Questions tagged [ipsec]
IPSec is a method to provide internet security over the layer 3 of the OSI model.
215
questions
1
vote
1
answer
5k
views
Strongswan IPSEC VPN for Windows 7 road warrior config
Following the Strongswan wiki link for configuring Strongswan for Windows 7 clients:
http://wiki.strongswan.org/projects/strongswan/wiki/Win7EapMultipleConfig
I used the sample files as-is with no ...
CommunityBot
- 1
0
votes
1
answer
3k
views
NO_PROPOSAL_CHOSEN strongswan ipsec tunnel
Hi I am trying to setup site-to-site vpn tunneling on AWS VMs. Below are my ipsec.conf files for both VMs.
VM-1 (assume IP address : 1.2.3.4)
conn %default
lifetime=60m
mobike=no
...
CommunityBot
- 1
1
vote
1
answer
58
views
How can I setup FIREWALLD with IPSEC (StrongSwan) Site-to-Site to make PING work on Debian 12?
I have 3 nodes with public and local IP address, each:
Node A: edge router #1 (10.41.1.0/24)
Node B: edge router #2 (10.48.2.0/24)
Node C: VMS with Debian 12, docker containers and firewalld (ex. 172....
- 1,258
1
vote
3
answers
15k
views
How to setup VPN connection from android 13/14 native VPN client to mikrotik routerOS for testing mobile app with backend behind a private network?
I want to test my mobile app on Android 13 with test backend located in private network. Therefore I need to access this network via VPN tunnel.
Since L2TP/PPTP VPN connections are not supported on ...
- 1
0
votes
0
answers
28
views
PFsense: fake subnet
I have got on IPSec tunnel mapping a remote 172.x/24 network to my local 10.x/16 network.
Because I cannot change the configuration on the remote site I need to use this like this (with 10.x/16 ...
- 73
2
votes
1
answer
202
views
How are `vti` and `xfrm` iproute2 interfaces supposed to be configured and used with xfrm states and policies?
XFRM states and policies enable configuring IPsec encryption without a virtual interface. The vti and xfrm interface types, however, I think make it possible to route traffic through a virtual ...
- 1,258
1
vote
3
answers
8k
views
IPsec VPN connection drops automatically every 47 mins
I'm using Cisco Systems VPN Client Version 5.0.07.0440 on Windows 7 Ultimate 64-bit to connect to a VPN server through IPSec/UDP.
The problem is each time when it connects, I always get warnings in ...
CommunityBot
- 1
1
vote
2
answers
7k
views
Have Site-To-Site (IPSEC) connected but cannot ping anything other than router
Just setup a new Azure subscription, and i'm stumped trying to troubleshoot why I can't ping any local VMWare machines from a Azure VM. After successfully setting up an IPSec Site-To-Site VPN.
I am ...
CommunityBot
- 1
0
votes
1
answer
112
views
Allowing incoming ICMP from only a specified source IP
In the predetermined snippet:
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request"
protocol=icmpv4:8,any dir=in action=allow
What would I change exactly to allow ...
- 336
0
votes
0
answers
185
views
To allow IPsec NAT-T traffic to pass through, why does the firewall still need to permit ESP when it already allows UDP 4500?
I established an IPsec VPN tunnel between two Juniper SRX routers across NAT, with the NAT being performed by the firewall (a Linux server). When attempting to configure the firewall rules to allow ...
1
vote
1
answer
5k
views
Use Own VPN Server on Google Chrome Browser
I'm looking a way to connect Internet through my VPN server while browsing from Google Chrome Browser. I though best way is use an extension but I couldn't find any extension that let me enter my own ...
CommunityBot
- 1
0
votes
0
answers
47
views
UDMP Wireguard Server + IPSec Site-to-site
We have a UDMP with a few VLANs : 10.92.10.0/24 , 10.92.41.0/24, 10.92.42.0/24
We have added a Wireguard server, which uses 192.168.4.0/24, and works wonderfully (clients can connect and access ...
0
votes
1
answer
22
views
IPSec S2S peer B host cannot receive ICMP reply or access host resources on peer A
I've got an IPSec S2S tunnel setup. The VPN is connected, tunnel established.
Here's the network topology:
(for reference, I am Peer A)
Problem:
host A pings host B and gets reply (this is not a ...
- 589
0
votes
1
answer
4k
views
Mikrotik IPSec VPN routing
I seem to be clueless at the routing with VPN. I am trying to setup an IPSec VPN tunnel so as to secure communication between my private LAN and a destination host. Any device within my private LAN ...
CommunityBot
- 1
0
votes
1
answer
76
views
Creating an IP alias for a device on another subnet behind a VPN
I set up a site-to-site VPN with IPsec between two routers.
Router 1 (DLink DSR-250V2) controls the 11.11.11.0/24 subnet.
Router 2 controls the 192.168.1.0/24 subnet.
The tunnel itself works fine. ...
- 463k
0
votes
0
answers
87
views
nftables config for ipsec (strongswan) vpn
If have got a working IPSec connection between a device (raspberry) on remote side (10.X.117.0/24 network) and the local network (10.Y.0.0/16 network).
