Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [strongswan]

strongSwan is an open source, multi-platform IPsec-based VPN solution, with IKEv2 & IKEv1 support

strongSwan is an open source, multi-platform -based solution, with IKEv2 & IKEv1 support.

More information can be found on strongswan.org.

435 questions
2
votes
1 answer

Configure StrongSwan to work with DHCP

I have implemented a StrongSwan VPN server and would like to configure it to dynamically assign IPs to the end client. The VPN works if I give it an IP range however not if I set it to DHCP. This is my dhcp.conf file: dhcp { # Always use the…
Shane
  • 163
  • 1
  • 11
2
votes
0 answers

Virtual IP Pool for NAT with StrongSwan VPN

I'm trying to wrap my head around a site-to-site VPN configuration using StrongSwan that will allow remote sites to connect to our AWS VPC. The catch is, the remote gateways will potentially be using the same subnet as the VPC and they will not be…
anders
  • 191
  • 2
  • 8
2
votes
1 answer

Strongswan transport mode ipsec within subnet

Is there any way to configure strongswan to automatically start encryption to a given subnet rather than specific host? For example, if I know that my hosts at w.x.y.z/28 will be have the same PSK configured. I'd like to configure all of them in one…
viraptor
  • 1,296
  • 6
  • 21
  • 41
2
votes
1 answer

Is there a way to use an external program to authenticate XAuth with StrongSwan IPSec?

I'm currently using StrongSwan for my iOS devices to connect. I was wondering if there is a way to use an external program for XAUTH? I currently have the following configuration: : RSA server.pem test : XAUTH "thisisatestpassword" What I want to…
hackerdiehack
  • 123
  • 2
2
votes
0 answers

Strongswan ipsec <--> iPhone, can't access LAN

I'm trying to connect to my LAN with iPhone, using Cisco IPsec VPN connection. I can connect to VPN, but I can't access any LAN devices. Hardware/Software: Strongswan 5.0.4, running on router - Asus RT-AC66U Firmware:3.0.0.4.374.34_2 (Merlin…
OldFox
  • 121
  • 3
2
votes
1 answer

strongSwan server with Windows 7 clients doesn't route traffic

I have a server running strongSwan on an Amazon EC2 instance that I want to connect to with Windows 7. The strongSwan server is on a private network (IP address 172.16.1.15 on the network 172.16.0.0/17) and has traffic forwarded to its private…
Micah R Ledbetter
  • 513
  • 1
  • 5
  • 19
2
votes
1 answer

StrongSwan outputs in log "certificate status is not available"

Wha does the warning certificate status is not available in charon.log mean? 16[CFG] certificate status is not available 16[CFG] reached self-signed root ca with a path length of 0 Everything works, I just want to understand what it means.
Evan Carroll
  • 2,373
  • 10
  • 34
  • 53
2
votes
1 answer

How do I resolved "Error 13843: Invalid Payload Received."?

When Windows 8 tries to connect to my Strongswan VPN I get the following error, Error 13843: Invalid Payload Received. I'm not sure how to resolve it or what causes it. My charon log has this, 15[IKE] IKE_SA roadwarrior[2] established between…
Evan Carroll
  • 2,373
  • 10
  • 34
  • 53
2
votes
2 answers

strongSwan - how do i generate pre shared keys?

I'm using the strongswan documentation right here I've added to /etc/ipsec.secrets the following line: : RSA moonKey.pem "SomePwd" however i don't know how to create moonKey.pem. Any ideas? this is a follow up question to this one: strongSwan ipsec…
lurscher
  • 172
  • 1
  • 3
  • 17
2
votes
1 answer

strongSwan ipsec setup, couple of questions

i am trying to setup a IPsec bridge between my home network and my office network. I want to use StrongSwan to encrypt the traffic as IPsec i am trying to follow this guide A brief description of the networks: the office network has 3 machines…
lurscher
  • 172
  • 1
  • 3
  • 17
2
votes
1 answer

AWS/Strongswan-Ubuntu Site to Site Tunnel Cannot Ping Remote

Ubuntu (Linode) Strongswan 5.6.2 Connecting to AWS (site to site). I can ping from AWS endpoint to Ubuntu VPN. I cannot ping from AWS endpoint to Ubuntu endpoint. I cannot ping from Ubuntu VPN to AWS anything. Ubuntu (VPN) public: 1.2.3.4 |…
BritanyTaylor
  • 36
  • 3
2
votes
0 answers

ipsec duplicate policies: allow and block

I'm trying to set up u IPsec connection between two virtual machines using Strongswan. The configuration on my first machine is the following (ipsec.conf): conn %default ikelifetime=60m keylife=20m rekeymargin=3m keyingtries=1 …
nightcrawler
  • 31
  • 2
2
votes
0 answers

VPN traffic routing issue between two VPN connections - AWS and Generic IKEv2 / libreswan

Have several sites, one of them acts as intermediary router between two: AWS VPC (10.10.0.0/24) Libreswan VPN Server (10.20.0.0/24) Mikrotik VPN Router (10.30.0.0/24) host1 resides at AWS VPC, host2 is connected to Mikrotik VPN's are up, each…
GioMac
  • 4,544
  • 4
  • 27
  • 41
2
votes
1 answer

Wrong IP address on VPN with StrongSwan

I have server with Ubuntu 20.04 and installed and working IKEv2 VPN with Strongswan. And i have one php system (installed on the same server with the VPN), that is locked by IP. So i'm using my VPN to get inside with my IP. (Yes i've added the VPN…
Nicox
  • 21
  • 2
2
votes
1 answer

StrongSwan VPN server not Connecting with Clients

Linux Server is Ubuntu 18.04 running in Google cloud. I followed the following excellent tutorial to configure StrongSwan server: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2 I…
deltamind106
  • 168
  • 1
  • 8
1 2 3
28 29