Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [strongswan]

strongSwan is an open source, multi-platform IPsec-based VPN solution, with IKEv2 & IKEv1 support

strongSwan is an open source, multi-platform -based solution, with IKEv2 & IKEv1 support.

More information can be found on strongswan.org.

435 questions
0
votes
1 answer

site-to-site VPN route traffic through VPN tunnel

Short version: in a site-to-site VPN setup with Strongswan on both sides, how to route particular traffic via the VPN tunnel? Long version: We have two Linux (ubuntu 20.04) in AWS, both installed with Strongswan VPN, and a VPN tunnel has been…
Cal
  • 189
  • 1
  • 2
  • 7
0
votes
0 answers

Masking network behind another using Iptables MARK and NETMAP targets

Aoa, Hello I have faced similar scinario mentioned in following link during vpn tunnel implementation using Strongswan: https://www.strongswan.org/testing/testresults/ikev2/net2net-same-nets/ Here it is mention that: necessary network mappings are…
MUHAMMAD KASHIF
  • 1
  • 1
0
votes
1 answer

Radius authentication does not work in Strongswan, when comming from a Windows VPN client?

My strongswan VPN server is authenticating VPN clients against a local Freeradius server. All user logings is proxied to remote radius server, that validates users against a Samba Active Directory server. However I have runned into a bit of a…
Lasse Michael Mølgaard
  • 947
  • 10
  • 27
0
votes
1 answer

site to site routed tunnels using Strongswan VTI. Marking

In the past I've configured few site to site GRE tunnels. But now i'm need to configure VTI type tunnel, because AWS VPC supports only that. Everything is quite clear, according Strongswan documentation: we need to use MARKs when creating the…
Edvinas
  • 63
  • 8
0
votes
1 answer

StrongSwan Linux Client refuses to connect to StrongSwan server

I have a StrongSwan VPN server set up on an Ubuntu 18.04 server, and it is working well. I am able to connect to this VPN from Windows 10 and macOS, and everything works wonderfully. The problem is that I can't get Linux to connect to this same…
deltamind106
  • 168
  • 1
  • 8
0
votes
1 answer

Certificates explanation for VPN Server Edgerouter + IPSec/IKEv2 + Active Directory Certification Authority

I’m trying to setup a IPSec/IKEv2 VPN Server for roadwarriors on my EdgeRouter 6P which has Linux Strongswan 5.6.3 on board, with Active Directory CA as TRUSTED ROOT CA and Microsoft NPS as Radius for authentication, both installed on Domain…
eric_
  • 1
  • 1
0
votes
0 answers

IPsec strongswan creates wrong packets on WAN interface

I have set up strongswan for IPsec connection (remote Win10 to my Linux router). IPsec does not have interface by default but I don't want to risk exposing VPN traffic on my WAN interface. So I setup VTI interface with mark…
avi9526
  • 141
  • 7
0
votes
1 answer

StrongSwan clients fail to connect, Constraint checking failure

Client devices (Runs Windows 10 and Android with StrongSwan app) fail to connect. Certificates signed by one authority, CN is set as server public ip. Here's ipsec.conf: config setup include /var/lib/strongswan/ipsec.conf.inc config setup …
user11686813
  • 1
  • 1
  • 2
0
votes
2 answers

How can I set up a point-to-point IPv6 GRE tunnel encrypted with ipsec between my Mikrotik CCR2004 router and a Linux host running Strongswan?

I need to encapsulate IPv4 in IPv6 for routing purposes. One end is a Linux box running quagga, and the other end is a Mikrotik CCR2004. How?
Falcon Momot
  • 25,244
  • 15
  • 63
  • 92
0
votes
1 answer

Strongswan roadwarrior scenario with pubkey authentication issues

Ubuntu 20.04 Strongswan 5.9.1 (built from source) swanctl.conf Android Strongswan app I am using a self signed ca and certificates. roadwarr-ikev2-pubkey { version = 2 #proposals =…
lk7777
  • 243
  • 2
  • 10
0
votes
1 answer

received netlink error: Invalid argument when trying to connect using ipv6

I'm trying to connect an initiator to a responder using ipv6 Both are on Ubuntu 20.04 and strongswan 5.9.0 Initiator is on a virtual machine (using VMware) on a personal computer behind a box connected to my ISP network. The VM uses a NAT network…
Dazounet
  • 45
  • 1
  • 8
0
votes
1 answer

Strongswan works on embedded device via ethernet but not with 4G modem

I have a Gateworks SBC with an installed Ubuntu 20.04. My SOC is connected with an USB to ethernet adapter (eth0) as DHCP Client (192.168.88.102) to my Mikrotik router (DHCP Server), which acts as my gateway to internet(Masquerade). I have installed…
Gerbaum
  • 1
  • 2
0
votes
0 answers

Is it possible to have 2 left ids in strongswan?

I need my strongswan server to operate on 2 domain names . ipsec.conf currently contains : leftid=@sub.domain.com How can I add another domain ? Is this syntax gonna work? leftid=@sub.domain.com,@sub2.domain.com Below is the current config…
master lfc6
  • 27
  • 2
  • 7
0
votes
1 answer

Strongswan swanctl profile for native Android IKEv2 IPsec

Android 11 seems to support IKEv2/IPsec now, so I'm attempting to build a roadwarrior swanctl profile for it. So far I'm getting as far as having an SA established, but then immediately deleted. Any advice? The Android VPN profile has: Type:…
blee
  • 245
  • 4
  • 18
0
votes
1 answer

Does ikev1 or ikev2 support a no-authentication option? If so, how can I enable that in strongswan?

For testing purposes, I want to setup an ipsec tunnel using IKEv1 or v2 (preferably v2) that does not require any authentication - so just using the protocol to agree on the secret-keys of the ipsec tunnel and skipping the authentication. Is such an…
xeyipes
  • 15
  • 2
1 2 3
28 29