All Questions
136
questions
1
vote
1
answer
58
views
How can I setup FIREWALLD with IPSEC (StrongSwan) Site-to-Site to make PING work on Debian 12?
I have 3 nodes with public and local IP address, each:
Node A: edge router #1 (10.41.1.0/24)
Node B: edge router #2 (10.48.2.0/24)
Node C: VMS with Debian 12, docker containers and firewalld (ex. 172....
0
votes
0
answers
185
views
To allow IPsec NAT-T traffic to pass through, why does the firewall still need to permit ESP when it already allows UDP 4500?
I established an IPsec VPN tunnel between two Juniper SRX routers across NAT, with the NAT being performed by the firewall (a Linux server). When attempting to configure the firewall rules to allow ...
0
votes
0
answers
47
views
UDMP Wireguard Server + IPSec Site-to-site
We have a UDMP with a few VLANs : 10.92.10.0/24 , 10.92.41.0/24, 10.92.42.0/24
We have added a Wireguard server, which uses 192.168.4.0/24, and works wonderfully (clients can connect and access ...
0
votes
1
answer
22
views
IPSec S2S peer B host cannot receive ICMP reply or access host resources on peer A
I've got an IPSec S2S tunnel setup. The VPN is connected, tunnel established.
Here's the network topology:
(for reference, I am Peer A)
Problem:
host A pings host B and gets reply (this is not a ...
0
votes
1
answer
76
views
Creating an IP alias for a device on another subnet behind a VPN
I set up a site-to-site VPN with IPsec between two routers.
Router 1 (DLink DSR-250V2) controls the 11.11.11.0/24 subnet.
Router 2 controls the 192.168.1.0/24 subnet.
The tunnel itself works fine. ...
0
votes
0
answers
133
views
How to chain in cascade two VPNs on macOS?
Given the following VPNs:
a WireGuard VPN I've created with a Fritz!Box
a Cisco IPSec VPN
I'd like to know if it's possible to connect to the Cisco VPN using the IP obtained via the WireGuard VPN. ...
1
vote
3
answers
15k
views
How to setup VPN connection from android 13/14 native VPN client to mikrotik routerOS for testing mobile app with backend behind a private network?
I want to test my mobile app on Android 13 with test backend located in private network. Therefore I need to access this network via VPN tunnel.
Since L2TP/PPTP VPN connections are not supported on ...
0
votes
1
answer
208
views
IpSec StrongSwan HA config misses / no connection
I am using strongswan on rasberian 12 to connect to PFsense with /etc/ipsec.conf from an external network to an PfSense:
config setup
conn %default
keyexchange=ikev1
conn peer-ipsec.xxx.de-...
0
votes
0
answers
141
views
IPSEC libreswan interface endpoint does not match left or right
I am using libreswan on raspberry Pi OS 12 to connect to PFsense with /etc/ipsec.conf
from an external network
config setup
conn %default
#keyexchange=ikev1
conn peer-ipsec.xxx.de-tunnel-1
...
0
votes
0
answers
158
views
Bandwidth control using traffic control `tc` on Strongswan ipsec connection
I am in the need to use traffic control tc to regulate the bandwidth.
From what I known is that I can manage the bandwidth using the following
DEV=eth0
RATE="100kbps"
tc qdisc del dev $DEV ...
0
votes
0
answers
145
views
Cannot establish IPv6 connection with strongswan using IKEv2 and MSCHAPv2 Host-To-Host (Legacy configuration)
I am unable to get a connection with IPv6 host-to-host.
Below is the log output (anonymized)
Sep 27 14:25:18 vpn.xxxx.tld ipsec[13769]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.8, Linux 6.1....
1
vote
0
answers
27
views
Using remore office local internet
I bought two routers (DrayTek Vigor 2866ax) to connect offices in different countries. The problem we have is we need to use internet of other country to connect to our bank accounts and local ...
3
votes
1
answer
1k
views
P12 Certificate Authentication - what is the correct method
I've been able to successfully set up an IKEv2/IPSec VPN Server using certificate authentication. However, I have a general issue regarding the correct method of creating P12 user certificates.
I've ...
1
vote
1
answer
547
views
VPN for remote access to home LAN (IPSec?)
Another probably daft question:
I am in the process of setting up a VPN connection for the purpose of remote access to services on my home LAN. The router, firewall and VPN server i am using for this ...
0
votes
0
answers
175
views
Configure IPsec only VPN on routerOS
For connections from my iPhone into my home network when I'm outside, I configured a VPN based on L2TP and IPsec. I found a lot of examples in the internet for this configuration. All network traffic ...
0
votes
0
answers
24
views
Occasional and Momentary Site-to-Site VPN Tunnel Failures
I just started managing a number of locations that have site-to-site VPN connections. Part of what I've been doing is going through the Sophos firewalls examining alerts, findings and incidents. While ...
