strongSwan is an open source, multi-platform IPsec-based VPN solution, with IKEv2 & IKEv1 support
strongSwan is an open source, multi-platform ipsec-based vpn solution, with IKEv2 & IKEv1 support.
More information can be found on strongswan.org.
Questions tagged [strongswan]
435 questions
0
votes
1 answer
strongSwan: multiple rightsubnet using IKEv1
https://wiki.strongswan.org/projects/strongswan/wiki/ConnSection
According to strongSwan documentation rightsubnet with multiple network addresses only works with IKEv2. There is a common (?) workaround, to set up multiple connections, all using the…
robbash
- 101
- 1
- 5
0
votes
1 answer
IPsec tunnel won't stay up
I have a static IPsec tunnel configured between a Debian cloud server running StrongSwan and a Juniper SRX 210. The tunnel goes up just fine, but it never stays up for long, the longest may be about 1hr. I think it's because there isn't much data…
Agrajag9
- 180
- 9
0
votes
2 answers
Having trouble while setting VPN tunnel
I want to setup VPN tunnel between hosts, such that their subnetworks can connect each other. Ex:-
DummyNetwork ---> PC1 (HOST A) ------------- PC2( HOST B)------ >DummyNetwork
PC1 IP address : 192.168.32.109
PC1 dummy network : 10.10.10.0/24
PC2 IP…
0
votes
1 answer
Strongswan - Cisco ASA Transaction Request failure
I am trying to create a S2S VPN between an Ubuntu StrongSwan (in Azure) and a Cisco ASA at a client site.
Currently using ikev1 (the Cisco won't support v2 for a few months) and it appears to be getting stuck generating a transaction, which the…
Michael B
- 748
- 3
- 10
0
votes
1 answer
Ipsec: How to forward certains IPs to use VPN
I connected to a VPN using Strongswan IPsec in Ubuntu.
Im trying to telnet to an IP address but is giving time out due that it would need to be done through the VPN.
How can I "only requests to these IPs address to use the VPN and the rest use the…
Martin
- 101
- 2
0
votes
0 answers
Routing through IPSec tunnel
I have two servers establishing an IPSec VPN as a site-to-side kind of setup. I use StrongSwan on Ubuntu 16.04 for both servers and the VPN itself works. What may be a bit special is that the subnet behind each gateway is just virtual as in I…
robbash
- 101
- 1
- 5
0
votes
0 answers
IPSec - Is it possible to have remote access clients (road warriors) all behind the same NAT device?
This is a topic that I find mixed information on. Is it possible to have two IPSec road warriors that are behind the same NAT, even with an ASA as the VPN endpoint? I have been trying with Libreswan w\ XAUTH+PSK and IKEV2+certs to no avail. I am…
WCCPGuy9898
- 21
- 1
- 4
0
votes
1 answer
Strongswan - IOS Roadwarrior cannot access hosts on the internet
I'm having a rather strange problem with a Strongswan IPSec VPN not being able to access hosts on the internet. I can connect to the VPN fine, and I can access hosts on my local network. I also setup the ip forwarding rules described on the…
Quantum64
- 111
- 2
0
votes
2 answers
Docker & StrongSwan: Destination Host Unreachable
I'm having a bit of trouble communicating between containers using my IPsec tunnels. Here's my setup:
I have Docker installed on multiple Ubuntu 14.04 hosts and I'm running various containers on each. I need some of these containers to be able to…
David Jacob
- 13
- 1
- 4
0
votes
1 answer
How can I tell strongswan that left is local (independent of IPs)?
Is there something like local = left which I could use in the strongSwan configuration?
I don’t want to use any IP-addresses, as they might change. And I don’t want the server to guess it, I want to fix it that way beyond any doubt.
In all of my…
Robert Siemer
- 542
- 9
- 19
0
votes
0 answers
Missing /etc/init.d/ipsec script after installing strongswan 5.3.2 from source
Ubuntu 14.04 (Amazon's Ubuntu AMI). Installed strongswan 5.3.2 from source (latest version in repo is too old and doesn't work). 1 question:
1) Noticed that the /init.d/ipsec (or /init/) script is missing. I'm a linux newb, so I assume this is…
lobi
- 1,083
- 2
- 15
- 30
0
votes
0 answers
Strongswan: Connection established but one way data transfer
Posting Updated: 26.06 11:22
I'm trying to use a rasperry pi on arch linux as strongswan ikev2 server for my windows phone 8.1 smartphone. I would like to use a client certificate for authentication. My current result is an established connection. I…
Franz
- 1
- 2
0
votes
1 answer
Can not connect into a subnet across a StrongSWAN VPN
This is a simplification of a bigger problem I'm experiencing, but I think it covers everything. The production issue is between a StrongSWAN VPN and a Juniper SSG550. The network setup is clearly not ideal, but I've inherited it and the client is…
sunaxi
- 1
- 3
0
votes
0 answers
strongSwan IKEv2 external authentication
I use Linux IPSec VPN-server based on strongSwan 5.2.1 with eap-mschapv2 authentication using passwords in ipsec.secrets file.
Now I need to add one more VPN-server for the same users and I want to have a single user/password database on the remote…
Anton
- 451
- 1
- 4
- 5
0
votes
1 answer
No traffic routing between Cisco CSR1000v and Strongswan IPSec end points on AWS
I am trying to configure a Cisco CSR1000V on AWS to create an IPSec VPN with Strongswan 5.1.2 (on Ubuntu 14.04) on another AWS machine. I can establish the VPN from the Strongswan end and it appears to have correctly built the security associations…
Ian G
- 101
- 1
- 5