The raspberry has a static 10.X.117.1 IP on its ...
- 73
0
votes
0
answers
133
views
How to chain in cascade two VPNs on macOS?
Given the following VPNs:
a WireGuard VPN I've created with a Fritz!Box
a Cisco IPSec VPN
I'd like to know if it's possible to connect to the Cisco VPN using the IP obtained via the WireGuard VPN. ...
- 101
1
vote
0
answers
388
views
StrongSwan 5.9.1 (Debian Bullseye): Traffic from IPsec tunnel gets forwarded via Ethernet, but not via bridge
The following problem:
I have a server that is, in addition to other tasks not relevant for the problem at hand, supposed to act as an IPsec gateway.
When I'm using the Ethernet interface pointing to ...
- 265
0
votes
0
answers
147
views
set network interface for strongswan
I am using StrongSwan on Raspberry Pi with a LTE token which is handled as eth1. It works fine as long nothing is connected to the ethernet port (eth0).
Then StrongSwan wants to use eth0 which fails.
...
- 73
0
votes
0
answers
141
views
IPSEC libreswan interface endpoint does not match left or right
I am using libreswan on raspberry Pi OS 12 to connect to PFsense with /etc/ipsec.conf
from an external network
config setup
conn %default
#keyexchange=ikev1
conn peer-ipsec.xxx.de-tunnel-1
...
- 73
0
votes
1
answer
208
views
IpSec StrongSwan HA config misses / no connection
I am using strongswan on rasberian 12 to connect to PFsense with /etc/ipsec.conf from an external network to an PfSense:
config setup
conn %default
keyexchange=ikev1
conn peer-ipsec.xxx.de-...
- 73
1
vote
0
answers
36
views
Routing specific subnet through a local peer
I have two (almost identical) Ubuntu machines with the local IP of 10.0.0.10 and 10.0.0.20, let's call them TEN and TWENTY respectively. Both have the default gateway of 10.0.0.1.
On TEN I have a site-...
- 11
0
votes
1
answer
2k
views
Mac OSX can dig or nslookup but cannot ping host
I am facing a problem with my mac on a Sophos Remote IpSec VPN.
The VPN IpSec is set to be the Default Gateway.
I can connect to the VPN, and I can join every IP on my remote network.
I can dig and ...
- 1
1
vote
1
answer
547
views
VPN for remote access to home LAN (IPSec?)
Another probably daft question:
I am in the process of setting up a VPN connection for the purpose of remote access to services on my home LAN. The router, firewall and VPN server i am using for this ...
- 469
0
votes
0
answers
158
views
Bandwidth control using traffic control `tc` on Strongswan ipsec connection
I am in the need to use traffic control tc to regulate the bandwidth.
From what I known is that I can manage the bandwidth using the following
DEV=eth0
RATE="100kbps"
tc qdisc del dev $DEV ...
- 51
0
votes
0
answers
145
views
Cannot establish IPv6 connection with strongswan using IKEv2 and MSCHAPv2 Host-To-Host (Legacy configuration)
I am unable to get a connection with IPv6 host-to-host.
Below is the log output (anonymized)
Sep 27 14:25:18 vpn.xxxx.tld ipsec[13769]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.8, Linux 6.1....
- 51
1
vote
0
answers
27
views
Using remore office local internet
I bought two routers (DrayTek Vigor 2866ax) to connect offices in different countries. The problem we have is we need to use internet of other country to connect to our bank accounts and local ...
- 4,054
3
votes
1
answer
1k
views
P12 Certificate Authentication - what is the correct method
I've been able to successfully set up an IKEv2/IPSec VPN Server using certificate authentication. However, I have a general issue regarding the correct method of creating P12 user certificates.
I've ...
- 8,168
0
votes
0
answers
129
views
Downgrade libreswan version inside docker alpine
I configured vpn server inside docker from this repo 10 months ago. But recently met connection errors. I found this issue and want to try fix it with downgrading libreswan to 4.15, but don't ...
- 101
1
vote
0
answers
289
views
Configuring IPsec idle timeout on Windows
I am experimenting with built-in Windows IPsec functionality (advfirewall Connection Security Rules method) against an embedded Strongswan server. I have observed the following behavior:
Phase 2 (...
- 336
0
votes
0
answers
175
views
Configure IPsec only VPN on routerOS
For connections from my iPhone into my home network when I'm outside, I configured a VPN based on L2TP and IPsec. I found a lot of examples in the internet for this configuration. All network traffic ...
- 101
0
votes
0
answers
24
views
Occasional and Momentary Site-to-Site VPN Tunnel Failures
I just started managing a number of locations that have site-to-site VPN connections. Part of what I've been doing is going through the Sophos firewalls examining alerts, findings and incidents. While ...
- 41
0
votes
0
answers
463
views
Unifi UDM - IPSec VPN PING works but nothing else?
I'm trying to setup a remote syslog solution that is comprised of the following:
Unifi UDM SE --> Site-to-site IPSec VPN Connection --> AWS VPC --> Private EC2 Instance (syslog collector - ...
