All Questions
Tagged with ipsec strongswan
36
questions
0
votes
0
answers
87
views
nftables config for ipsec (strongswan) vpn
If have got a working IPSec connection between a device (raspberry) on remote side (10.X.117.0/24 network) and the local network (10.Y.0.0/16 network).
The raspberry has a static 10.X.117.1 IP on its ...
- 73
0
votes
0
answers
147
views
set network interface for strongswan
I am using StrongSwan on Raspberry Pi with a LTE token which is handled as eth1. It works fine as long nothing is connected to the ethernet port (eth0).
Then StrongSwan wants to use eth0 which fails.
...
- 73
0
votes
1
answer
208
views
IpSec StrongSwan HA config misses / no connection
I am using strongswan on rasberian 12 to connect to PFsense with /etc/ipsec.conf from an external network to an PfSense:
config setup
conn %default
keyexchange=ikev1
conn peer-ipsec.xxx.de-...
- 73
0
votes
0
answers
141
views
IPSEC libreswan interface endpoint does not match left or right
I am using libreswan on raspberry Pi OS 12 to connect to PFsense with /etc/ipsec.conf
from an external network
config setup
conn %default
#keyexchange=ikev1
conn peer-ipsec.xxx.de-tunnel-1
...
- 73
1
vote
0
answers
36
views
Routing specific subnet through a local peer
I have two (almost identical) Ubuntu machines with the local IP of 10.0.0.10 and 10.0.0.20, let's call them TEN and TWENTY respectively. Both have the default gateway of 10.0.0.1.
On TEN I have a site-...
- 11
0
votes
0
answers
158
views
Bandwidth control using traffic control `tc` on Strongswan ipsec connection
I am in the need to use traffic control tc to regulate the bandwidth.
From what I known is that I can manage the bandwidth using the following
DEV=eth0
RATE="100kbps"
tc qdisc del dev $DEV ...
- 51
0
votes
0
answers
145
views
Cannot establish IPv6 connection with strongswan using IKEv2 and MSCHAPv2 Host-To-Host (Legacy configuration)
I am unable to get a connection with IPv6 host-to-host.
Below is the log output (anonymized)
Sep 27 14:25:18 vpn.xxxx.tld ipsec[13769]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.8, Linux 6.1....
- 51
0
votes
1
answer
607
views
Strongswan ipsec tunnel not establishing connection with AAA server
I have two VM
VM-1 : I have installed Strongswan 5.9.
VM-2 : Installed Strongswan 5.9, Installed freeradius (radius server)
I have started Strongswan on both VM by systemctl start strongswan.
When I ...
- 103
0
votes
1
answer
3k
views
NO_PROPOSAL_CHOSEN strongswan ipsec tunnel
Hi I am trying to setup site-to-site vpn tunneling on AWS VMs. Below are my ipsec.conf files for both VMs.
VM-1 (assume IP address : 1.2.3.4)
conn %default
lifetime=60m
mobike=no
...
- 103
0
votes
1
answer
675
views
Strongswan ipsec tunneling between two VMs
I am very new to VPN and IPsec tunneling. I have two VMs between them I need to establish IPsec tunnel by using pre-defined PSK key or provided certificate .pem.
I have installed strongswan-5.9.6-1....
- 103
1
vote
0
answers
388
views
StrongSwan 5.9.1 (Debian Bullseye): Traffic from IPsec tunnel gets forwarded via Ethernet, but not via bridge
The following problem:
I have a server that is, in addition to other tasks not relevant for the problem at hand, supposed to act as an IPsec gateway.
When I'm using the Ethernet interface pointing to ...
- 265
1
vote
1
answer
2k
views
How to configure strongSwan eap-radius with FreeRadius for EAP-MSCHAPv2 authentication?
I am trying to configure a strongSwan IPsec VPN with RADIUS authentication. The actual EAP-MSCHAPv2 authentication to FreeRadius with OpenLDAP for username/passwords is successful, but then I am stuck ...
- 13
1
vote
1
answer
1k
views
Strongswan VPN certificate authentication failed
I've installed strongswan vpn on my ubuntu server. Set up certificate authentication. I've set up my android-phone and it works fine. But connection didn't established on the windows machine. I copied ...
- 11
0
votes
1
answer
2k
views
Single IP left subnet and routing traffic through tunnel in strongswan
I must set up an ipsec tunnel to use an external service provided by another company (so I have no control on the other side and can't change anything there). Let's say that:
192.168.0.0/24 is my ...
- 23
1
vote
1
answer
5k
views
Define PFS Group in Strongswan IKEv2/IPsec Phase 2 Settings
I am trying to setup a VPN connection on Ubuntu 20.04 using Strongswan. One of the requirements for the tunnel is to use PFS group 20.
Is the PFS group 20 being set when we have the following line in ...
- 153
0
votes
1
answer
4k
views
IPSec nftables strongswan
How to configure nftables to allow inbound only ipsec traffic and process rules after decryption. I have nftable.conf:
#!/sbin/nft -f
flush ruleset
# ----- IPv4 -----
table ip filter {
chain ...
- 15
0
votes
0
answers
216
views
How to verify lets encrypt certs with server? - OSCP error linux Strongswan
Goal
I am attempting to build an IKEv2 VPN using the strongswan IPSEC implementation with Let's Encrypt certificates and RSA authentication. I successfully built it in the legacy ipsec.conf format, ...
