Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ipsec]

IPsec (Internet Protocol Security) is a protocol for securing IP communications by authenticating and encrypting each IP packet of a communication session.

IPsec (Internet Protocol Security) is a protocol for securing IP communications by authenticating and encrypting each IP packet of a communication session.

1031 questions
0
votes
1 answer

StrongSwan Linux Client refuses to connect to StrongSwan server

I have a StrongSwan VPN server set up on an Ubuntu 18.04 server, and it is working well. I am able to connect to this VPN from Windows 10 and macOS, and everything works wonderfully. The problem is that I can't get Linux to connect to this same…
deltamind106
  • 168
  • 1
  • 8
0
votes
1 answer

How do I setup ipsec VPN between APIs on different servers?

There are 2 sets of API each hosted in 2 different organisations: my client's organisation and her partner's organisation. The servers from the 2 organisations communicate between each other through the APIs hosted in each organisations. My client's…
xenon
  • 311
  • 2
  • 6
  • 11
0
votes
1 answer

Is it possible to have L2TP/IPsec VPN auto disconnect after x hours?

I couldn't find anything on Google, everything that I found was related to the opposite problem, VPN disconnecting when people don't want it to. A little backstory: one of our potential clients needs us to have forced VPN disconnect after 24 hours…
Rikudou_Sennin
  • 111
  • 3
0
votes
0 answers

IPsec strongswan creates wrong packets on WAN interface

I have set up strongswan for IPsec connection (remote Win10 to my Linux router). IPsec does not have interface by default but I don't want to risk exposing VPN traffic on my WAN interface. So I setup VTI interface with mark…
avi9526
  • 141
  • 7
0
votes
1 answer

VPN / NAT - Public Encrypted Domain Setup / issues

I currently have an issue at hand, i am not too experienced in the routing part of unix and would be great to have a helping hand. I currently am using Hetzner for cloud instances. I currently need to setup a Site-to-Site connection using public…
Shei Man
  • 1
0
votes
1 answer

Strongswan works on embedded device via ethernet but not with 4G modem

I have a Gateworks SBC with an installed Ubuntu 20.04. My SOC is connected with an USB to ethernet adapter (eth0) as DHCP Client (192.168.88.102) to my Mikrotik router (DHCP Server), which acts as my gateway to internet(Masquerade). I have installed…
Gerbaum
  • 1
  • 2
0
votes
1 answer

Strongswan swanctl profile for native Android IKEv2 IPsec

Android 11 seems to support IKEv2/IPsec now, so I'm attempting to build a roadwarrior swanctl profile for it. So far I'm getting as far as having an SA established, but then immediately deleted. Any advice? The Android VPN profile has: Type:…
blee
  • 245
  • 4
  • 18
0
votes
1 answer

Does ikev1 or ikev2 support a no-authentication option? If so, how can I enable that in strongswan?

For testing purposes, I want to setup an ipsec tunnel using IKEv1 or v2 (preferably v2) that does not require any authentication - so just using the protocol to agree on the secret-keys of the ipsec tunnel and skipping the authentication. Is such an…
xeyipes
  • 15
  • 2
0
votes
0 answers

Cipher names (ipsec)

I've got this in my syslog 470 Nov 22 11:32:23 mini31 ipsec[8820]: 13[IKE] 192.168.1.7 is initiating a Main Mode IKE_SA 471 Nov 22 11:32:23 mini31 ipsec[8820]: 13[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,…
Richard Barraclough
  • 101
  • 6
0
votes
0 answers

IPSec Phase 2 Configuration For Translated Subnets?

I have two networks with the 10.0.0.0/8 subnet I'm trying to connect via IPSec tunnels. I have the phase 1 configurations working but am a bit stuck on the phase 2 configurations. Each firewall used is running pfSense. There are two primary cases…
CoryG
  • 101
  • 3
0
votes
1 answer

really dumb routing, ipsec, rdp question

We have persistent IPSec tunnels on my firewall to two remote offices. When users from those offices visit, what exactly would I need in order to get their RDP shortcuts to resolve over the tunnels? Their VPN clients are functioning on their…
lxlxlxl
  • 23
  • 3
0
votes
0 answers

StrongSwan site to site no HTTPS traffic but HTTP works

I'm trying to connect to CISCO ASA from StrongSwan from a digital ocean droplet. Below are the configs I have: ipsec.conf conn %default ikelifetime=86400s keylife=60m rekeymargin=3m keyingtries=1 keyexchange=ikev1 authby=psk …
Wafula Samuel
  • 121
  • 3
0
votes
0 answers

How to connect 2 IPSec sites with each other via the "main site"

First of all, i'm originally a software engineer with some network knowledge so no network specialist. At my current job i'm also responsable for the network. I say this because it may be a bit stupid of obvious question for the real network experts…
CodeNinja
  • 305
  • 1
  • 8
  • 18
0
votes
1 answer

What is an authentication method for L2TP or IKEv2 VPN that sends the username and password?

Google's GSuite Secure LDAP does not expose userPassword. CHAP, MSCHAP and other authentication do not send the password. They assume the server knows the password and can use a challenge. Because GSuite SLDAP doesn't expose the password, I can't…
Chemdream
  • 93
  • 1
  • 9
0
votes
1 answer

VPN - Ubuntu can't ping server, but Windows can

I'm having problems using a VPN connection on Ubuntu, as a client. Works well on Windows. Ubuntu does not receive the route table... Scenario: Server: Centos 7 with Strongswan (Ipsec, IKEv2) Static IP set to…
Arvy
  • 131
  • 8
1 2 3
68 69