Skip to main content

Questions tagged [ipsec]

IPsec (Internet Protocol Security) is a protocol for securing IP communications by authenticating and encrypting each IP packet of a communication session.

Filter by
Sorted by
Tagged with
0 votes
0 answers
7 views

Built-in IKEv2 and PSK on Windows Server

I tried to use on Windows Server 2019, then built-in VPN Type IKEv2 + PSK So: Fill the PSK in "Allow custom IPsec policy for L2TP/IKEv2 connection" (rrasmgmt.msc) Firewall ports are opened ...
Stef's user avatar
  • 612
0 votes
0 answers
49 views

How do I apply src-nat to the traffic coming from ipsec?

I am using StrongSwan to Mikrotik IKEv2 tunnel. I wonder if it is possible to sourcenat what is comming from the ipsec-tunnel on Mikrotik's side? The problem is that I have a host in my local network ...
Serge S.'s user avatar
0 votes
0 answers
21 views

Can I set up IPsec tunnels between three branches?

I want to set up IPsec tunnels to connect three branches. In total, you should get three connections: HQ-BR BR-DC DC-HQ I wanted to do this on the Linux operating system using strongswan tools, but ...
Михаил Семчук's user avatar
0 votes
1 answer
51 views

Strongswan ipsec w/o LAN interface: Tunnel up, but no routing

I need some help in setting up an ipsec site2site-vpn with Strongswan. The other side insists on a site2site vpn, but on my side I have only a KVM hosted server with a public internet IP interface, so ...
Philomatic's user avatar
0 votes
0 answers
32 views

IPSEC not started on pinging another host

I have configured IPSec on my linux client using strongswan, on both remote_addrs and local_addrs, I have used %any. When I start the charon-systemd daemon and then use swanctl --load-all, the out ...
anilgowdam anilgowdam's user avatar
0 votes
0 answers
39 views

IPSEC configuration and usage on networks with overlapping network addresses

I use a different SSL VPN client to connect to remote customers. I would prefer to connect directly to remote devices in ssh and/or monitor the same ones via SNMP. The problem is that although each ...
Matteo's user avatar
  • 1
1 vote
0 answers
19 views

Site-To-Site IPSec between StrongSwan and zyxel usg100

We bought USG flex 100 into our office and we added it to the nebula. Now, we need to setup site-to-site tunnel into our datacenter. On nebula site we have network 10.5.1.0/24 and in datacenter we ...
Dave's user avatar
  • 35
0 votes
1 answer
73 views

Firewall InBound rules for UDP 500 under windows server

With the Windows server firewall, I cannot find the in-bound rule to open/block UDP 500 port ? (I want to handle IKEv2) I can get the rules for SSTP, L2TP, PPTP, but not for IpSec !? Thanks
Stef's user avatar
  • 612
0 votes
1 answer
312 views

Resolve failing for %any in strongswan ipsec

I was configuring ipsec between 2 linux boxes. Since ip of our product can be different when connected to different spaces. I used %any for right. Since then, I am not able to up my ipsec transport ...
anilgowdam anilgowdam's user avatar
0 votes
0 answers
41 views

How can I set separate phase 1 and phase 2 IPs using AWS Managed IPSec offerring?

I'm trying to setup an AWS Site-to-Site VPN connection that is IPSec based. It seems to be their managed offering. A particular connection I am trying to setup specifies distinct Phase 1 and Phase 2 ...
Dennis's user avatar
  • 1
0 votes
0 answers
16 views

Accessing adjacent remote network from existing network tunnel in pfsense ipsec

We have two offices, A and B, with IP segment 192.168.10.0/24 and 192.168.20.0/24 respectively, connected to each other using IPsec tunnel mode. Additionally, office B has an IPsec tunnel mode ...
exclbr5's user avatar
0 votes
1 answer
259 views

Unable to ping other subnet through IPSEC tunnel

I'm configuring an S2S IPSEC VPN tunnel between two Fortigate firewalls. The tunnel is up and running. Network topology: When I ping from the LAN interface, which is directly connected to the ...
khalil bouzaiene's user avatar
0 votes
2 answers
119 views