0
votes
0
answers
463
views
Unifi UDM - IPSec VPN PING works but nothing else?
I'm trying to setup a remote syslog solution that is comprised of the following:
Unifi UDM SE --> Site-to-site IPSec VPN Connection --> AWS VPC --> Private EC2 Instance (syslog collector - ...
0
votes
0
answers
828
views
Extremely slow transfer speed through IPsec tunnel between 2 locations
I have 2 location with fibre connection. Location A has ~400M down/up whereas Location B has 1Gbps (up/down) shared pipe between 4 offices (total of 15 computers).
Location A has a Windows 2019 Hyper-...
0
votes
1
answer
3k
views
NO_PROPOSAL_CHOSEN strongswan ipsec tunnel
Hi I am trying to setup site-to-site vpn tunneling on AWS VMs. Below are my ipsec.conf files for both VMs.
VM-1 (assume IP address : 1.2.3.4)
conn %default
lifetime=60m
mobike=no
...
0
votes
1
answer
675
views
Strongswan ipsec tunneling between two VMs
I am very new to VPN and IPsec tunneling. I have two VMs between them I need to establish IPsec tunnel by using pre-defined PSK key or provided certificate .pem.
I have installed strongswan-5.9.6-1....
1
vote
0
answers
388
views
StrongSwan 5.9.1 (Debian Bullseye): Traffic from IPsec tunnel gets forwarded via Ethernet, but not via bridge
The following problem:
I have a server that is, in addition to other tasks not relevant for the problem at hand, supposed to act as an IPsec gateway.
When I'm using the Ethernet interface pointing to ...
1
vote
3
answers
2k
views
VPN Connection (Fritzbox) works for Android Client but not for Windows and Ubuntu
I use a Fritzbox 7530 Router in my home network as a VPN server. The VPN is configured as "IPSec Xauth PSK" with following settings: server name, IPSecID, IPSec shared key, user name and ...
1
vote
1
answer
2k
views
How to configure strongSwan eap-radius with FreeRadius for EAP-MSCHAPv2 authentication?
I am trying to configure a strongSwan IPsec VPN with RADIUS authentication. The actual EAP-MSCHAPv2 authentication to FreeRadius with OpenLDAP for username/passwords is successful, but then I am stuck ...
0
votes
1
answer
1k
views
Internal DNS server ignored via VPN
I have the following home network setup:
LAN: 172.16.0.0/24
Proprietary router of my ISP (IPv4, Bridge-Mode -> Bridged to my FRITZ!Box router)
Router & DHCP (FRITZ!Box) -> 172.16.0.1
VPN, ...
1
vote
1
answer
1k
views
Strongswan VPN certificate authentication failed
I've installed strongswan vpn on my ubuntu server. Set up certificate authentication. I've set up my android-phone and it works fine. But connection didn't established on the windows machine. I copied ...
0
votes
1
answer
2k
views
Single IP left subnet and routing traffic through tunnel in strongswan
I must set up an ipsec tunnel to use an external service provided by another company (so I have no control on the other side and can't change anything there). Let's say that:
192.168.0.0/24 is my ...
0
votes
1
answer
175
views
NordVPN on Draytek 2862 stops working after some time for no apparent reason
So i have a NordVPN account, which i configured on my draytek, it works for the most part but it will suddenly stop working. the connect does NOT drop, it shows as connected and fine, but no devices ...
0
votes
1
answer
2k
views
Unable to connect to L2TP/IPsec vpn from Windows 10
When I try to connect to my L2TP/IPsec vpn with pre-shared key, I get the following error:
The L2TP connection attempt failed because the security layer encountered a processing error during initial ...
1
vote
1
answer
5k
views
Define PFS Group in Strongswan IKEv2/IPsec Phase 2 Settings
I am trying to setup a VPN connection on Ubuntu 20.04 using Strongswan. One of the requirements for the tunnel is to use PFS group 20.
Is the PFS group 20 being set when we have the following line in ...
1
vote
1
answer
1k
views
macos ipsec vpn not using proper dns servers
I've read several articles on DNS resolution over IPSEC using the native VPN client for macos but I can't seem to resolve the issue.
The ISPEC server is pfSense. I have added the proper DNS servers ...
0
votes
1
answer
358
views
VPN from Windows 10 to Windows Server 2019
I'm trying to establish a connection between a Windows 10 machine and a Windows Server 2019. On the server side I set up the VPN by these instructions https://www.snel.com/support/how-to-set-up-an-...
1
vote
0
answers
65
views
IPSec Phase 2 Configuration For Translated Subnets?
I have two networks with the 10.0.0.0/8 subnet I'm trying to connect via IPSec tunnels. I have the phase 1 configurations working but am a bit stuck on the phase 2 configurations. Each firewall used ...
1
vote
1
answer
5k
views
Use Own VPN Server on Google Chrome Browser
I'm looking a way to connect Internet through my VPN server while browsing from Google Chrome Browser. I though best way is use an extension but I couldn't find any extension that let me enter my own ...