- 101
0
votes
0
answers
828
views
Extremely slow transfer speed through IPsec tunnel between 2 locations
I have 2 location with fibre connection. Location A has ~400M down/up whereas Location B has 1Gbps (up/down) shared pipe between 4 offices (total of 15 computers).
Location A has a Windows 2019 Hyper-...
- 481
0
votes
0
answers
992
views
Setup static routes with Libreswan
We are using Libreswan to connect On-Premise network to Azure and BGP to advertise routes. But Azure BGP it's eBGP with 2 hops.
The use case it's:
a. setup IPSec tunnel
b. route Azure Peer IP via ...
1
vote
0
answers
38
views
Trying to find out the best possible network setup to allow IPSec tunneling between networks through Cisco router and DreyTek network device
I'm trying to find out the best possible network setup for my test SOHO network.
My goal is to create a create IPSec tunnel between my network (192.168.68.0/24) and a remote network. The main reason I ...
- 56k
0
votes
1
answer
3k
views
How can I create an IPsec tunnel between a FritzBox and a pfsense, without using Aggressive Mode?
I've successfully created an IPSEC Tunnel between my local FritzBox 7590 and my office, which is running a pfsense hardware firewall (APU2) with pfsense 2.4.5-RELEASE-p1 and coreboot firmware v4.11.0....
- 1
0
votes
3
answers
3k
views
Macbook Pro unable to use the internet while connected to IPSec VPN
Short Question
Is there something I am missing when setting up a Cisco IPSec VPN connection that redirects all traffic over the VPN?
Background
When I am connected to the VPN, I can browse our ...
- 43k
1
vote
1
answer
3k
views
Cisco ASA5505 site-to-site VPN doesn't establish tunnel to remote peer
The remote peer can start the tunnel successfully when accessing my local network like pinging a local host, however, the tunnel cannot be automatically started from the local side.
The log shows no ...
CommunityBot
- 1
0
votes
1
answer
607
views
Strongswan ipsec tunnel not establishing connection with AAA server
I have two VM
VM-1 : I have installed Strongswan 5.9.
VM-2 : Installed Strongswan 5.9, Installed freeradius (radius server)
I have started Strongswan on both VM by systemctl start strongswan.
When I ...
- 463k
0
votes
1
answer
675
views
Strongswan ipsec tunneling between two VMs
I am very new to VPN and IPsec tunneling. I have two VMs between them I need to establish IPsec tunnel by using pre-defined PSK key or provided certificate .pem.
I have installed strongswan-5.9.6-1....
- 265
1
vote
3
answers
2k
views
VPN Connection (Fritzbox) works for Android Client but not for Windows and Ubuntu
I use a Fritzbox 7530 Router in my home network as a VPN server. The VPN is configured as "IPSec Xauth PSK" with following settings: server name, IPSecID, IPSec shared key, user name and ...
- 111
1
vote
1
answer
2k
views
How to configure strongSwan eap-radius with FreeRadius for EAP-MSCHAPv2 authentication?
I am trying to configure a strongSwan IPsec VPN with RADIUS authentication. The actual EAP-MSCHAPv2 authentication to FreeRadius with OpenLDAP for username/passwords is successful, but then I am stuck ...
- 463k
0
votes
1
answer
1k
views
Internal DNS server ignored via VPN
I have the following home network setup:
LAN: 172.16.0.0/24
Proprietary router of my ISP (IPv4, Bridge-Mode -> Bridged to my FRITZ!Box router)
Router & DHCP (FRITZ!Box) -> 172.16.0.1
VPN, ...
- 10.8k
1
vote
1
answer
1k
views
Strongswan VPN certificate authentication failed
I've installed strongswan vpn on my ubuntu server. Set up certificate authentication. I've set up my android-phone and it works fine. But connection didn't established on the windows machine. I copied ...
- 1,258
0
votes
1
answer
2k
views
Single IP left subnet and routing traffic through tunnel in strongswan
I must set up an ipsec tunnel to use an external service provided by another company (so I have no control on the other side and can't change anything there). Let's say that:
192.168.0.0/24 is my ...
- 463k
1
vote
0
answers
2k
views
iptables to nftables for iKEv2 IPSEC VPN server
Can someone please help in converting the below iptable rules to equivalent nftables rules?
I have already tried to use iptables-translate, but it is not translating all of my rules...
# accept ports ...
- 111
0
votes
1
answer
4k
views
IPSec nftables strongswan
How to configure nftables to allow inbound only ipsec traffic and process rules after decryption. I have nftable.conf:
#!/sbin/nft -f
flush ruleset
# ----- IPv4 -----
table ip filter {
chain ...
- 111
1
vote
0
answers
3k
views
How to setup IPSec VPN between PFSense and Edgerouter X
We have 2 routers/firewalls, 1x pfSense and 1x UBNT Edgerouter X. I tried to setup an IPsec site-to-site connection between these 2 but i cannot get it done. I followed multiple "tutorials"/...
- 65.3k
1
vote
0
answers
240
views
Linux ShrewSoft client connects but doesn't pass any traffic
A customer recently changed their VPN server and now recommends ShrewSoft as the appropriate client.
On Windows, the provided config works. On Linux, it also appears to connect and sets up a tap0 ...