Routing with ipsec tunnel

We are trying to determine how to route traffic from our office 1 worker subnet through the office 1 server subnet over the IPSec tunnel to our office 2 server subnet. We want the office 2 worker ...
Drew's user avatar
  • 3
3 votes
0 answers
100 views

Spread IPsec decryption over multiple CPUs

All IPsec traffic being decrypted is processed on a single CPU, despite having multiple IPsec tunnels (SAs.) How can I get the load shared across multiple CPUs? I'm running Strongswan IPsec on Ubuntu ...
Jeff Learman's user avatar
1 vote
1 answer
123 views

Strongswan IPsec site-to-site on Gcloud

I am trying to initialise an IPsec tunnel between an Ubuntu VM on Google Cloud and a remote site. The connection is correctly established but from the Ubuntu machine on Google Cloud I cannot reach a ...
Pietro395's user avatar
  • 161
0 votes
0 answers
142 views

Change IPSec IKEV2 VPN Default Ports 500 & 4500 To Anothers

For some reason OpenVPN is working on my local machine very well, But IPSec IKEV2 VPN not & it only works when OpenVPN is connect. I have a domain for IPSec IKEV2 VPN & in local machine vpn is ...
helius.dev's user avatar
0 votes
0 answers
163 views

Windows 11 RDP over IPSEC issue

We manage a limited number of servers (running different versions of Windows Server) by a limited number of remote clients (running Windows 10) using RDP connections over IPSec (in "transport ...
Florent's user avatar
0 votes
0 answers
30 views

The IPSec connection has been successfully established. I can only ping the remote endpoint, but cannot ping the entire subnet

server A: enter image description here config setup charondebug="all" uniqueids=yes conn home-to-aliyun ikelifetime=36000s keylife=8h rekeymargin=3m ...
zhouxiaolong's user avatar
0 votes
1 answer
153 views

IPsec tunnel gets connected, Phase 2 is successful but no IP adapter is created thus tunnel does not work

I am trying to establish an IPsec tunnel between my virtual server and a customer's server. The IPsec tunnel gets established successfuly in Phase 2, but no IP gets added to my system. This is the ...
Hanz94's user avatar
  • 1
-1 votes
1 answer
275 views

Draytek VPN stuck on Authentica IKEv2 EAP

I've set up the following configurations on my draytek vigor 2926: IPsec general setup and the remote dial-in user: remote dial-in user I get the following error: unknown error Status in Smartclient: ...
LemonFridge's user avatar
0 votes
0 answers
32 views

How Can I Update Encryption and Deffie Hellman Groups for VPN in GCP?

So, I've got a VPN set up at the moment that's connected to the client's VPN and it's all good. Now, the client wants to tweak the encryption method to AES256 and Deffie Hellman groups to 19. Is it ...
Jose Carro's user avatar
0 votes
0 answers
416 views

AWS StrongSwan IPSec Tunnel with Cisco fails during Phase 2 with TS_UNACCEPTABLE

I need to to setup a site-to-site IPSec tunnel with a vendor whom We need to access each other's API servers seating on the LANs using their respective Public IPs. We're using AWS, And I have ...
kmos.w's user avatar
  • 101
0 votes
0 answers
88 views

sometimes, vpn connection doesn't work on ipsec(strongswan) configuration

I'm using ipsec with strongswan between aws and on-premise here is strongswan configuration config setup uniqueids = no charondebug="ike 1, knl 1, cfg 0" conn %default ikelifetime=...
lee's user avatar
  • 1
0 votes
1 answer
157 views

Android .sswan profile to ipsec.conf

I have a .sswan profile with an embedded cert and username/password from a server admin. It connects to a Watchguard VPN without any issues. I was told by the server admin I can connect with my ubuntu ...
T3.0's user avatar
  • 121
0 votes
1 answer
189 views

How to set up an IPSec VPN with failover on linux without virtual IP?