- 1
4
votes
2
answers
12k
views
How can I route only a particular subnet to the StrongSwan VPN but not my whole traffic on linux?
I have no particular competences on networking, so I'll do my best to explain my needs.
On my Linux laptop I'm running StrongSwan (with NetworkManager) to connect to a particular VPN with IPsec. This ...
- 53
0
votes
1
answer
834
views
Can any IPSec client connect to any IPSec server?
I have been pondering setting up my own VPS with a VPN server running. Most often, OpenVPN is thrown around when users talk about setting up a VPN on Linux, but this tech seems to live a bit on the ...
- 1,369
0
votes
0
answers
767
views
Strongswan IPsec configuration ( Linux - Cisco)
I'm configuring site-to-site ipsec tunnel. The error that I am getting shows that Quick Mode proposal (ESP) doesn't match
Jan 27 09:23:42 raspberrypi charon: 10[ENC] generating QUICK_MODE request ...
0
votes
0
answers
116
views
Some VPN traffic blocked to secure endpoints
I have a VPN server (strongswan) used for testing that I connect to via IKEv2 on a variety of systems (here, I tried Windows, Ubuntu, & Android), normally without issues. This morning, I was on a ...
user1085183
0
votes
0
answers
2k
views
Strongswan ipsec site-site configuration
I'm configuring site-to-site ipsec tunnel using strongswan, but i don`t know how is ipsec tunnel opened on remote side (definitely without using strongswan)
When i try to connect - i get no response
...
- 1
0
votes
0
answers
608
views
IPv6 Strongswan IPSec + NAT
I have a VPS with an IPv4 (/32) and an IPv6 (/128).
I've set up Strongswan and my IPv4 IPSec server works just fine - I'm using it all the time.
I'm trying to get it to work with IPv6 and so far it'...
- 237
0
votes
1
answer
2k
views
Strongswan IPsec configuration
I'm configuring site-to-site ipsec tunnel, being given very few details about the remote host.
On my server I'm using strongswan with the following ipsec.conf:
conn %default
ikelifetime=60m
...
- 21
0
votes
0
answers
322
views
How to know and fix fails or errors in randomly down ipsec tunnel connection?
I have a server connected by VPN site to site with strongswan (first time with VPN), when I start the connection (sudo ipsec up my-conn) all work good but in some point the server lost the connection (...
- 101
0
votes
1
answer
342
views
Docker: host grabs ICMP packets (Strongswan IPsec)
These machines are Docker containers with strongswan installed running IPsec tunnels.
routeur1 and routeur2 have a site-to-site IPsec tunnel, while pc-nomad have a IPsec tunnel with routeur1. ...
- 3
0
votes
1
answer
331
views
internet sharing over ipsec
I try to connect my Windows 7 workstation to the Internet over ipsec tunnel.
I have:
192.168.88.251 - win7 workstation
192.168.88.1 - my mikrotik router
VPN_IPSEC - my vpn with ipsec ...
1
vote
0
answers
3k
views
Strongswan, how to configure ipsec site-to-site using psk?
I'm setting up ipsec site-to-site VPN connection (with pre-shared key auth method). However I'm unsure of the correct values to put in ipsec.conf.
vpn server ip - xx.45.40.46
encryption algorithm - ...
- 11
1
vote
0
answers
1k
views
Getting Timeout when connecting to StrongSwan IPSec
I've tried to set up a Root Server in the public Internet with StrongSwan to use it as a VPN Server. Plan is to tunnel all Internet Traffic for some devices via this server. I've also set up an ...
- 11
1
vote
0
answers
555
views
Strongswan ikev2: https stops working on client when connected to vpn server
I have set up strongswan 5.3.3-1 on OpenWRT 15.05 based router.
Followed this tutorial
The certificate for Server side authentication is issued by Let's Encrypt - I use it for my synology box and it ...
- 2,157
0
votes
1
answer
618
views
Why does VPN client connect with pfs=yes when server has pfs=no?
I have a small VPN set-up. The client in question is a Raspberry Pi running strongswan and xl2tpd to run as IPsec/L2TP. I made a configuration mistake on the client where I set pfs=yes (for perfect ...
- 191
0
votes
1
answer
2k
views
strongswan roadwarrior doesn't route properly
I want to have a Linux client connect to a Linux gateway so it can access the hosts from that network (typical road warrior setup).
I have this config on the server side:
conn vpnserver-ikev2
...
- 275
3
votes
1
answer
8k
views
strongSwan - no matching peer config found
I am trying to setup strongSwan to configure an iPhone to it but I am getting an error that I have trouble overcoming.
no matching peer config found
The complete debug log is as follows:
root@vpn-...
- 275
0
votes
0
answers
369
views
StrongSwan Roadwarrior not usable
I have a config on my lede router for a strongswan rw. The connection is up and pings are working.
But for some reason I am not able to browse anything.
[root@WOLVERINE tmp]# ipsec statusall
Status ...
- 201
2
votes
1
answer
424
views
Strongswan 5.5.0 RSA sigkeys
I'm setting up an IPSec connection between two Strongswan clients using RSA "sigkeys." The documentation says that leftsigkey and rightsigkey are used to provide the public RSA keys for the two ...
- 23
0
votes
1
answer
575
views
Strongswan IPSec to Amazon VPC going down randomly
I got established connection between Amazon VPC and my site using strongswan.
I followed documentation from Amazon. Tunnel can be established and is running but is going down randomly if I can say.
...
- 101