client connecting from win7, certificate was added like said in strongswan Wiki.
Config made also like in strongswan wiki, but i got error: '...
5
votes
2
answers
1k
views
pfSense - IKEv2 with EAP-RADIUS: Any fallback option if the RADIUS server is down?
I'm deploying an IKEv2 VPN authenticating against a RADIUS service within a pfSense 2.3-RELEASE box. But I'm afraid of the complications of this approach when the RADIUS server is down.
Since the ...
1
vote
0
answers
1k
views
RRAS IKEv2 Behind Router
I have an installation of Server 2012 R2 running that I need to deploy an IKEv2 VPN on. It's my way of accessing files at my office.
The current setup involves a NAT Router (Just a standard ISP-...
0
votes
1
answer
503
views
Best way to setup highly compatible VPN (thinking IKEv2) in Ubuntu 15+?
Having used OpenVPN for a while, I've found it tiresome to install a client on every machine that needs to connect (Android, Windows, Linux.) I'd rather just enter the details in the OS's built in ...
1
vote
1
answer
3k
views
Is it possible to use certificate from public CA for IKEv2 without importing intermediate cert?
I have configured ikev2 vpn on a strongswan server and a Windows 10 client, and it works fine.
The authorization method is leftauth=pubkey and rightauth=eap-mschapv2.
Because the leftcert to ...
6
votes
2
answers
3k
views
Setting up IPSEC on LAN between two hosts (OpenBSD)
Trying to use IPSEC between two hosts on a LAN. No VPN involved
Using OpenBSD 5.8 (in VirtualBox). I'd prefer to use OpenBSD's built-in support for IPSEC and key exchange and not a third-party.
Two ...
2
votes
0
answers
1k
views
CentOS + strongswan + iOS VPN API, hal
I'm trying to setup StrongSwan on CentOS for iOS with VPN API. This API uses IKEv2 protocol. Here is my logs + configuration files. When i press connect in iOS device it's getting off in a few moments....
7
votes
1
answer
5k
views
Docker container can not access hosts behind VPN
I have a VPN gateway which allows remote access to a network with subnet 171.30.0.0/16.
I have a local machine setup with ubuntu 14.04 and strongswan which connects to that VPN server using IKEv2 RSA ...