0
votes
1
answer
699
views
VPN redirect user to specific IP and port
Hope you can point me in the right direction. I have this idea but need some advice and suggestions where to look at and how to do it (if it's possible)
I want my family members to connect to a VPN (...
1
vote
0
answers
3k
views
How to setup IPSec VPN between PFSense and Edgerouter X
We have 2 routers/firewalls, 1x pfSense and 1x UBNT Edgerouter X. I tried to setup an IPsec site-to-site connection between these 2 but i cannot get it done. I followed multiple "tutorials"/...
1
vote
0
answers
131
views
How to configure pfsense to use VPN as gateway for OPT port only?
Currently I have set up my PfSense SG-1100 to function as a site to site VPN. I have an unused OPT port on my router and I want to attach that to a switch and have it function as the gateway to the ...
0
votes
0
answers
216
views
How to verify lets encrypt certs with server? - OSCP error linux Strongswan
Goal
I am attempting to build an IKEv2 VPN using the strongswan IPSEC implementation with Let's Encrypt certificates and RSA authentication. I successfully built it in the legacy ipsec.conf format, ...
2
votes
0
answers
2k
views
Troubleshooting VPN connection with Wireshark by decrypting IPSec packets
I'm having troubling establishing a VPN connection to a specific network and I'm not the only one having issues. As per their instructions, I'm using the standard VPN client built in windows with pre-...
0
votes
1
answer
177
views
Can multiple subnets reach each other connecting to a central IPsec VPN?
Say you have three networks, networks A, B, and C.
-A is an ipsec VPN server
-B is connected to A through ipsec
-C is connected to A through ipsec
Can network B access network C?
4
votes
2
answers
12k
views
How can I route only a particular subnet to the StrongSwan VPN but not my whole traffic on linux?
I have no particular competences on networking, so I'll do my best to explain my needs.
On my Linux laptop I'm running StrongSwan (with NetworkManager) to connect to a particular VPN with IPsec. This ...
0
votes
1
answer
834
views
Can any IPSec client connect to any IPSec server?
I have been pondering setting up my own VPS with a VPN server running. Most often, OpenVPN is thrown around when users talk about setting up a VPN on Linux, but this tech seems to live a bit on the ...
0
votes
0
answers
464
views
Troubleshooting L2TP/IPSec on Windows Server 2019 with PowerShell
The problem which I've got is that a Windows Server 2019 VM hosted in the cloud crashes exactly after it shows that a L2TP/IPSec connection is successfully established.
According to the VPN server (...
0
votes
1
answer
10k
views
IPsec on pfSense: Tunnel is up, but I can't connect to remote host
I have a strange problem with my IPsec VPN:
I have 2 matched [hardware and software - 2.4.4 release p3] pfSense boxes at different locations.
Each pfSense is a Firewall + DHCP server + Gateway for the ...
0
votes
0
answers
1k
views
VPN l2tp over IPSec: ppp - No auth is possible. Ubuntu 18.04 LTS
I setup IPSec over VPN using this tutorial https://20notes.net/linux/setup-l2tp-over-ipsec-client-on-ubuntu-18-04-using-gnome
It is working using NetworkManager.
However NetworkManager allow only one ...
1
vote
0
answers
240
views
Linux ShrewSoft client connects but doesn't pass any traffic
A customer recently changed their VPN server and now recommends ShrewSoft as the appropriate client.
On Windows, the provided config works. On Linux, it also appears to connect and sets up a tap0 ...
0
votes
0
answers
116
views
Some VPN traffic blocked to secure endpoints
I have a VPN server (strongswan) used for testing that I connect to via IKEv2 on a variety of systems (here, I tried Windows, Ubuntu, & Android), normally without issues. This morning, I was on a ...
1
vote
0
answers
109
views
IPSEC connection between SIP Client and PCSCF. ESP header does not appear. IPsec does not apply to the header
I wanted to create SIPP script to create scenario to establish IPSEC connection between UE and PCSCF using below;
For example:-
setkey -c << EOF
spdadd $pcscf/32[$port_pc] $ue/32[$port_us] tcp ...
0
votes
0
answers
30
views
IPSec Tunnel in a tunnel? A soon to be travelling remote worker
Ok. I generally work remotely, which is nice. I soon plan to do some overseas travelling, and I would prefer to hide my real srcIP if possible (potential audits/geo-restrictions, etc.).
I'm ...
4
votes
1
answer
3k
views
L2TP/IPSec On Mac Failed to connect
I am connecting to a VPN Server set up following instructions in https://github.com/hwdsl2/setup-ipsec-vpn
And I setup the clients following https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/...
0
votes
0
answers
483
views
Connect to my server from outside my network securely
I have a LAN with computers connected to server, what I need to do is connecting PC to this server securely from another location.
My network structure is described in the image attached and needs ...