Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [strongswan]

strongSwan is an open source, multi-platform IPsec-based VPN solution, with IKEv2 & IKEv1 support

strongSwan is an open source, multi-platform -based solution, with IKEv2 & IKEv1 support.

More information can be found on strongswan.org.

435 questions
6
votes
2 answers

Enable IKE tracing on windows 10 VPN

I have an IKEV2 VPN setup (including certs) that worked fine on windows 7. On Windows 10, the same config fails with 'IKE authentication credentials are unacceptable'. Server is StrongSwan. The last line in the log for a connection attempt…
FatalFlaw
  • 181
  • 1
  • 1
  • 4
6
votes
3 answers

Using strongswan, what's the difference between auto=add, and auto=start?

The docs on this are pretty vague, what operation, if any, should be done automatically at IPsec startup. add loads a connection without starting it. route loads a connection and installs kernel traps. If traffic is detected between leftsubnet and…
Evan Carroll
  • 2,373
  • 10
  • 34
  • 53
6
votes
1 answer

Simultaneous IKEv1 and IKEv2 connection support in Strongswan

I'm using Strongswan to handle IPsec connections, and need a way to support both Windows (IKEv2) and OS X (IKEv1) clients. I would prefer to use pure IPsec (i.e. avoid having to setup L2TP) unless there's a compelling reason to use L2TP/IPsec. I…
Alex
  • 471
  • 7
  • 18
6
votes
1 answer

strongswan: entirely virtual subnet

I recently set up a strongswan IPSec VPN to access some non-public services of my home server from my android smartphone. I am using OpenVPN on some other devices for the same task, but chose strongswan for the phone, as IKEv2 is supposed (correct…
Fabian Henze
  • 223
  • 3
  • 6
6
votes
1 answer

strongSwan IPsec server with AWS EC2 VPC VPN client

I'm trying to create a VPN tunnel between 2 AWS regions. The way I'm trying to do this is by setting up a IPsec server in Linux with strongSwan in one region, and then a VPC VPN in the other region. The problem is I can't come up with a…
phemmer
  • 5,909
  • 2
  • 27
  • 36
5
votes
1 answer

Site-to-site IPSec routing (Ubuntu, StrongSwan)

I am stuck in trying to connect two networks. SiteA: is a number of VPS in different locations and office workstations connected with OpenVPN in a private network 10.113.0.0/24. Each has it's own internet access and default gateway. OpenVPN server…
Ivan Yaremchuk
  • 153
  • 1
  • 1
  • 5
5
votes
1 answer

AWS StrongSwan IPSec VPN

I've been playing around with StrongSwan recently as a replacement to Amazons VPN which cost money. I'm having trouble completely configuring a IPSec tunnel between a remote server and a Ubuntu EC2 machine running StrongSwan. My goal is to have our…
anders
  • 191
  • 2
  • 8
5
votes
2 answers

TCP connection through IPSec (Linux/Strongswan) stalls after exceeding PMTU

The backups (via Bacula) of one of my servers (“A”) connected via IPSec (Strongswan on Debian testing) to a storage daemon (“B”) don't finish 95% of the times they run. What apparently happens, is: Bacula opens a TCP connection to the storage…
al.
  • 925
  • 6
  • 17
5
votes
2 answers

SSH not working over IPSec tunnel (Strongswan)

I configured a small network on a cloud virtual machine. This virtual machine has a static IP address assigned to eth0 interface that I'll call $EXTIP. mydomain.com points to $EXTIP. Inside, I have some linux containers, that get their ip through…
PattPatel
  • 131
  • 1
  • 5
5
votes
1 answer

strongswan VPN on OpenWrt

Hi I'm running Barrier Breaker version of OpenWRT and I have setup a VPN according to: http://wiki.openwrt.org/inbox/strongswan.howto I can connect to the VPN with my iPhone or Mac (to 10.10.1.0/24 network). I can also connect from Windows 7. An IP…
Greg Pagendam-Turner
  • 973
  • 2
  • 13
  • 20
5
votes
2 answers

How can I capture IPSEC packets on my VPN server?

I am running a strongSwan (U5.3.5/K4.4.0-62-generic) VPN server on Ubuntu 16.04. Ususally, when I want to examine traffic on a server, I simply run something like the following: tcpdump -ni eth0 "tcp port 80" -w log.pcap On the VPN server it…
Oleg
  • 373
  • 1
  • 7
  • 17
4
votes
1 answer

strongswan ikev2 with debian. EAP authentication failed. loading EAP_MSCHAPV2 method failed

I can't get Strongswan to run on my Debian machine. I've already done a tutorial to get it to run on a Ubuntu machine but it seems impossible to me to get it to run on my Debian machine. I actually did everything like in the tutorial, except the…
BestimmungGefördert
  • 121
  • 1
  • 1
  • 5
4
votes
3 answers

How can I route traffic over IPSec tunnel?

I have two sites: MAIN (local subnet 192.168.0.0/24, external IP: M.M.M.M) and CLIENT (10.0.0.0/24, external IP: C.C.C.C). I created an IPSec tunnel between the sites and both sites can ping computers in both subnets. So far so good. # ipsec…
Michal B.
  • 97
  • 1
  • 1
  • 10
4
votes
1 answer

OpenSSL equivalent of libreswan IPSEC

I have the following ipsec commands that generate certificates, but I dont have ipsec installed so looking for the openssl equivalent. Can anyone please help? Create certificate authority cert ipsec pki --gen --type rsa --size 4096 --outform pem >…
Christian
  • 796
  • 3
  • 13
  • 31
4
votes
2 answers

Strongswan can not connect "no shared key found for"

I try to establish VPN to a remote server. However I get strange error - "no shared key found for" and I can not find any usable information for it. strongswan configutation is as following: 1.1.1.1 = my server IP (client) 2.2.2.2 = IP of remote…
Nick
  • 826
  • 2
  • 15
  • 42
1
2
3
28 29