strongSwan is an open source, multi-platform IPsec-based VPN solution, with IKEv2 & IKEv1 support
strongSwan is an open source, multi-platform ipsec-based vpn solution, with IKEv2 & IKEv1 support.
More information can be found on strongswan.org.
Questions tagged [strongswan]
435 questions
0
votes
0 answers
ipsec statusall displays connecting also after tunnel created
I successfully created a site to site VPN connection (named SAVE) with StrongSwan and it appears working fine.
What bothers me is that the output of ipsec statusall in the Security Association section keeps displaying a CONNECTING entry and I don'…
Ascanio Orlandini
- 33
- 4
0
votes
1 answer
If an IPv4-only VPS hosts a VPN that assigns IPv4 and IPv6 addresses to clients, can IPv6 traffic be routed through IPv4?
I know very little about IPv6.
Many privacy-focused hosting providers don’t support IPv6 yet.
If I host a strongSwan VPN on an IPv4-only VPS, can IPv6 traffic be routed through IPv4?
sunknudsen
- 701
- 3
- 14
- 28
0
votes
1 answer
Stongswan and Libreswan in Centos
I have a server running stongswan with one VPN connection.
Can I add another VPN connection Via Libreswan on the same server?
So the server will run both Strongswan and Libreswan.
Regards,
Michael
Mike
- 1
0
votes
1 answer
What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?
Everything works fine over Wi-Fi.
I tried disabling IPv6 using a provisioning profile.
I tried on two different devices (iPhone 6 and current iPhone SE) using the same VPN provisioning profile (each device on its own LTE carrier).
sunknudsen
- 701
- 3
- 14
- 28
0
votes
1 answer
How to fix strongSwan "no address range available for DHCP request via" error?
I am using the DHCP plugin with dnsmasq.
$ cat /etc/dnsmasq.d/01-dhcp-loopback.conf
interface=lo
dhcp-range=10.0.2.10,10.0.2.254,255.255.255.0
port=0
$ cat /etc/ipsec.conf
config setup
charondebug="ike -1, knl -1, cfg -1"
uniqueids=never
conn…
sunknudsen
- 701
- 3
- 14
- 28
0
votes
0 answers
Are devices connected to strongSwan servers that don’t support IPv6 vulnerable to IPv6 leaks?
According to some tests on iOS using Firefox and ipleak.net, doesn’t look like it. Does strongSwan mitigate this properly?
$ cat /etc/ipsec.conf
config setup
charondebug="ike -1, knl -1, cfg -1"
uniqueids=never
conn ikev2
auto=add
…
sunknudsen
- 701
- 3
- 14
- 28
0
votes
1 answer
What VPN configuration do I need to connect an AWS VPC to a VPN using strongSWAN?
I need to connect the system I'm helping develop that's deployed on AWS to another system through a VPN. Looking at the remote system VPN configuration I saw that it is based on a linux machine running strongSWAN. The authentication is done through…
Juan Vega
- 113
- 2
0
votes
0 answers
Is it possible to setup site-to-stie VPN for cloud instance to on-premise VPN?
I have instance in cloud (alicloud - very similar to AWS) that need to establish IPVPN connection to a destination server. However, the dest VPN server limits the incoming IP to only 192.168.40.34. As such, we need to use NAT behind IPVPN. We can…
abubin
- 21
- 1
- 3
0
votes
2 answers
StrongSwan: manually expire security association
I am working on automating some software tests involving IPSec and StrongSwan. These tests basically apply a swanctl.conf file to two gateway machines, then establish a tunnel between them. It then checks that the tunnel is encrypted and reports…
Will Nilges
- 67
- 1
- 9
0
votes
0 answers
freeradius and configure eap or pap with rest
free radius and configure eap or pap with rest
i want use strongswan with free radius and rest module,
i see sql and eap work together,
how can configure eap with rest ?
the important part is strongswan not send password to radius server.
server os…
user3652881
- 1
- 1
0
votes
2 answers
How to implement a strongSwan killswitch on Linux?
I am using PF as the killswitch on macOS (see this).
Using PF is possible because the ipsec connection has it’s own interface (ipsec0).
How can I implement something similar on Linux given the ipsec connection is on the same interface as ethernet?
sunknudsen
- 701
- 3
- 14
- 28
0
votes
0 answers
how conncet ibsng as redius server to strongswan
I want to use ibsng (on centos 6) as a Radius server and manage my strongswan accounts (on centos 7).
https://wiki.strongswan.org/projects/strongswan/wiki/EapRadius
I made these settings and set up the IP server and secret.
ibsng (centos…
user3652881
- 1
- 1
0
votes
0 answers
Can one use a MySQL backend for user authentication in a strongswan VPN server (new)?
We have installed and configured a strongswan VPN server with username / password authentication. Is it possible to store the users' credentials in a MySQL backend and configure strongswan to use the backend for this purpose?
this is old question…
user3652881
- 1
- 1
0
votes
1 answer
strongSwan client can connect to the internet (through the VPN) but cannot SSH to VPN server or other clients on the VPN subnet
I wrote a strongSwan guide a while back which I followed.
I then installed isc-dhcp-server and configured strongSwan for DHCP.
Everything works fine except clients cannot SSH to the VPN server or other clients on the VPN subnet (10.0.2.0/24).
I…
sunknudsen
- 701
- 3
- 14
- 28
0
votes
0 answers
How can decide no ping with site-to-site VPN on Strongswan?
I have 2 Linux routers in two different geographic location.
And I want to create a site-to-site tunnel between these Linux-routers.
I use Strongswan. The tunnel successfully up, but ping between private IP's doesn't work.
The config on a router…
perrfect
- 65
- 1
- 7