I need to set up a VPN connection using IPsec between a client system and our Linux server. There shall be a fallback in case of failure of the VPN endpoint, i.e. some sort of automatic failover. From ...
Tobias B.'s user avatar
0 votes
0 answers
203 views

Strongswan site to site with fortigate issue seems some thing about phase 2

Hello all, sorry to bother you guys, i already spend 3 days on it, still can not make it work, Could you take a look? Thank you in advance <3. fortigate info: Public ip: 41.223.XX.XX Internal ...
扬州蛤蟆仙人's user avatar
2 votes
1 answer
162 views

what is the proposal string for aes-gem256 deffie helman group 20, esp

As a developer tasked with connecting to a vpn without preconfigured profile scripts, i'm fumbling through setting up a strongswan ipsec.conf file. My current hurdle is an "invalid proposal ...
T3.0's user avatar
  • 121
1 vote
0 answers
375 views

AWS Site-to-Site VPN logging not working

Anyone encountered a problem where logging to CloudWatch for Site-To-Site VPN isn't working even though logging is enabled? The only log file that is created is one with the title "...
oliva5's user avatar
  • 21
1 vote
0 answers
449 views

Dynamic traffic routing via multiple GRE over IPsec tunnels

Initial data I am learning networking based things and strongSwan proper configuration. Using my own wildcard ssl certificate. All tunnels are successfully lifted and authorized among themselves, ...
IgorMonkey's user avatar
0 votes
0 answers
424 views

IPSec VPN Windows 10 Client Not Working - SOLVED

After 3 days of banging my head against the keyboard, I finally came up with a solution that allows my Windows 10 Professional built-in VPN client to connect to my Linux IPSec VPN server using EAP and ...
David Borgeson's user avatar
0 votes
0 answers
470 views

Error in IKE phase 1 when trying create IPSeC tunnel with Juniper SRX 300

Less than month ago we had to replace our old SRX 210 HE device with a new SRX 300 because the old device started to become unreliable. We had two IPSeC tunnels to two different places both working ...
nyoatype's user avatar
-3 votes
1 answer
372 views

How to connect to a IPsec VPN with WireGuard client?

is it possible at all, because I know that you can't do this with openconnect? I have: gateway ip preshared key login password empty ipsec id (group)
banderlog013's user avatar
0 votes
0 answers
46 views

Best approach for deploying code to servers behind a gateway

I am attempting to adjust my deployment scripts to access a server behind a newly established gateway that I've configured. The gateway currently is accepting traffic from the internet correctly and ...
Rohit Keshwani's user avatar
0 votes
0 answers
584 views

Why does this traffic selector not match?

(Note: I'm really using pfSense, but I'm just going to focus on the ipsec.conf files, since pfSense doesn't seem particularly relevant to the issue.) We're getting the following error from charon: Aug ...
Thanatos's user avatar
  • 366
0 votes
0 answers
42 views

Wireguard aside IPSec site to site

I have the following scenario: Connecting to a server (A) through another server (B). My connection to B is via ssh normally. The connection between B and A is through ssh, but via VPN with Wireguard. ...
Joey Fran's user avatar
  • 101
2 votes
1 answer
195 views

IPsec connection established but client not able to reach host until host pings the client

I am trying to establish IPsec connection between two linux machines residing in the same VPC but in different subnets. On both machine I have following configuration: Host machine: conn hostConn ...
abhi's user avatar
  • 71
0 votes
1 answer
779 views

Strongswan ike phase 1 failed: "IKE_SA being deleted"

I'm trying to build IPsec tunnel between my Strongswan cloud instance to the Cisco CSR 1000V which is from ISP. According to the form given to me, I have to configure with the following factors in ...
9ieR's user avatar
  • 1
0 votes
1 answer
754 views

ipsec/strongswan - tunnel is up, traffic is sent and received but replies are ignored

I need some help, I set up a strongswan IPsec tunnel with ESP and IKEv2, the tunnel is UP and remote sees packets coming and answers them, but my server is ignoring? answers. The tunnel is between my ...
Tazq's user avatar
  • 1
0 votes
1 answer
1k views

site to site(IpSec) between AWS and Cisco is not working

I am trying to set up a site-to-site VPN connection between AWS and Cisco ASA, but the tunnel status is shown as "Down," and under the details section, the message is "IPSEC IS DOWN.&...
Ajit Trivedi's user avatar
0 votes
1 answer
223 views

How to investigate not received TCP packets sent from VPN on the same LAN?

