Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [strongswan]

strongSwan is an open source, multi-platform IPsec-based VPN solution, with IKEv2 & IKEv1 support

strongSwan is an open source, multi-platform -based solution, with IKEv2 & IKEv1 support.

More information can be found on strongswan.org.

435 questions
3
votes
1 answer

TS_UNACCEPTABLE when trying to connect a client to a host on Strongswan

I have a server hosted on ip I have a personal computer at home, behind a router. The box public ip is . The client has a local ip on the router's subnet which is called . Server is on ubuntu 18.04, local computer is…
Dazounet
  • 45
  • 1
  • 8
3
votes
1 answer

StrongSwan/IPSec: Manually trigger a rekey

I'm trying to test the performance of my StrongSwan RoadWarrior setup (The standard one found here). As part of this testing, I need to make sure it re-keys properly. I'm not all that familiar with IPSec, but is there a way to manually trigger a…
Will Nilges
  • 67
  • 1
  • 9
3
votes
1 answer

strongSwan client does not retry connecting to VPN server after the server has rebooted

Here’s my current ipsec.conf. What do I need to change to make sure the client retries connecting to server indefinitely. $ cat /etc/ipsec.conf conn %default ike=aes256gcm16-sha384-modp3072! esp=aes256gcm16-sha384-modp3072! conn ikev2 …
sunknudsen
  • 701
  • 3
  • 14
  • 28
2
votes
1 answer

IKEV2 IPSEC Autostart, restart, daemon

I use strongswan for IKEV2 and IPSEC. And i don't know how to keep it updated, and running on change restart etc. For starting service i use: systemctl status strongswan Afer that i need to type ipsec up vpn When 1 side was disconect from network…
ONLINE TELEKOM
  • 21
  • 1
  • 4
2
votes
1 answer

IPSec in IPSec with strongswan

I have server connected with remote LAN1 over IPSec tunnel. Now I want to setup second tunnel to LAN2 which is connected to router in LAN1, so I need to create Ipsec tunnel inside existing ipsec tunnel: LAN0 -- server -- internet -- GW1 -- LAN1 --…
Jarek
  • 121
  • 1
2
votes
2 answers

How to configure IPsec (strongswan) interface, so that only assigned interface gets virtual ip?

I have already used this configuration a bunch of times and I haven't had this problem before. Basically I establish the tunnel connection, but after connecting (with swanctl --initiate --child ch_vti0 --ike ch_vti0) I get my virtual ip assigned on…
Kostadin Krushkov
  • 145
  • 1
  • 3
  • 8
2
votes
1 answer

Ipsec tunnel established, but no traffic or ping possible

I have already searched for hours on this and many other sites and even though people have had similar issues, I haven't found one that can fix my problem. I am trying to configure an IPsec tunnel from my computer to a virtual machine on a server…
Kostadin Krushkov
  • 145
  • 1
  • 3
  • 8
2
votes
1 answer

AWS IPSec VPN Server

I've setup a EC2 instance within my VPC which I use to run a IPSec VPN server using libreswan. I'm able to connect to the VPN server from windows, but once I do so I'm unable to access other EC2 instances within the same VPC which run various other…
Jyo Jena
  • 21
  • 2
2
votes
2 answers

Strongswan with letsencrypt certificates (IKEv2-EAP)

I am configuring Strongswan server for VPN clients to access internal network (EAP-IKEv2). I set it up successfully using self-signed server certificates and it works for clients using Mac OS X, Windows 7 and Windows 10 after adding ca.crt to the…
ahes
  • 95
  • 1
  • 2
  • 10
2
votes
0 answers

How do I route internet traffic through an established L2TP connection?

I am struggling to connect and, more importantly, route traffic from an Ubuntu server (this means that Network-Manager and any GUI tools are out of the question) to an L2TP-IPSec VPN server running on another Ubuntu machine in a completely different…
LLlAMnYP
  • 213
  • 1
  • 2
  • 7
2
votes
3 answers

FreeRadius return User Groups in Class field

I use strongSwan to authenticate against FreeRadius which it does but now I need FreeRadius to return the user's groups in the Class field so they can be checked by strongSwan [1]. I'm using winbind and ntlm_auth on freeradius to authenticate users,…
Christian
  • 796
  • 3
  • 13
  • 31
2
votes
1 answer

Can't connect to ipsec server running in docker behind firewall

I have a setup which I dont think is very difficult but cant get it to work. Working setup: An ipsec server running in a docker connected directly to internet. The clients can connect. Not working setup: An ipsec server running in a docker…
BTR Naidu
  • 627
  • 1
  • 7
  • 14
2
votes
1 answer

VPN server using StrongSwan "no matching peer config found" - what does it mean?

I have an AWS server running Ubuntu that has a pptpd server for VPNs, and many clients with different credentials. It works great. But apparently I'm not supposed to be using that any more, I'm supposed to be using ipsec. I'm trying this out on a…
Matthew Exon
  • 135
  • 1
  • 6
2
votes
0 answers

Bandwidth control with TC for clients yet to be connected

I have applied bandwidth control using TC and iptables using this tutorial on my Strongswan VPN server. The bandwidth control works fine ONLY if that specific client is already connected. For example: In my Strongswan VPN server, i am trying to…
Ajji
  • 131
  • 7
2
votes
0 answers

Open ports to only to VPN clients connected via IKEv2 (strongswan)

I have a server which I VPN into using strongswan with a IKEv2 setup and it works as expected. This setup assigns my client machine a IP in the 10.10.10.0/24 range. What I'd like to be able to do is open all ports to the server from clients…
daaku
  • 211
  • 1
  • 7
1 2 3
28 29