I'm setting up a VLAN on the cloud where many servers will connect to a remote host via VPN. The setup is as follows: Their Host d.d.d.72 | | ...
Younes's user avatar
  • 243
0 votes
0 answers
196 views

Strongswan IPSEC specific rightsubnet

I have strongswan ipsec setup installed in ubuntu OS. I have static public ip 103.x.x.x and vpn clients subnet 10.100.100.2/24. I have 2 clients with ubuntu OS. I was able to ping client 1 to client 2 ...
kramnitsuj's user avatar
0 votes
0 answers
479 views

Ubuntu - IPSec VPN with Dual Stack / Strongswan

I'am trying to setup a IPSec VPN (ike1) for our Linux clients. But we need dual stack with ipv4 and ipv6. The endpoint is a Fortigate firewall. With two phase2, one for IPv4 and one for IPv6. The ...
premar's user avatar
  • 41
0 votes
1 answer
273 views

Incoming IPSec traffic on Linux host is not processed via the VTI tunnel using XFRM rules

I have the following setup: Remote IPSec VPN gateway: 81.x.x.x Local machine address: 172.22.1.156 VPN-assigned IP: 10.0.30.97 VTI tunnel interface: vti0: ip/ip remote 81.x.x.x local 172.22.1.156 ttl ...
dimitri's user avatar
  • 111
0 votes
0 answers
597 views

Windows 11 IKEv2 fails to connect, error code 1931 eventID 20227

I have Mikrotik configured for accepting IPSec connections with server certificate and RADIUS auth, SHA1 and so on enabled on Mikrotik side for Windows compatibility. It also configured for L2TP/IPSec,...
SelfishCrawler's user avatar
0 votes
1 answer
463 views

Howto get server host into strongswans virtual IP address subnet

I have configured a VPN server and VPN client with strongswan with the following ipsec.conf configuration settings Server ipsec.conf conn ikev2-vpn also=rw-base auto=add compress=no ...
Ole K's user avatar
  • 101
0 votes
1 answer
149 views

strongwan disable user access

Hwo can I disable access for a particular user with strongswan public key authentication? So I have pub key authentication working. the SAN is the email and is the id. Is there a way to reject ...
noone392's user avatar
  • 113
1 vote
0 answers
302 views

strongswan site to host example?

There are a million site-to-site and host-to-host examples. I can't seem to find a single site-to-host example. I am looking for the most basic possible example with no certificates at all, that just ...
noone392's user avatar
  • 113
1 vote
1 answer
897 views

My Win 11 Pro VPN client for IKEv2 is perpetually broken

I am tearing my hair out over this sudden refusal of Windows 11 Pro on my PC to use the appropriately configured crypto in IKEv2 negotiation. It worked fine for a long time, until it didn't. This ...
TheOrionArm's user avatar
1 vote
1 answer
1k views

Not getting StrongSwan IPsec to run: received netlink error: Network is unreachable / unable to install source route for [...]. Getting nuts already

I am trying to set up an ipsec tunnel with strongswan, used some tutorials for that and all went so far but there is no actually communication going trough the tunnel. The tunnel is established, but ...
jollyroger's user avatar
0 votes
1 answer
3k views

Windows 11 L2TP and IPSEC: Where to set the IpSec group

First of all: I know : L2TP and IPSEC from Windows XP: Where do I put the IPSEC group name? exists, but the answer is incorrect and is not working on Windows 11 (please do not duplicate this topic by ...
Bytechie's user avatar

1
2 3 4 5
21